Scans container images, IaC templates, and SBOM artifacts using Aqua Trivy CLI. Generates CycloneDX and SPDX reports with CVE severity filtering for CI/CD gates.
Find, verify, and analyze leaked credentials across Git repositories, Slack, Jira, Docker images, and more using TruffleHog.
Analyze raw T-SQL source code for anti-patterns, security risks, and static performance smells. Applies 50 checks (T1–T50) across structural, correctness, security, deprecated…
Parse Windows event logs into fast timelines and detection-rich outputs so agents can triage suspicious host activity, search for known patterns, and hand investigators reviewable…
Security best practices for TwinMind: on-device audio processing, encrypted cloud backups, microphone permissions, and data privacy controls.
Configure TOTP authenticator apps, send OTP codes via email/SMS, manage backup codes, handle trusted devices, and implement 2FA sign-in flows using Better Auth's twoFactor plugin.
Review Apple text code for correctness, performance, and modernization risk in a single pass with severity-ranked findings.
Handle bidirectional text, right-to-left languages, mixed Arabic/Hebrew/Latin content, writing-direction APIs at every layer, and cursor/selection behavior in bidi text.
Pick text colors that adapt to dark mode, vibrancy, and accessibility settings across UIKit, AppKit, and SwiftUI — semantic label colors, AppKit's textColor vs labelColor split,…
Use Core Text directly — CTLine, CTRun, CTFramesetter, CTTypesetter, CTFont, CTRunDelegate — for glyph-level access, custom typesetting, hit testing outside a text container, font…
Measure rendered size of strings and attributed strings, size views to fit text content, and read per-line metrics from NSLayoutManager and NSTextLayoutManager.
Integrate Writing Tools into UITextView, NSTextView, custom UITextInput views, or fully custom editors via UIWritingToolsCoordinator.
Provides security review capability for TypeScript/Node.js applications, validates code against XSS, injection, CSRF, JWT/OAuth2 flaws, dependency CVEs, and secrets exposure.
Ubiq Security integration. Manage data, records, and automate workflows. Use when the user wants to interact with Ubiq Security data.
Pre-delivery quality audit — Anti-Pattern + Coverage Gap + Wiring + E2E + Performance + Security. Writes .ultra/test-report.json; no state.db writes.
Provides patterns for unit testing Spring Security with `@PreAuthorize`, `@Secured`, `@RolesAllowed`. Validates role-based access control and authorization policies.
Submit URLs for automated malware and phishing analysis, then retrieve safety verdicts and screenshots via urlscan.io
California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) expert. Deep knowledge of California Civil Code §1798.100 et seq., CPRA-amended applicability…
US Export Controls expert covering ITAR and EAR. Provides comprehensive guidance on defense articles (USML), dual-use commercial items (CCL), jurisdiction determination, FIPS…
FINRA Broker-Dealer Cybersecurity Guidance expert. Stub-depth framework plugin that routes to the SCF crosswalk.
HIPAA Security Rule expert for US healthcare compliance. Deep knowledge of 45 CFR Part 164 Subpart C, Administrative/Physical/Technical Safeguards, Required vs Addressable…
Sarbanes-Oxley Act of 2002 (SOX) expert for ICFR-relevant IT and security work. Deep knowledge of 15 U.S.C.
Use at the start of any session — establishes the cognitive contract that pandastack skills must be checked BEFORE any response or action, including clarifying questions.
usql is a universal command-line interface for SQL databases including PostgreSQL, MySQL, SQLite, Oracle, SQL Server, and dozens more.
Prepare Kubernetes environment infrastructure by generating K8s manifests for all 3rd party supporting applications for a single target environment defined in CLAUDE.md.
Complete security architecture overhaul for claude-flow v3. Addresses critical CVEs (CVE-1, CVE-2, CVE-3) and implements secure-by-default patterns.
15-agent hierarchical mesh coordination for v3 implementation. Orchestrates parallel execution across security, core, and integration domains following 10 ADRs with 14-week…
Audit an existing Sim webhook trigger against the service's webhook API docs and repository conventions, then report and fix issues across trigger definitions, provider handler,…
Validate authentication mechanisms for security weaknesses and compliance. Use when reviewing login systems or auth flows.
