Self code review step in the TCR workflow. Runs after each micro-step is completed and before commit, checking code quality, security, and design issues.
Adversarial TDD mode with Attacker/Defender agents. Attacker writes tests to break the system, Defender writes minimal code to pass.
Roo Code's Bedrock provider silently disables caching for custom ARNs. Populate cachableFields to fix.
RouterOS firewall filter, NAT, mangle, and address-list configuration. Use when: writing firewall rules in RouterOS, configuring NAT, setting up address-lists or interface-lists,…
RouterOS packet capture and TZSP streaming for protocol debugging. Use when: capturing packets on RouterOS, setting up /tool/sniffer, streaming live traffic via TZSP, using…
Cross-chain crypto payments and bridging via Rozo. Send USDC/USDT across Ethereum, Base, BNB Chain, Solana, and Stellar.
Authenticate and manage Redpanda Cloud from the CLI using the `rpk cloud` command group. Covers login (SSO browser flow and client credentials), logout, cloud auth management…
Use ai-runbooks to give AI assistants role-specific SOC personas, investigation steps, and incident-response procedures for structured security triage.
Runs checklists for AIEWF 2024 eval and LLM ops talks — domain eval ladders, LLM judges, enterprise deploy, Zapier+Braintrust loops, GenAI maturity before fine-tune.
Analyze a web app's source code, execute real exploit attempts against the running target, and return proof-backed findings before release.
Install SecOpsAgentKit when a Claude Code session needs repeatable security review skills for SAST, DAST, container scanning, secrets checks, policy review, and remediation…
Use CAI to run research and bug-bounty-oriented security agents with model routing, tool integrations, tracing, MCP support, and human oversight.
Use a practical OpenClaw operations runbook to stabilize long-running deployments, tune coordinator and worker patterns, and apply reusable prompt templates for monitoring,…
Build, launch, and drive the KFS (Kharon Fire & Security) Astro app locally — run the dev server, screenshot the public website, and drive the portal through a real authenticated…
Use curated Trail of Bits security skills inside Claude Code when the job is auditing, variant hunting, or fix verification rather than generic coding assistance.
Generic CI environment rules for GitHub Actions workflows. Use when operating in CI — covers security, CI monitoring, comment formatting, and investigating session logs from other…
Principal Runtime & Deployment Engineer. Analyzes containerization, orchestration, environment configuration, resource allocation, startup sequences, health probes, deployment…
Runway security basics — AI video generation and creative AI platform. Use when working with Runway for video generation, image editing, or creative AI.
Rust security skill for supply chain safety and memory-safe development. Use when auditing dependencies with cargo-audit, enforcing policies with cargo-deny, reviewing RUSTSEC…
Use when designing Rust CLIs backed by SQLite with migrations, transactions, tests, and data safety. Triggers:
World-class expertise in tokenizing real-world assets with regulatory complianceUse when "tokenize real estate, tokenize real world assets, RWA tokenization, security token, STO,…
Защитный Mythos-style security review для diff/PR/чувствительного кода. Используй для: /rldyour-security:ry-sec-review, проверь безопасность, секьюрити ревью, проверь авторизацию…
Create Goods Receipts (Material Documents) in SAP S/4HANA Cloud Public or on-prem private edition via OData V2 A_MaterialDocumentHeader deep-insert at API_MATERIAL_DOCUMENT_SRV.
Create supplier (AP) invoices in SAP S/4HANA Cloud Public or on-prem private edition via the SOAP A2X "Supplier Invoice ERP Create Request" service.
Create purchase orders (POs) in SAP S/4HANA Cloud Public or on-prem private edition via the OData V2 A_PurchaseOrder deep-insert at API_PURCHASEORDER_PROCESS_SRV.
Update existing records in SAP S/4HANA Cloud Public or on-prem private edition via OData V2 PATCH. Use whenever the user wants to update, change, edit, modify, patch, set, rename,…
Activa SecurityAudit SIEMPRE que el usuario quiera verificar la seguridad de un skill antes de instalarlo.
Activa SecurityAudit SIEMPRE que el usuario quiera verificar la seguridad de un skill antes de instalarlo.
Pre-launch verification across infrastructure, security, legal, payment, email, analytics, and performance.
