Security standards and checklist enforcing OWASP Top 10, secret management, and input validation. Auto-activates when: API endpoints, authentication, user input handling, data…
Run composable security analysis across binaries, prompts, traces, and policies.
[STUB - Not implemented] Security testing strategies including vulnerability scanning and penetration testing guidance. PROACTIVELY activate for: [TODO: Define on implementation].
Security testing patterns including SAST, DAST, penetration testing, and vulnerability assessment techniques.
Scans code for security vulnerabilities and unsafe patterns. Use when the user asks about security, mentions OWASP, credentials, secrets, XSS, SQL injection, or wants to audit…
Repository-grounded threat modeling that enumerates trust boundaries, assets, attacker capabilities, abuse paths, and mitigations, and writes a concise Markdown threat mo — from…
Analyze codebase architecture to generate a STRIDE-based threat model with data flow diagrams, trust boundaries, prioritized threats, and mitigations.
Modélisation des menaces pour applications et systèmes — identification des surfaces d'attaque, classification STRIDE, arbres d'attaque et stratégies de mitigation.
Generate a self-contained HTML dashboard of `` repository statistics for security-team review.
Triage GitHub security advisories for OpenClaw with high-confidence close/keep decisions, exact tag and commit verification, trust-model checks, optional hardening notes, and a…
نظام إدارة واكتشاف ومعالجة الثغرات الأمنية. استخدم هذا الـ skill عند: فحص الثغرات، إدارة نقاط الضعف، اختبار الاختراق، تقييم المخاطر الأمنية، OWASP compliance، إدارة الأحداث…
Use when creating backlog tasks from security findings, integrating security scans into workflow states, or managing security remediation tracking.
Document security research, CTF solutions, and malware analysis. Includes REPORT.md and STATUS.md templates.
Run an OWASP ZAP baseline security scan locally using Docker. Checks for the ZAP baseline script, executes the scan, and summarizes findings by risk level with remediation…
Architecture Zero Trust — never trust always verify, micro-segmentation réseau, approche identity-centric et accès conditionnel.
Audit HTTP security headers for any URL and receive a grade (A+ to F) with specific recommendations for missing headers
SecurityTrails integration. Manage data, records, and automate workflows. Use when the user wants to interact with SecurityTrails data.
Automate Securitytrails tasks via Rube MCP (Composio). Always search tools first for current schemas. — from security/security-misc
Reset the local SQLite DB to sample data and launch the API + Vite dev servers for manual verification.
Out-of-the-box Seedance 2.0 API skill — just one API key to generate AI videos. Builds storyboards, generates reference images with Seedream 4.5, submits video tasks, and polls…
A marketplace connecting AI agents with humans who need tasks completed. Agents earn cryptocurrency (ETH or SOL) for accepted work.
Use when the user is dealing with a leader — a CEO, political figure, boss, business partner, negotiating counterparty — whose self-presentation is larger-than-life in a way that…
Generates production-grade Selenium WebDriver automation scripts and tests in Java, Python, JavaScript, C#, Ruby, or PHP.
Autonomously detect and fix broken dependencies, missing packages, Docker issues, Playwright, WhatsApp auth, TypeScript build failures, and SQLite corruption.
Runs Semgrep against a codebase using official or custom rule registries and outputs a grouped report of security anti-patterns, deprecated API usage, and policy violations.
Builds custom Semgrep rules using the semgrep YAML rule syntax with metavariable-pattern, pattern-either, and taint-mode analysis.
Creates custom Semgrep SAST rules using the semgrep CLI and rule schema YAML format. Supports pattern-either, metavariable-regex, and taint-mode tracking for detecting…
Writes and deploys custom Semgrep rules using pattern, pattern-either, and metavariable-regex operators for multi-language SAST scanning.
Leverages the Semgrep OSS engine and semgrep-rules registry to perform deep static analysis across 30+ languages.
Executes Semgrep CLI with custom YAML rules and the Semgrep Registry API to detect anti-patterns, vulnerabilities, and taint tracking violations.