Validate backup integrity through cryptographic hash verification, automated restore testing, corruption detection,
Validate CORS policies for security issues and misconfigurations. Use when reviewing cross-origin resource sharing.
Validate CSRF protection implementations for security gaps. Use when reviewing form security or state-changing operations.
Find similar vulnerabilities and bugs across codebases using pattern-based analysis. Use when hunting bug variants, building CodeQL/Semgrep queries, analyzing security…
Secure environment variable management with Varlock. Use when handling secrets, API keys, credentials, or any sensitive configuration.
Manage training data and model artifacts securely on Vast.ai GPU instances. Use when transferring data to instances, managing checkpoints, or implementing secure data lifecycle on…
Apply Vast.ai security best practices for API keys and instance access. Use when securing API keys, hardening SSH access to GPU instances, or auditing Vast.ai security…
Manages secret lifecycle through the HashiCorp Vault HTTP API v1. Rotates database credentials via Vault dynamic secrets engine and syncs to Kubernetes via External Secrets…
Verifies encryption workflows with HashiCorp Vault Transit endpoints like `/encrypt`, `/decrypt`, and `/rewrap`, plus key metadata inspection.
Mutation-driven test vector generation. Finds implementations of a cryptographic algorithm or protocol, runs mutation testing to identify escaped mutants, then generates new test…
Veeva Vault security basics for REST API and clinical operations. Use when working with Veeva Vault document management and CRM. Trigger: "veeva security basics".
Use when the user wants to inspect company or customer data that lives behind Velen, resolve org or source context, validate or execute ad hoc read-only SQL against a…
Vendasta integration. Manage data, records, and automate workflows. Use when the user wants to interact with Vendasta data.
Conducts comprehensive vendor security assessments. Evaluates vendor security posture, identifies risks, and generates assessment reports with recommendations.
Framework for assessing IT service providers, technology vendors, and third-party partners. Creates structured risk assessments across financial, operational, compliance,…
Analyze vendor management systems for performance scorecards, third-party risk assessment, SLA enforcement, vendor rationalization, and relationship governance.
Use Venice as a pay-per-call JSON-RPC proxy to 20+ EVM and Starknet networks. Covers GET /crypto/rpc/networks, POST /crypto/rpc/{network}, the 1×/2×/4× method-tier pricing model,…
Apply Vercel security best practices for secrets, headers, and access control. Use when securing API keys, configuring security headers, or auditing Vercel security configuration.
Very Good Security integration. Manage data, records, and automate workflows. Use when the user wants to interact with Very Good Security data.
Security intelligence for code analysis. Detects SQL injection, XSS, CSRF, authentication issues, crypto failures, and more.
Detection Engineering agent. Designs Sigma/YARA rules, maps detection coverage, designs threat hunting hypotheses, executes Purple Team Blue side, and integrates Detection-as-Code…
Check file hashes, URLs, domains, and IP addresses against 70+ antivirus engines and threat intelligence feeds via VirusTotal
Designing and debugging Visualforce pages: standard/custom controllers, view state management, CSRF and SOQL injection security, PDF rendering, Visualforce email templates.
Vocabulary learning strategies and retention science for any language -- frequency-based word selection, spaced repetition systems (Ebbinghaus forgetting curve, Leitner system,…
Analyze volunteer management platforms for skill-based matching algorithms, shift scheduling optimization, availability tracking, and retention analysis.
Realiza auditoria de segurança completa em VPS Linux: análise de portas expostas, configuração SSH, vulnerabilidades em containers Docker, usuários do sistema, permissões, logs de…
Look up a vulnerability by ID or list all vulnerabilities for a package
Composes multi-step exploit chains by correlating vulnerabilities across domains, calculates real impact of chained findings, generates end-to-end PoC scripts, and produces bug…
Analyze dependency or ecosystem risk and produce remediation and advisory packets.
Analyse et évalue les vulnérabilités d'un système ou d'une application. À utiliser pour comprendre et prioriser les vulnérabilités.
Vulnerability Report Generator - Auto-activating skill for Security Advanced. Triggers on: vulnerability report generator, vulnerability report generator Part of the Security…