Teaches agents to recognize and avoid security threats during normal activity. Covers phishing detection, credential protection, domain verification, and social engineering…
Score 85/100
Run Semgrep static analysis scan on a codebase using parallel subagents. Supports two scan modes — "run all" (full ruleset coverage) and "important only" (high-confidence security…
Score 85/100
Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.
Score 85/100
Identifies error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes.
Score 85/100
Identifies dependencies at heightened risk of exploitation or takeover. Use when assessing supply chain attack surface, evaluating dependency health, or scoping security…
Score 85/100
Automated technical architecture review, security assessment, scalability analysis
Score 85/100
Scans and analyses third-party dependencies and IaC configurations for security vulnerabilities.
Score 85/100
Continuous vendor security monitoring for security ratings, breach notifications, and risk change detection
Score 85/100
Automated vendor security assessment through questionnaire generation, response parsing, and risk scoring
Score 85/100
Provides web vulnerability testing methodology distilled from 88,636 real-world cases from the WooYun vulnerability database (2010-2016).
Score 85/100
Write and test YARA rules for malware detection and threat hunting. Use when creating YARA signatures, detecting malware families, scanning files or memory for indicators of…
Score 85/100
Delete a secret. Requires authentication. Use for Agentuity cloud platform operations
Score 80/100
Get a secret value. Requires authentication. Use for Agentuity cloud platform operations
Score 80/100
Import secrets from a file to cloud and local .env. Requires authentication. Use for Agentuity cloud platform operations
Score 80/100
Set a secret. Requires authentication. Use for Agentuity cloud platform operations
Score 80/100
Enforce Input/Output Guardrails at the LLM Gateway layer — PII redaction, Prompt Injection defense, Jailbreak detection, Toxicity filter, and Tool Allow-list.
Score 80/100
Generate CI/CD pipeline (GitHub Actions / GitLab CI) with linting, static analysis, tests, security. Use when user says "ci", "setup ci", "github actions", "gitlab ci", "pipeline".
Score 80/100
Perform code review on staged changes or a pull request. Checks for bugs, security issues, performance problems, and best practices.
Score 80/100
Security audit checklist based on OWASP Top 10 and best practices. Covers authentication, injection, XSS, CSRF, secrets management, and more.
Score 80/100
Assesses and rates quality 0-10 across multiple dimensions (correctness, maintainability, security, performance, testability, simplicity) with pros/cons analysis.
Score 80/100
Generate SITF-compliant attack flow JSON files from attack descriptions or incident reports. Use when analyzing supply chain attacks, breaches, or security incidents.
Score 80/100
Composite: security audit -> production upgrade -> self-evaluation. Use when user says 'audit', 'check the codebase', 'find and fix issues', or 'is this production-ready'.
Score 80/100
Single-pass codebase analysis leveraging Opus 4.6 1M context for comprehensive security scanning, architecture review, and dependency auditing.
Score 80/100
Audits existing table permissions on a Power Pages site by analyzing them against site code and Dataverse metadata.
Score 80/100
Comprehensive audit capabilities for security, code quality, module structure, compliance, and performance analysis.
Score 80/100
모든 사용자 발화·agent 행동·phase 전환·gate 판정을 ISO 8601 타임스탬프와 함께 감사 로그에 기록한다. 사용자 입력은 축약·요약 없이 verbatim blockquote로 보존하며, SOC2·ISMS-P 감사 요구사항에 매핑되는 보존 정책(30·90·365일)을 프로젝트별로 선택한다.
Score 80/100
Use this skill to verify milestone achievement against its definition of done, checking requirements coverage, cross-phase integration, and end-to-end flows.
Score 80/100
Analyzes a single web page URL for SEO quality, identifying issues with title tags, meta descriptions, heading structure, and content.
Score 80/100
Use when: auditing a website URL or codebase, checking site health score, SEO audit, performance audit, security scan, accessibility audit, mobile audit, broken links, meta tags,…
Score 80/100
All-in-one fullstack dev engine. /aura: 46 modes (build/fix/clean/deploy/review/spec/lore/ax/experiment/payment/debug/qa/orchestrate/escalate+), 6-layer security with 32 hooks,…
Score 80/100
Audit authentication and authorization patterns. Checks JWT, sessions, OAuth2, PKCE implementations for security best practices and common vulnerabilities.
