Loading...
Loading...
Found 2,247 Skills
Comprehensive pre-merge validation checklist for Python/React pull requests. Use before approving or merging any PR. Covers code quality checks (linting, formatting, type checking), test coverage requirements, documentation updates, migration safety, API contract compatibility, accessibility compliance, bundle size impact, and deployment readiness. Provides a systematic checklist that ensures nothing is missed before merge. Does NOT cover security review depth (use code-review-security).
Ensure HIPAA compliance when handling PHI (Protected Health Information). Use when writing code that accesses user health data, check-ins, journal entries, or any sensitive information. Activates for audit logging, data access, security events, and compliance questions.
E2E Critical Coverage audit worker (L3). Validates E2E coverage for critical paths (Money 20+, Security 20+, Data 15+). Pure risk-based - no pyramid percentages.
Agent Skill: Security audit patterns (OWASP, CWE, CVSS) for any project. Deep automated PHP/TYPO3 scanning with 80+ checkpoints. Use when conducting security assessments, identifying vulnerabilities, or CVSS scoring. By Netresearch.
Use when comparing technology stacks, evaluating frameworks/providers, or assessing TCO, security, and ecosystem health for migration decisions.
Review Bun runtime security audit patterns. Use for auditing Bun-specific vulnerabilities including shell injection, SQL injection, server security, and process spawning. Use proactively when reviewing Bun apps (bun.lockb, bunfig.toml, or bun:* imports present). Examples: - user: "Review this Bun shell script" → audit `$` usage and argument injection - user: "Check my bun:sqlite queries" → verify `sql` tagged template usage - user: "Audit my Bun.serve() setup" → check path traversal and request limits - user: "Is my Bun.spawn() usage safe?" → audit command injection and input validation - user: "Review WebSocket security in Bun" → check authentication before upgrade
Blockchain smart contract specialist for Solidity, EVM, security patterns, and gas optimizationUse when "smart contract, solidity, ethereum, evm, contract, web3, gas optimization, upgradeable contract, reentrancy, solidity, ethereum, smart-contracts, evm, web3, blockchain, defi, nft, security, gas" mentioned.
Security Incident Report templates drawing from NIST/SANS. DDoS post-mortem, CVE correlation, timeline documentation, and blameless root cause analysis. Use when working with incident report, post-mortem, sir, ddos analysis, security reporting, root cause analysis, cve correlation, nist 800-61.
Build production-ready MCP clients in TypeScript or Python. Handles connection lifecycle, transport abstraction, tool orchestration, security, and error handling. Use for integrating LLM applications with MCP servers.
Modern security standards including Zero Trust Architecture, supply chain security, DevSecOps integration, and cloud-native protection
Run tfsec (now part of Trivy) to scan Terraform code for security misconfigurations. Deep HCL analysis with support for Terraform modules, variables, and expressions.
Run OWASP ZAP for Dynamic Application Security Testing. Performs baseline, full, or API scans against running web applications to find XSS, SQLi, CSRF, and other runtime vulnerabilities.