Implement secure data handling on Replit: PostgreSQL, KV Database, Object Storage, and data security patterns.
Score 70/100
Configure Replit Teams roles, SSO/SAML, custom groups, and organization-level access control. Use when setting up team permissions, configuring SSO, managing deployment access, or…
Score 70/100
Enforce security and resource policies for Replit-hosted apps: secrets exposure prevention, resource limits, deployment visibility, and database access controls.
Score 70/100
Apply Replit security best practices: Secrets management, REPL_IDENTITY tokens, Auth headers, and public Repl safety.
Score 70/100
Pre-clone security scanner — detect malicious hooks, poisoned MCP configs, credential-harvesting patterns before Claude Code processes repos
Score 70/100
Security audit for GitHub repositories before installation. Use when user wants to check if a repo/app is safe to install, review install scripts for malicious code, verify an…
Score 70/100
Repomix packs an entire code repository into a single AI-friendly file optimized for LLM consumption.
Score 70/100
Safely package codebases with repomix by automatically detecting and removing hardcoded credentials before packing.
Score 70/100
Take a suspected injectable request, replay it on an authorized target, confirm the finding, and enumerate reachable database actions before manual follow-up.
Score 70/100
Analyze and guide security incident response, investigation, and remediation processes. Use when you need to handle security breaches, classify incidents, develop response…
Score 70/100
Restic is a fast, secure, and efficient backup program supporting local, SFTP, S3, Azure, GCS, and many other storage backends.
Score 70/100
Retell AI security basics — AI voice agent and phone call automation. Use when working with Retell AI for voice agents, phone calls, or telephony.
Score 70/100
Audit retirement planning software for projection model accuracy, asset allocation by age, Social Security optimization, tax-advantaged account strategy, withdrawal sequencing…
Score 70/100
Pipeline automatica di reverse engineering per APK Android (Flutter e nativi). Fa preflight dei tool, scarica l'app dal device con adb, rileva se è Flutter o nativa, lancia il…
Score 70/100
Analyze YOU — not your content, but your unique knowledge intersections, unexploited strengths, hidden expertise, and personal competitive moat. Content-dna analyzes your output.
Score 70/100
Reverse engineers malicious Android APK files using JADX decompiler to analyze Java/Kotlin source code, identify
Score 70/100
Reverse engineers .NET malware using dnSpy decompiler and debugger to analyze C#/VB.NET source code, identify
Score 70/100
Reverse engineers malware binaries using NSA''s Ghidra disassembler and decompiler to understand internal logic,
Score 70/100
Reverse engineer ransomware encryption routines to identify cryptographic algorithms, key generation flaws, and
Score 70/100
Reverse engineer Rust-compiled malware using IDA Pro and Ghidra with techniques for handling non-null-terminated
Score 70/100
Configure human-in-the-loop gating for AI agent review actions in Claude Code. Use when setting up a project where an agent may post PR reviews, comments, merges, or edit CI…
Score 70/100
Comprehensive pre-release review pipeline. Runs /review-health, /review-arch, /review-security, /review-perf, /review-a11y, /review-test, /review-doc, and /review-release in…
Score 70/100
Use for security review of dependency updates — bumps, upgrades, or new dependencies.
Score 70/100
Sets the reviewer persona for all code review, security review, and /simplify agents. Default mood: strict. Persists for the session until changed.
Score 70/100
White-box security audit. Blue-teamer and lead red-teamer run in parallel isolation for an independent first pass — neither sees the other's output during reconnaissance.
Score 70/100
5-agent parallel review gate using agent teams. Spawns Goal Verification, QA Execution, Code Quality, Security Audit, and Context Mining teammates. ALL must pass.
Score 70/100
Automated code review and security linting integration for CI/CD pipelines using reviewdog. Aggregates findings from multiple security and quality tools (SAST, linters,…
Score 70/100
Run a layered quality gate over a code change — code quality, security audit, and architecture consistency, in that order.
Score 70/100
Develop comprehensive risk management plans for collections and cultural venues including disaster preparedness, security protocols, and insurance coordination
Score 70/100
Audit risk simulation and decision support systems for Monte Carlo modeling quality, wargaming analysis, threat assessment, mission planning support, and course-of-action decision…
Score 70/100
RouterOS packet capture and TZSP streaming for protocol debugging. Use when: capturing packets on RouterOS, setting up /tool/sniffer, streaming live traffic via TZSP, using…
Score 70/100
Use ai-runbooks to give AI assistants role-specific SOC personas, investigation steps, and incident-response procedures for structured security triage.