Score 80/100
Use when: billing audit, subscription lifecycle review, Stripe/Paddle integration check, webhook security, payment form CSRF, pricing centralization, webhook idempotency, billing…
Score 80/100
Generate contextual briefings for legal work — daily summary, topic research, or incident response. Use when starting your day and need a scan of legal-relevant items across…
Score 80/100
Captures a validated learning into the Memory Graph (SQLite). Invoke when: a bug is resolved non-obviously, a pattern is discovered, the user corrects a mistake, or a solution…
Score 80/100
Comprehensive codebase cleanup across 11 quality dimensions: dead code, duplication, weak types, circular deps, defensive cruft, legacy code, AI slop, type consolidation,…
Score 80/100
Audits the entire codebase for bugs, security vulnerabilities, CLAUDE.md violations, dead code, duplicate code, and test quality issues.
Score 80/100
Use when you need a comprehensive code review combining architecture, security, and test perspectives - especially before merging, releasing, or after major changes.
Score 80/100
n8n credential types, REST API credential management, HTTP Request node authentication, predefinedCredentialType vs genericCredentialType, httpCustomAuth JSON format, credential…
Score 80/100
Package an escalation for engineering, product, or leadership with full context. Use when a bug needs engineering attention beyond normal support, multiple customers report the…
Score 80/100
Research CVEs and security advisories for project dependencies. Uses Exa, NVD API, OSV.dev, and GitHub Advisory Database to find known vulnerabilities.
Score 80/100
Search for exploits across all vulnerabilities with filtering by ecosystem, severity, source, and EPSS
Score 80/100
Verifies that git commits address security audit findings without introducing bugs. This skill should be used when the user asks to "verify these commits fix the audit findings",…
Score 80/100
Cross-agent self-inspection of your AI-agent stack. Audits skills, MCP servers, hooks, plugins, commands, credentials, and memory files across Claude Code, Codex, OpenClaw, and…
Score 80/100
Fast single-pass FXA-specific commit review covering security, conventions, logic/bugs, tests, and migrations. No subagents — runs directly in the main context.
Score 80/100
Enforce secure GitHub Actions posture with least-privilege tokens, pinned dependencies, runner risk controls, and workflow supply-chain checks.
Score 80/100
Initialize a threat hunting case from a signal, detection, intel lead, or analyst suspicion
Score 80/100
Initialize a threat hunting program with an environment map, tool inventory, huntmap, and empty execution directories
Score 80/100
Create phase plans for a threat hunt with exact telemetry tasks, receipts, and query outputs
Score 80/100
Full-power feature implementation using parallel subagents for backend, frontend, testing, and security.
Score 80/100
Run the Vibe Innovation Framework mini-gate assessment to scope, justify, and execute a loop-back. Use when evidence in the current phase suggests an earlier phase's output is…
Score 80/100
Reviews or implements Spring Security configuration — JWT authentication, OAuth2, method-level security, CORS, and CSRF.
Score 80/100
Quick OWASP security scan for injection risks, hardcoded secrets, weak crypto, and Spring Security misconfigs.
Score 80/100
Manage and interact with MisarDefender — the local macOS security daemon. Use when: checking security daemon status, viewing security events, starting/stopping defender, scanning…
Score 80/100
Generate `op://` secret references for every field on a 1Password item. Output is ready to paste into a `.env` template.
Score 80/100
OpenAI Agents SDK (Python) development. Use when building AI agents, multi-agent handoffs, function tools, guardrails, sessions, streaming, or tracing with the `openai-agents` /…
Score 80/100
Parallel QA using agent teams for comprehensive multi-type testing. Spawns specialized QA agents that simultaneously run different test categories (unit, integration, lint,…
Score 80/100
Security forensics for git repos, AI skills, and MCP servers. Audits dependencies, detects prompt injection, credential theft, runtime dynamism, manifest drift, known CVEs, CISA…
Score 80/100
Use when code changes need review before merge - validates architecture, types, security, and test coverage.
Score 80/100
**WORKFLOW SKILL** — Risk awareness before action. USE FOR: assessing risks (security, data integrity, compatibility, operational, reversibility) of any task at variable depth.
Score 80/100
Scan codebase for security vulnerabilities, hardcoded secrets, injection flaws, misconfigurations, and attack surfaces.
Score 80/100