Generates custom Semgrep rules from natural language descriptions of vulnerability patterns. Uses semgrep --validate to verify rule syntax and semgrep --test to run against sample…
Executes Semgrep static analysis using the semgrep CLI with custom YAML rule definitions. Supports taint tracking, metavariable comparisons, and pattern-not-inside exclusions for…
Use this agent when you need deterministic static analysis security scanning using semgrep. This agent complements security-sentinel by running rule-based pattern matching to…
Runs Semgrep static analysis with custom rule packs targeting OWASP Top 10 patterns. Uses semgrep CLI with --config=auto and --sarif output for GitHub Advanced Security…
Run Semgrep SAST analysis for security and code quality
Performs SAST scanning using Semgrep CLI and Semgrep Registry rules. Detects OWASP Top 10 vulnerabilities, injection flaws, and insecure patterns with custom rule YAML authoring.
Scan codebases for security vulnerabilities and anti-patterns using Semgrep OSS rules and the Semgrep CLI. Supports custom YAML rule authoring and SARIF output for CI integration.
Runs Semgrep code and supply-chain checks with `semgrep scan`, registry rule packs, and dependency-aware findings to surface risky patterns early.
Send cross-chain crypto payments via Rozo API. Handles USDC and USDT payouts across EVM chains (Ethereum, Arbitrum, Base, BSC, Polygon), Solana, and Stellar.
Senhasegura PAM platform integration — A2A OAuth 2.0, PAM Core credentials, SSH key rotation, DSM CLI for CI/CD, External Secrets Operator (Kubernetes), MySafe, and a runnable MCP…
Comprehensive backend development skill for building scalable backend systems using NodeJS, Express, Go, Python, Postgres, GraphQL, REST APIs.
Comprehensive backend development skill for building scalable backend systems using NodeJS, Express, Go, Python, Postgres, GraphQL, REST APIs.
Comprehensive SecOps skill for application security, vulnerability management, compliance, and secure development practices.
Comprehensive SecOps skill for application security, vulnerability management, compliance, and secure development practices.
Comprehensive security engineering skill for application security, penetration testing, security architecture, and compliance auditing.
Comprehensive security engineering skill for application security, penetration testing, security architecture, and compliance auditing.
Semantic security scanner for OpenClaw skills. Detects prompt injection, data exfiltration, and hidden instructions that traditional code scanners miss.
Rosetta CRITICAL MUST skill. MUST activate when you suspect, there is a slight chance, encounter, read, process, or are about to output any sensitive or possibly sensitive data…
Static security analysis agent. Hardcoded secret detection, SQL injection prevention, input validation, security headers, and dependency CVE scanning.
Runtime security layer for OpenClaw agents. Intercepts and scans all external input (emails, API responses, web content, chat messages, calendar events) for prompt injection, data…
Configure Sentry security settings and data protection. Use when setting up PII scrubbing, managing sensitive data, configuring data scrubbing rules, or hardening Sentry for…
Guidelines for developing with Sequelize, a promise-based Node.js ORM supporting PostgreSQL, MySQL, MariaDB, SQLite, and SQL Server
Secure SerpApi API keys and prevent credit abuse. Use when storing API keys, implementing backend proxies, or auditing SerpApi access patterns.
Servd (servd.host) — Craft-specialised managed hosting for Craft CMS. Covers git push-to-deploy with the optional servd.yaml build config, local → staging → production…
Use when designing or reviewing Server Actions: the 'use server' directive contract, how a server-side function becomes invokable from the browser without an API route, form…
Comprehensive health check of the newna.ai VPS. Checks PM2, Docker, nginx, SSL, databases, disk, firewall, backups, and system resources.
OWASP Serverless Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in serverless application environments.
Use when designing credential rotation for integration users, connected apps, named credentials, and OAuth client secrets in Salesforce.
Session Security Checker - Auto-activating skill for Security Fundamentals. Triggers on: session security checker, session security checker Part of the Security Fundamentals skill…
Apply task-specific templates to AI session plans using ai-update-plan. Use when starting a new task to load appropriate plan structure (feature, bugfix, refactor, documentation,…