Loading...
Loading...
Found 2,578 Skills
Toolkit for creating and validating skills and subagents. Use when: creating a new skill (fast or full mode), validating an existing skill, deciding Skills vs Subagents, migrating docs to skills, estimating token cost, or running a security scan. Triggers: "create skill", "build skill", "validate skill", "new subagent", "skills vs subagents", "estimate tokens", "security scan".
Create OPA governance policies for Harness via MCP. Define policies that enforce compliance rules on pipelines, services, environments, feature flags, artifacts, code repositories, templates, SBOM, security tests, Terraform, GitOps, connectors, secrets, and more. Use when asked to create, write, fix, or explain an OPA policy, Rego rule, deny rule, governance policy, compliance rule, or policy-as-code for any Harness entity. Trigger phrases: create policy, OPA policy, governance policy, compliance rule, rego policy, deny rule, enforce policy, security policy, supply chain governance.
Parallel read-only multi-agent review of a current git diff or explicit file scope to find behavioral regressions, security or privacy risks, performance or reliability issues, and contract or test coverage gaps. Use when the user asks for a review swarm, parallel review, diff review, regression review, security review, or wants high-signal issues plus a prioritized fix path without editing files.
Guides the agent through Capgo account lookup and organization administration. Use when listing organizations, managing members, changing security settings, or working with organization-level CLI commands. Do not use for OTA bundle uploads or native builds.
Authors, reviews, installs, and debugs GitHub Agentic Workflows in repositories, including workflow markdown, frontmatter, gh aw compile and run flows, safe outputs, security guardrails, and operational patterns. Use when creating or maintaining GH-AW automation. Don't use for standard deterministic GitHub Actions YAML, generic CI pipelines, or non-GitHub automation systems.
Translates Mermaid sequenceDiagrams describing cryptographic protocols into ProVerif formal verification models (.pv files). Use when generating a ProVerif model, formally verifying a protocol, converting a Mermaid diagram to ProVerif, verifying protocol security properties (secrecy, authentication, forward secrecy), checking for replay attacks, or producing a .pv file from a sequence diagram.
· Write, review, or architect CI/CD pipelines -- GitHub Actions, GitLab CI, Forgejo. Covers pipeline security, SHA pinning, SBOM, and runner configuration. Triggers: 'ci/cd', 'pipeline', 'github actions', 'gitlab ci', 'forgejo', '.github/workflows', 'runner', 'sha pinning'.
Solution skill for using WAF to protect web applications on ECS. Used for quickly deploying network environments including VPC, security groups, and ECS instances, and integrating WAF for web application protection. Trigger words: "WAF protection", "ECS web protection", "Web Application Firewall", "website security"
Query and handle security risk events from Alibaba Cloud Data Security Center. Supports viewing the list of unprocessed risk events and performing manual handling operations on risk events. Trigger words: "Data Security Center", "security risk events", "DSC", "risk handling", "DescribeRiskRules", "PreHandleAuditRisk"
Entry P1 category router for API security. Use when choosing between API recon, authorization, token abuse, and hidden-parameter workflows before any deeper API topic skill.
Android pentesting playbook. Use when testing Android applications for SSL pinning bypass, exported component abuse, WebView vulnerabilities, intent redirection, root detection bypass, tapjacking, and backup extraction during authorized mobile security assessments.
Design and implement smart contracts as self-executing programmatic agreements on blockchain. Use this skill when the user needs to build automated on-chain logic, evaluate smart contract security, or design tokenized business rules — even if they say 'smart contract development', 'automated agreement', or 'on-chain logic'.