<span class="bg-clip-text text-transparent bg-gradient-to-r from-gray-900 via-gray-800 to-gray-900">All Skills

Security & Compliancealirezarezvani/claude-ski...

3 scripts/Checked

secrets-vault-manager

Use when the user asks to set up secret management infrastructure, integrate HashiCorp Vault, configure cloud secret stores (AWS Secrets Manager, Azure Key Vault, GCP Secret Manager), implement secret rotation, or audit secret access patterns.

3 scripts/Attention

testing-for-xxe-injection-vulnerabilities

Discovering and exploiting XML External Entity injection vulnerabilities to read server files, perform SSRF, and exfiltrate data during authorized penetration tests.

testing-for-email-header-injection

Test web application email functionality for SMTP header injection vulnerabilities that allow attackers to inject additional email headers, modify recipients, and abuse contact forms for spam relay.

testing-for-business-logic-vulnerabilities

Identifying flaws in application business logic that allow price manipulation, workflow bypass, and privilege escalation beyond what technical vulnerability scanners can detect.

performing-clickjacking-attack-test

Testing web applications for clickjacking vulnerabilities by assessing frame embedding controls and crafting proof-of-concept overlay attacks during authorized security assessments.

testing-android-intents-for-vulnerabilities

Tests Android inter-process communication (IPC) through intents for vulnerabilities including intent injection, unauthorized component access, broadcast sniffing, pending intent hijacking, and content provider data leakage. Use when assessing Android app attack surface through exported components, testing intent-based data flows, or evaluating IPC security. Activates for requests involving Android intent security, IPC testing, exported component analysis, or Drozer assessment.

Security & Complianceaffaan-m/everything-claud...

2 scripts/Attention

quarkus-security

Quarkus Security best practices for authentication, authorization, JWT/OIDC, RBAC, input validation, CSRF, secrets management, and dependency security.

Security & Compliancelinkfox-ai/linkfox-skills

linkfox-ruiguan-copyright

图片版权侵权检测与风险分析。当用户提到版权检测、版权核查、图片侵权检查、图片版权风险、版权相似度搜索、TRO风险分析、权利人查询、版权合规验证、copyright detection, image infringement, copyright risk, TRO risk, copyright lookup, infringement analysis, Ruiguan时触发此技能。即使用户未明确提及"版权"，只要其需求涉及检查图片是否可能侵犯已登记的版权作品，也应触发此技能。

Security & Compliancelinkfox-ai/linkfox-skills

2 scripts/Checked

linkfox-ruiguan-text-trademark

面向电商产品Listing的文字商标检测与侵权风险分析。当用户提到商标检测、商标风险检查、品牌侵权筛查、产品标题商标扫描、文字商标查询、Listing合规检查、知识产权风险评估、text trademark detection, trademark infringement, brand infringement screening, listing compliance, intellectual property risk, Ruiguan时触发此技能。即使用户未明确说"商标"，只要其需求涉及检查产品文本（标题、描述、五点描述）中是否包含可能侵权的商标，也应触发此技能。

Security & Compliancemembranedev/application-s...

bitwarden

Bitwarden integration. Manage security and password-management data, records, and workflows. Use when the user wants to interact with Bitwarden data.

Security & Complianceborghei/claude-skills

whistleblower-compliance

Audit whistleblower systems and draft compliant reporting policies. Use when assessing or building whistleblower programs.