Full 9-phase workflow for complex features, epics, and security-critical changes (2-4 hours)
Manages MongoDB Atlas Stream Processing (ASP) workflows. Handles workspace provisioning, data source/sink connections, processor lifecycle operations, debugging diagnostics, and…
Atlassian Administrator for managing and organizing Atlassian products (Jira, Confluence, Bitbucket, Trello), users, permissions, security, integrations, system configuration, and…
Cross-domain composition attack on an agent system. Finds vulnerabilities where regulatory, operational, and security concerns meet — where single-domain analysis misses compound…
White-hat exploit development for Pact 5 smart contracts. Design and execute attack scenarios to verify security controls on KDA-CE devnet.
Analyze MITRE ATT&CK T1218.012 Verclsid in the enterprise matrix. Use for TTP triage, detection engineering, hunting, defensive emulation planning, mitigations, incident response…
Analyze MITRE ATT&CK T1572 Protocol Tunneling in the enterprise matrix. Use for TTP triage, detection engineering, hunting, defensive emulation planning, mitigations, incident…
Analyze MITRE ATT&CK T1583.006 Web Services in the enterprise matrix. Use for TTP triage, detection engineering, hunting, defensive emulation planning, mitigations, incident…
Use during the runtime adversarial pass — attack the build the way real users (and bad actors) actually behave: malformed input, concurrency, network failure, refresh/back,…
Looks up OWASP Top 10 attack methods, CWE references, and form-specific vulnerability patterns with a bounty hunter mindset.
Analyze MITRE ATT&CK T1461 Lockscreen Bypass in the mobile matrix. Use for TTP triage, detection engineering, hunting, defensive emulation planning, mitigations, incident response…
Analyze MITRE ATT&CK T1617 Hooking in the mobile matrix. Use for TTP triage, detection engineering, hunting, defensive emulation planning, mitigations, incident response mapping,…
Generates strategic attack trees and kill chains from reconnaissance data or domain input. Maps MITRE ATT&CK TTPs, identifies chaining opportunities, trust relationships, and…
Attack Surface Analyzer - Auto-activating skill for Security Advanced. Triggers on: attack surface analyzer, attack surface analyzer Part of the Security Advanced skill category.
Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.
Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.
Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.
Secure Attio API integrations -- token scoping, secret management, scope auditing, webhook signature verification, and rotation procedures.
APRA CPS 234 expert for Australian prudential information security. Reference-depth framework plugin with scope determination, evidence checklist, and SCF-backed assessment…
Comprehensive security and code quality audit. Use for thorough security, vulnerability, and code quality analysis. Related: project-health-checker for quick diagnostic checks.
Run the four quality-audit skills in parallel against one ref — audit-security, audit-money, audit-tenant, audit-contracts.
Gate deploy on a security audit and invariant tests across the top vuln classes — deploy is irreversible. Reach for this before any mainnet go-live.
Run targeted AWS, Azure, or GCP security and compliance audits when an agent needs actionable cloud findings instead of a generic cloud-security platform overview.
Codequalitäts-Audit für die Speicher Analyse Tauri-App (React + Vite + TypeScript Frontend). Prüft Security, Performance, WCAG-Kontrast, Tauri-Best-Practices und…
Enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability or bug finding. — from Avi977/ace-claude-toolkit
Enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability or bug finding. — from security/compliance
Run npm audit and check for outdated/vulnerable dependencies. Returns structured output with vulnerability counts by severity, outdated packages, and recommended updates.
Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues.
Interactive system flow tracing across CODE, API, AUTH, DATA, NETWORK layers with SQLite persistence and Mermaid export.
Inspect and flush staged audit-trail entries to the remote trail repository. Use when the user asks to "flush audit trail", "show what's pending in audit trail", "dry-run audit…
Run a focused security pass on GitHub Actions workflows before merge so token misuse, dangerous permissions, and unpinned actions are caught early.
This ASE skill uses zizmor to audit GitHub Actions workflows and composite actions for security mistakes before they ship.
Shared audit integrity framework for all AppSec agents — enforces output quality, intellectual honesty, and continuous improvement through anti-rationalization guards,…
Comprehensive audit logging for compliance and security. Track user actions, data changes, and system events with tamper-proof storage.
Run comprehensive parallel audit — dispatches specialized agents by scope (frontend, backend, infra, security)
Prepare Solidity projects for a security audit — test coverage, test quality, NatSpec docs, code hygiene, dependency health, best-practice enforcement, deployment readiness, and…
Prepares codebases for security review using Trail of Bits' checklist. Helps set review goals, runs static analysis tools, increases test coverage, removes dead code, ensures…
Prepare your codebase for security review using Trail of Bits' checklist. Helps set review goals, runs static analysis tools, increases test coverage, removes dead code, ensures…
Scan Python requirements and environments for known vulnerable or malicious packages before they move further through delivery or promotion workflows.
Check Python environments and requirements files for published vulnerabilities before shipping, upgrading, or approving dependency changes.
Reviews pull requests for compliance regressions. Scans code diffs for security and compliance violations, flags issues, and suggests fixes aligned with frameworks like SOC 2, ISO…
Template and formatting guidelines for security audit reports. Provides consistent structure for findings, severity classification, ASVS mapping, and remediation recommendations.
Quick security audit checking for hardcoded secrets, SSRF vectors, injection points, dependency issues, and missing security headers
Use when adding packages, bumping versions, or responding to security alerts. Enforces supply chain security and vulnerability remediation.
Expert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated…
Audit Trail Helper - Auto-activating skill for Enterprise Workflows. Triggers on: audit trail helper, audit trail helper Part of the Enterprise Workflows skill category.
Fuehrt das Audit-Trail-Protokoll des Wuerfels — jeder Reviewlauf jede Prompt-Aenderung jede Pruefer-Abnahme jeder Cache-Treffer jede Hash-Pruefung wird unveraenderlich…
Comprehensive guide to implementing audit trails and logging for AI agents including tracing, observability, compliance, and debugging
Audit websites for SEO, technical, content, and security issues using squirrelscan CLI. Returns LLM-optimized reports with health scores, broken links, meta tag analysis, and…
Workflow полного health check проекта. Architecture → Security → Quality → Report → (Fix). Use before major release or onboarding.
Audit and enable security-oriented Xcode build settings. Progressively enables compiler warnings, static analyzer checkers, and Enhanced Security features.
Audit access control implementations for security vulnerabilities and misconfigurations. Use when reviewing authentication and authorization.
Use right after `board-superpowers:classifying-actions` returns a decision, every time a board-superpowers skill is recording what it is about to do or what it just did.
Screens transaction data for suspicious patterns using red flag typologies and structures SAR narrative elements.
Use when targeting 《审计与经济研究》(Auditing and Economics Research — 南京审计大学主办、专家匿名审稿、不收审稿费/版面费的审计经济双月刊) or deciding whether a Chinese auditing/accounting/econ manuscript fits this…
Systematically audit AWS S3 bucket permissions to identify publicly accessible buckets, overly permissive ACLs,
Auditing Microsoft Entra ID (Azure Active Directory) configuration to identify risky authentication policies,
Audits the security posture of a CockroachDB cluster (Cloud or self-hosted) across network, authentication, authorization, encryption, audit logging, and backup dimensions.
Audit code against OWASP Top 10 vulnerabilities with structured findings. Use when reviewing code for security issues or conducting security audits.
Reviews coded encounters for accuracy using OIG compliance guidelines and CMS documentation requirements.