Generate a Supabase Row-Level-Security policy bundle from an access-model description. Outputs SQL + test queries + admin-impersonation patterns.
Use when the user asks to triage their RocketCyber managed SOC, see what broke across clients overnight, rank devices at risk in Defender, compute incident MTTR for a QBR, trend…
Adversarial cross-family review of baton artifacts, PRs, and governance docs. Dispatches a non-Anthropic fleet model (cross-family invariant) and returns structured findings with…
Every Rootly incident, alert, and on-call object as a typed command, with a local SQLite mirror for offline analytics.
Use for tightly scoped Kerberos ticket and account validation during authorized pentests. Trigger on approved ticket analysis, Kerberos exposure review, and proving whether a…
Use when the user asks to inventory their runZero attack surface, triage which assets are most exposed, see what changed since the last sync, trace which assets a CVE affects,…
Run a full security-in-depth audit including OWASP Top 10, dependency analysis, and defense-in-depth review. Use for security audit, pentest review, or vulnerability assessment.
Find the newest version of a package that is free of known vulnerabilities, capped by a `--max-major-bump` policy.
**WORKFLOW SKILL** — Risk awareness before action. USE FOR: assessing risks (security, data integrity, compatibility, operational, reversibility) of any task at variable depth.
Static application security testing (SAST) for changed source files — Vulnetix''s built-in rule set plus optional Semgrep augmentation when `.semgrep` config is present.
Ghost Security - SAST code scanner. Finds security vulnerabilities in source code by planning and executing targeted scans for issues like SQL injection, XSS, BOLA, BFLA, SSRF,…
Hardcoded-secret detection — AWS keys, GitHub PATs, Slack tokens, Stripe keys, generic high-entropy strings. Pre-commit (`--staged-only`), explicit paths, or full repo.
Use this skill when the user reports API authentication or missing credential issues in an aide-managed project, or when you observe authentication failures (401, 403, missing API…
Proactive secure-coding coach scoped to the file or topic you are working on — surfaces relevant SAST rule IDs, CWE patterns, language-specific PASS/FAIL code snippets.
Triage a security scanner's multi-finding output (read via a pluggable scan-format adapter) and turn findings into security work only after a complete operator-reviewed triage.
Security-focused code review that emits a numeric composite score (0.0–1.0) suitable for the evolve-loop Builder self-review convergence loop
Quy tắc raw bắt buộc khi Claude Code thiết kế, viết, review hoặc kiểm thử bảo mật production cho frontend, backend, API, config, dependency và vận hành.
Scan codebase for security vulnerabilities, hardcoded secrets, injection flaws, misconfigurations, and attack surfaces.
Bootstrap OSS community health files — CONTRIBUTING.md, LICENSE, SECURITY.md, CODE_OF_CONDUCT.md, README sections (Getting Started, Badges), .github/PULL_REQUEST_TEMPLATE.md,…
Seed the SQLite database with project data from seed.json. Use 'reset' argument to drop and recreate tables first.
Use when the user asks to triage SentinelOne threats across client sites, trace a threat's blast radius, find dark/stale/under-protected agents, check protection-coverage gaps,…
Analyzes session and cookie security, including flags, expiration, fixation, and storage. Use when auditing session management and cookie configuration.
Use when the user asks to reconcile Sherweb billing, compute net margin per customer (receivable minus payable), find orphaned or under-billed subscriptions, catch metered usage…
Power-user shortcut to list WP Umbrella sites with an optional filter. Invoke as /umbrella:sites [filter].
Syncs skills across AI CLI tools (Claude, Cursor, Windsurf, etc.) from a single source of truth. Global mode (~/.config/skillshare/) and project mode (.skillshare/ per-repo).
Use when the user asks to audit SkyKick Cloud Backup across customers - which Microsoft 365 tenants have a backup gap, which mailboxes silently stopped snapshotting, what's…
SOC daily-pull triage feed — Vulnetix''s score-driven queue cross-referenced with installed dependencies.
Final code review and quality gate — run tests, check coverage, audit security, verify acceptance criteria from spec, and generate ship-ready report.
Soroban smart contract development on Stellar (Rust SDK). Covers project setup, contract structure, storage types, authorization, cross-contract calls, events, error handling,…
Analyze a CycloneDX/SPDX SBOM file using sbomr. Use when asked to inspect, summarize, or query an SBOM file — e.g.