Design and implement multi-tenant SaaS architectures with row-level security, tenant-scoped queries, shared-schema isolation, and safe cross-tenant admin patterns in PostgreSQL…
Payment provider abstraction, webhook security, subscription lifecycle, dunning flows, pricing models, invoicing, tax handling, and refund patterns for SaaS applications.
Security checklist specifically for SaaS applications built with Next.js, Supabase, and Stripe. Covers authentication hardening, Row Level Security, Stripe webhook verification,…
Sade hukuk dili: karmaşık dilekçe, karar ve sözleşmeleri müvekkilin anlayacağı yalın Türkçeye çevirme; hukuki doğruluğu koruyarak özetleme, terim açıklama ve bilgilendirme metni…
Scan inputs for prompt injection, unsafe content, and adversarial attacks using AIDefence
Safety hooks for Claude Code — 695 pre-built hooks that prevent file deletion, credential leaks, git disasters, and token waste during autonomous AI coding sessions.
Sage theme with Acorn (Laravel IoC for WordPress) and Lando — lando start, lando info, lando acorn, Service Providers, View Composers, Blade components, ACF Composer blocks and…
Apply Salesforce security best practices for Connected Apps, OAuth, and field-level security. Use when securing API credentials, implementing least privilege access, or auditing…
Secure SalesLoft OAuth tokens, API keys, and webhook signatures. Use when implementing token rotation, securing webhook endpoints, or auditing SalesLoft API access controls.
Add 8 security governance layers to your OpenClaw agent — budget controls, permissions, audit logging, kill switch, identity signing, skill vetting, process isolation, and gateway…
Use when screening a counterparty, transaction, or asset against EU restrictive measures (sanctions).
Configure Claude Code sandbox security with file system and network isolation boundaries — from security/security-misc
Detect VM/sandbox escape vulnerabilities in packages using node:vm, simpleeval, or custom sandboxes that can be bypassed to achieve code execution.
Wrap the current audit agent session inside the Anthropic Sandbox Runtime (srt) before starting any security audit.
Redaction-only subagent for pf-ethnographer. Accepts raw observed behavior and interpretation reports from the Ethnographer, applies aggressive PII and sensitive-data redaction…
Advanced input validation and sanitization using Zod. Use to prevent XSS and ensure data integrity before sending to Appwrite.
Design production-ready software products following senior architect principles - from requirements to deployment architecture.
On-chain memory subsystem for SAP SDK v0.15.0. Use when: init vault, open session, inscribe encrypted memory, delegated inscription, epoch pagination, ledger init/write/seal,…
Source code vulnerability hunting (SAST). Decomposes analysis into specialized passes: map entry points, map dangerous ops, trace flows, find gaps, adversarial validation,…
Perform codebase analysis and architecture mapping as the first phase of a security assessment. Explores the tech stack, frameworks, entry points, data flows, and trust…
Static Application Security Testing orchestration and analysis. Execute Semgrep, Bandit, ESLint security plugins, CodeQL, and other SAST tools.
Python security vulnerability detection using Bandit SAST with CWE and OWASP mapping. Use when: (1) Scanning Python code for security vulnerabilities and anti-patterns, (2)…
Detect business logic vulnerabilities in a codebase using a three-phase approach: threat modeling (domain analysis and attack scenarios), batched verify (check exploitable gaps in…
Static Application Security Testing (SAST) tool setup, configuration, and custom rule creation for comprehensive security scanning across multiple programming languages.
Configure Static Application Security Testing (SAST) tools for automated vulnerability detection in application code.
Detect insecure file upload vulnerabilities in a codebase using a three-phase approach: discovery (find all upload sites), batched verify (check extension bypass and related…
Detect GraphQL injection vulnerabilities in a codebase using a three-phase approach: recon (confirm GraphQL usage and find unsafe operation document assembly sites), batched…
Detect hardcoded sensitive data (API keys, access tokens, private keys, passwords, etc.) in publicly accessible code — frontend JavaScript, mobile apps, client-side bundles, and…
Multi-language static application security testing using Horusec with support for 18+ programming languages and 20+ security analysis tools.
Detect Insecure Direct Object Reference (IDOR) vulnerabilities in a codebase using a three-phase approach: recon (find candidates), batched verify (check authorization in parallel…
Detect insecure JWT (JSON Web Token) implementations in a codebase using a two-phase approach: first map all JWT issuance and verification sites to understand the token lifecycle…