Loading...
Loading...
Found 67 Skills
Security guidelines for writing secure code. Use when writing code, reviewing code for vulnerabilities, or asking about secure coding practices like "check for SQL injection" or "review security".
Scan code repositories for security threats including data exfiltration, backdoors, malicious code injection, dependency chain risks, and sensitive file access. Use this skill when users want to audit a codebase (especially TypeScript/JavaScript/Node.js projects) for security vulnerabilities, detect hidden malware, review npm dependencies for supply-chain attacks, check for credential leaks, or perform a pre-deployment security review. Triggers on requests like "scan for malicious code", "security audit", "check for backdoors", "review dependencies for vulnerabilities", "detect data exfiltration".
Security & compliance skill suite providing OWASP scanning, CVE detection, GDPR/SOC2 audits, threat modeling, and incident response workflows for AI coding agents
Full STRIDE-A threat model analysis and incremental update skill for repositories and systems. Supports two modes: (1) Single analysis — full STRIDE-A threat model of a repository, producing architecture overviews, DFD diagrams, STRIDE-A analysis, prioritized findings, and executive assessments. (2) Incremental analysis — takes a previous threat model report as baseline, compares the codebase at the latest (or a given commit), and produces an updated report with change tracking (new, resolved, still-present threats), STRIDE heatmap, findings diff, and an embedded HTML comparison. Only activate when the user explicitly requests a threat model analysis, incremental update, or invokes /threat-model-analyst directly.
Scan your Claude Code configuration (.claude/ directory) for security vulnerabilities, misconfigurations, and injection risks using AgentShield. Checks CLAUDE.md, settings.json, MCP servers, hooks, and agent definitions.
Continuous security vulnerability scanning for OWASP Top 10, common vulnerabilities, and insecure patterns. Use when reviewing code, before deployments, or on file changes. Scans for SQL injection, XSS, secrets exposure, auth issues. Triggers on file changes, security mentions, deployment prep.
Detect API keys, passwords, tokens, and other secrets in code. Use when you need to find hardcoded credentials and sensitive data in source code.
AI-powered codebase security scanner that reasons about code like a security researcher — tracing data flows, understanding component interactions, and catching vulnerabilities that pattern-matching tools miss. Use this skill when asked to scan code for security vulnerabilities, find bugs, check for SQL injection, XSS, command injection, exposed API keys, hardcoded secrets, insecure dependencies, access control issues, or any request like "is my code secure?", "review for security issues", "audit this codebase", or "check for vulnerabilities". Covers injection flaws, authentication and access control bugs, secrets exposure, weak cryptography, insecure dependencies, and business logic issues across JavaScript, TypeScript, Python, Java, PHP, Go, Ruby, and Rust.
AI agent skill for using deepsec, the agent-powered security vulnerability scanner for large codebases
Run Gitleaks to detect hardcoded secrets in git repositories. Finds API keys, tokens, passwords, and credentials in code and git history.
Expert in detecting private information, secrets, API keys, credentials, and sensitive data in codebases before open sourcing
Check any AI agent codebase against the OWASP Agentic Security Initiative (ASI) Top 10 risks. Use this skill when: - Evaluating an agent system's security posture before production deployment - Running a compliance check against OWASP ASI 2026 standards - Mapping existing security controls to the 10 agentic risks - Generating a compliance report for security review or audit - Comparing agent framework security features against the standard - Any request like "is my agent OWASP compliant?", "check ASI compliance", or "agentic security audit"