Score 70/100
Analyze a web app's source code, execute real exploit attempts against the running target, and return proof-backed findings before release.
Score 70/100
Use a practical OpenClaw operations runbook to stabilize long-running deployments, tune coordinator and worker patterns, and apply reusable prompt templates for monitoring,…
Score 70/100
Use curated Trail of Bits security skills inside Claude Code when the job is auditing, variant hunting, or fix verification rather than generic coding assistance.
Score 70/100
Runway security basics — AI video generation and creative AI platform. Use when working with Runway for video generation, image editing, or creative AI.
Score 70/100
Rust security skill for supply chain safety and memory-safe development. Use when auditing dependencies with cargo-audit, enforcing policies with cargo-deny, reviewing RUSTSEC…
Score 70/100
Design and implement multi-tenant SaaS architectures with row-level security, tenant-scoped queries, shared-schema isolation, and safe cross-tenant admin patterns in PostgreSQL…
Score 70/100
Scan inputs for prompt injection, unsafe content, and adversarial attacks using AIDefence
Score 70/100
Apply Salesforce security best practices for Connected Apps, OAuth, and field-level security. Use when securing API credentials, implementing least privilege access, or auditing…
Score 70/100
Secure SalesLoft OAuth tokens, API keys, and webhook signatures. Use when implementing token rotation, securing webhook endpoints, or auditing SalesLoft API access controls.
Score 70/100
Configure Claude Code sandbox security with file system and network isolation boundaries
Score 70/100
Perform codebase analysis and architecture mapping as the first phase of a security assessment. Explores the tech stack, frameworks, entry points, data flows, and trust…
Score 70/100
Static Application Security Testing orchestration and analysis. Execute Semgrep, Bandit, ESLint security plugins, CodeQL, and other SAST tools.
Score 70/100
Python security vulnerability detection using Bandit SAST with CWE and OWASP mapping. Use when: (1) Scanning Python code for security vulnerabilities and anti-patterns, (2)…
Score 70/100
Detect business logic vulnerabilities in a codebase using a three-phase approach: threat modeling (domain analysis and attack scenarios), batched verify (check exploitable gaps in…
Score 70/100
Static Application Security Testing (SAST) tool setup, configuration, and custom rule creation for comprehensive security scanning across multiple programming languages.
Score 70/100
Detect insecure file upload vulnerabilities in a codebase using a three-phase approach: discovery (find all upload sites), batched verify (check extension bypass and related…
Score 70/100
Detect GraphQL injection vulnerabilities in a codebase using a three-phase approach: recon (confirm GraphQL usage and find unsafe operation document assembly sites), batched…
Score 70/100
Detect hardcoded sensitive data (API keys, access tokens, private keys, passwords, etc.) in publicly accessible code — frontend JavaScript, mobile apps, client-side bundles, and…
Score 70/100
Multi-language static application security testing using Horusec with support for 18+ programming languages and 20+ security analysis tools.
Score 70/100
Detect Insecure Direct Object Reference (IDOR) vulnerabilities in a codebase using a three-phase approach: recon (find candidates), batched verify (check authorization in parallel…
Score 70/100
Detect insecure JWT (JSON Web Token) implementations in a codebase using a two-phase approach: first map all JWT issuance and verification sites to understand the token lifecycle…
Score 70/100
Detect missing authentication and broken function-level authorization vulnerabilities in a codebase using a three-phase approach: recon (map endpoints and the role/permission…
Score 70/100
Detect path traversal vulnerabilities in a codebase using a three-phase approach: recon (find file-loading sinks with dynamic paths), batched verify (trace user input and…
Score 70/100
Runs static application security testing using Semgrep rules and CodeQL queries against pull request diffs.
Score 70/100
Detect Remote Code Execution (RCE) vulnerabilities in a codebase using a three-phase approach: recon (find dangerous execution sinks), batched verify (trace user input to sinks in…
Score 70/100
Consolidate all SAST vulnerability results from the sast/ folder into a single final report ranked by severity and confidentiality impact.
Score 70/100
Compiles and validates custom Semgrep SAST rules using the semgrep-core engine. Tests pattern matching against sample codebases and generates rule performance benchmarks with p/ci…
Score 70/100
Static application security testing (SAST) using Semgrep for vulnerability detection, security code review, and secure coding guidance with OWASP and CWE framework mapping.
Score 70/100