Loading...
Loading...
Found 46 Skills
Security code review for vulnerabilities. Use when asked to "security review", "find vulnerabilities", "check for security issues", "audit security", "OWASP review", or review code for injection, XSS, authentication, authorization, cryptography issues. Provides systematic review with confidence-based reporting.
Master smart contract security with auditing, vulnerability detection, and incident response
Эксперт по bug bounty. Используй для поиска уязвимостей, написания отчётов, responsible disclosure и penetration testing.
Security vulnerability scanning using Trivy for ecommerce project. Scans dependencies, container images, and IaC. Blocks CRITICAL and HIGH severity. Triggers on "trivy", "vulnerability scan", "security scan", "container scan", "cve", "dependency scan", "npm audit", "docker scan", "security check". PROACTIVE: MUST invoke before committing code with new dependencies.
Discover and test Supabase Edge Functions for security vulnerabilities and misconfigurations.
GitHub Actions security review for workflow exploitation vulnerabilities. Use when asked to "review GitHub Actions", "audit workflows", "check CI security", "GHA security", "workflow security review", or review .github/workflows/ for pwn requests, expression injection, credential theft, and supply chain attacks. Exploitation-focused with concrete PoC scenarios.
Detect CVEs and security issues in project dependencies. Use when you need to analyze packages for known vulnerabilities across npm, pip, cargo, and other ecosystems.
Configure Static Application Security Testing (SAST) tools for automated vulnerability detection in application code. Use when setting up security scanning, implementing DevSecOps practices, or automating code vulnerability detection.
Identify security vulnerabilities through SAST, DAST, penetration testing, and dependency scanning. Use for security test, vulnerability scanning, OWASP, SQL injection, XSS, CSRF, and penetration testing.
Run Flawfinder SAST scans on C/C++ code. Detects buffer overflows, format string vulnerabilities, race conditions, and other memory safety issues.
Secret Scanner - Auto-activating skill for Security Fundamentals. Triggers on: secret scanner, secret scanner Part of the Security Fundamentals skill category.
Runs available security scanning tools against the current project and produces a consolidated markdown report. Auto-detects installed tools (gitleaks, semgrep, grype, npm audit, bandit, pip-audit, gosec, govulncheck, cargo audit, bundle-audit) and activates language-specific scanners based on project files. Gracefully skips missing tools and provides installation hints. By default scans the entire target directory. Pass --full to make the intent explicit (useful in workflows that combine full-codebase and diff-only scans). Use when running security scans, checking for vulnerabilities, detecting leaked secrets in git history, or validating security posture before commits or releases. Pairs with security-review for a complete security workflow.