Use when: performing code review, pull request review, security review, designing, implementing, or testing SSRF fixes, outbound HTTP requests, outbound fetch helpers,…
Scaffold and build AI agents using the Strands Agents SDK with Bedrock AgentCore. Use when creating new agent projects, building greenfield AgentCore applications, prototyping…
Use when analyzing a subscription or recurring-revenue business (news site, paywall publisher, SaaS-light, membership platform, e-commerce with subscription tier) for monetization…
Use when the user asks to triage a SuperOps queue, see who's about to breach SLA, pull a client 360 before a QBR, find at-risk assets (unpatched and actively alerting), check…
Reviews AI/ML model supply chains for security risks including model provenance verification, training data lineage, fine-tuning pipeline integrity, inference dependency review,…
Expert SurrealDB 3 skill. Use when working with SurrealDB, SurrealQL queries, multi-model data modeling (document, graph, vector, time-series, geospatial), schema design, graph…
Use this skill when investigating a runtime threat detected by Sysdig end-to-end. Surfaces the highest-priority threat, scores vulnerability vs runtime correlations on a 1-5…
Use when the user asks to check Tactical RMM fleet health, triage the agents that need attention first, sweep patch posture across every client, find agents that have gone dark,…
Orchestrate the polish team: coordinates performance-analyst, security-engineer, accessibility-specialist, and qa-tester to optimize, harden, and polish a feature for release…
Launches pre-configured multi-agent teams for code review, debugging, feature development, security audits, and database migrations.
Inspects the OrchestKit telemetry pipeline for the current project — lists all known telemetry files with write counts, sizes, schema status, growth trend, and orphan detection.
Knowledge router AND interactive teacher across every book-derived skill in this project. Two modes — (1) **ask**: auto-discovers all domain skills (finance, vuln hunting, AI…
Daily threat-intel digest — AI-discovered vulnerabilities, AI-in-the-wild exploitation observations, AI-authored malware families, exploit-trends rollup, vendor-trends…
Use when the user asks to triage ThreatLocker application approvals across tenants, approve a file hash everywhere it's pending, export or check retention on the Unified Audit…
Allowlist/denylist for AI agent tool calls with approval gates for destructive operations. Define which tools the agent can use freely, which require confirmation, and which are…
Typosquat and malicious-package detection across installed dependencies (or a single prospective addition) — cross-checks AI-malware family intelligence, package-name similarity…
Drafts a second-line UDAAP review memo for a product, feature, fee, disclosure or customer-experience flow, marketing motion, complaint pattern, or enforcement theme.
Use when: reviewing, designing, implementing, or testing security-sensitive Unicode text handling, UTF-8 decoding, invalid byte sequences, overlong encodings, surrogate handling,…
Verify code-review or security-review findings for false positives using deep codebase tracing, framework-aware analysis, and web research.
Post-fix verification — re-scan the repo, gate on `--exploits weaponized --severity high`, recheck the specific CVE against the new installed version, write the verdict to…
Inspect and validate Vertex AI Agent Engine deployments including Code Execution Sandbox, Memory Bank, A2A protocol compliance, and security posture.
Generate OpenVEX / CycloneDX VEX attestations from `.vulnetix/memory.yaml` triage decisions, optionally sign with cosign, optionally upload to Vulnetix and post to a GitHub PR.
Use when: performing defensive web application security review, web-app vulnerability triage, web-app threat-model review, or validation of web-app security fixes.
Launch a comprehensive website audit. Specify a URL or audit the current codebase. Optionally specify categories: seo, accessibility, performance, security, mobile, content,…
Sovereign-grade safety OS for AI coding agents. 45 hooks, 3,440 skills, L1 memory, circuit breakers, and cross-engine enforcement — blocks rm -rf, force push, pipe-to-shell, and…
Verifies financial data against source documents, bank statements, contracts
Vehicle cybersecurity engineering per ISO/SAE 21434
Advanced binary exploitation and mitigation bypass
Web application security testing with Burp Suite integration
This skill should be used when the user says "configure hooks", "set up quality gates", "add PostToolUse hook", "set up permission hooks", "create hook configuration", "add…