Loading...
Loading...
Found 3,339 Skills
Perform dynamic application security testing with OWASP ZAP, Burp Suite, and Nikto. Test running applications for security vulnerabilities through automated and manual testing. Use when testing web applications, APIs, or performing penetration testing.
Complete Claude Code hooks reference - input/output schemas, registration, testing patterns
Bootstrap new projects with strong typing, linting, formatting, and testing. Supports Python, TypeScript, and other languages with research fallback.
Build Spring Boot 4.x applications following best practices. Use when developing or modifying Spring Boot apps that use Spring MVC, Spring Data JPA, Spring Modulith, Spring Security, or Spring Boot testing including package structure, REST APIs, entities/repositories, service layer, modular monoliths, and REST API tests.
Comprehensive security auditing workflow covering web application testing, API security, penetration testing, vulnerability scanning, and security hardening.
Write readable, maintainable code through disciplined naming, small functions, and clean error handling. Use when the user mentions "code review", "naming conventions", "function too long", "code smells", or "readable code". Covers SRP, comment discipline, formatting, and unit testing. For refactoring techniques, see refactoring-patterns. For architecture, see clean-architecture.
Build production-ready MCP servers using FastMCP v3. Guides research, scaffolding, tool/resource/prompt implementation, testing, and deployment. Targets FastMCP 3.0.0rc2 with Providers, Transforms, middleware, OAuth, and composition. Use when creating MCP servers, integrating APIs via MCP, converting OpenAPI specs or FastAPI apps, or troubleshooting FastMCP issues. NOT for building REST APIs, CLI tools, or non-MCP integrations.
This skill should be used when the user asks to "validate a finding", "check if a vulnerability is real", "triage a security finding", "confirm a vulnerability", "determine if a finding is a true positive or false positive", or provides a security finding for review. It validates security vulnerability findings by tracing data flows, verifying exploit conditions, analyzing security controls, and optionally testing attack vectors against a live application.
Provides comprehensive guide for adding services to dependency injection Container using dependency-injector library patterns including Singleton vs Factory vs Dependency providers, override patterns for testing, and circular dependency detection. Use when creating new service, adding dependency to Container, debugging circular dependency errors, or wiring components for injection.
Automates Chrome browser workflows for testing web apps, debugging with console/network logs, extracting data, filling forms, and interacting with authenticated web applications (Google Docs, Gmail, Notion). Use when testing local web apps, debugging frontend issues, automating data entry, scraping web content, or working with authenticated services. Triggers on "test my web app", "check the console", "fill this form", "extract data from [URL]", "automate [browser task]", "open [authenticated app]", or debugging web application issues. Works with Chrome via Claude in Chrome extension (MCP tools: navigate, click, form_input, read_console_messages, read_network_requests, tabs_context_mcp, gif_creator).
Creates and manages Cloudflare Access service tokens for automated infrastructure verification and non-human access. Use when setting up automation, verification scripts, monitoring systems, or need to test services without Google OAuth. Triggers on "create service token", "setup automation access", "verify without OAuth", "automated monitoring", or "service token for testing". Works with Cloudflare Access Service Auth, .env credential storage, and cf-service-token.sh script for testing and management.
Browser automation and testing using Vercel's agent-browser CLI with ref-based element targeting