Set up, run, and interpret Agent Skill evaluations (evals) with the skill-up CLI / 使用 skill-up CLI 给 Agent Skill 搭建和运行评测.
Security-first vetting for OpenClaw skills. Use before installing any skill from ClawHub, GitHub, or other sources.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources.
Vet ClawHub skills for security and utility before installation. Use when considering installing a ClawHub skill, evaluating third-party code, or assessing whether a skill adds…
Static analysis security scanner for third-party OpenClaw skills. Detects eval/spawn risks, malicious dependencies, typosquatting, and prompt injection patterns before…
Secure sanitization system that removes prompt injection attempts from external content, ensuring AI interactions remain safe and controlled.
Perform comprehensive security audits on OpenClaw skills or agents prior to installation, import, activation, or trust.
Audit AI agent skills for security threats before installing them. Detects malicious patterns like remote shell execution, credential fishing, C2 callbacks, and supply chain…
Security scanner for AgentSkill packages. Scan skills for credential theft, code injection, prompt manipulation, data exfiltration, and evasion techniques before installing them.
Build AI agents with console.agent() - the jQuery of AI Agents. Drop console.agent(...) anywhere in your code for agentic workflows with the simplicity of console.log().
Use when the user mentions a skill or plugin by name, asks "should I install X?", asks "what skills fit this project?", asks to audit installed skills, asks whether a skill is…
Security gate for skills. Every new skill MUST pass SkillScan before use. Activate on any install, load, add, evaluate, or safety question about a skill.
OpenClaw security audit + prompt injection detector. Scans gateway/vulns/cron/PI patterns. Use for frenzy-proofing installs. — from dvcrn/openclaw-skills-marketplace
Run, interpret, or modify Skylos safely. Use when the user asks to scan code with Skylos, explain SKY-* findings, triage dead-code false positives, audit security/secrets/SCA/LLM…
Intelligent secrets detection and prevention — scan code, configs, and git history for exposed API keys, passwords, tokens, and credentials
AI-powered browser automation — navigate sites, fill forms, extract structured data, log in with stored credentials, and build reusable multi-step workflows using natural — from…
AI-powered browser automation — navigate sites, fill forms, extract structured data, log in with stored credentials, and build reusable workflows. — from Skyvern-AI/skyvern
OAuth flows, token management, and security best practices for Slack apps. Use when implementing app distribution, multi-workspace installations, token storage and rotation,…
Expert integration with Slither static analyzer for smart contract vulnerability detection, code quality analysis, and security reporting.
Comprehensive security review framework for AI agents. Covers skill/MCP installation, GitHub repos, URLs/documents, on-chain addresses, products/services, and social shares.
Audit de sécurité de smart contracts Solidity et blockchain. Se déclenche avec "smart contract", "Solidity", "audit blockchain", "vulnérabilité smart contract", "reentran — from…
Blockchain smart contract specialist for Solidity, EVM, security patterns, and gas optimizationUse when "smart contract, solidity, ethereum, evm, contract, web3, gas optimization,…
Prüft Smart Factory: vernetzte Maschinen, Roboterzellen, Datenräume, Security, Produktionsstillstand und Haftungsketten.
Assistant de trading automatisé pour l'analyse de marché, la détection de signaux et l'exécution de stratégies techniques (RSI, MA, Support/Résistance).
Programmatic inbox management for Smartlead. Enable/disable warmup with correct ramp settings, set signatures in bulk, tag inboxes (active vs insurance), and pull inbox health…
Exploit remote SMB vulnerabilities for unauthenticated code execution on Windows hosts.
Review a GitHub pull request in read-only mode for material bugs, regressions, missing tests, architecture drift, security/privacy risk, performance risk, and merge blockers.
Use Kopia when an agent needs to create, verify, or restore encrypted incremental snapshots across local, NAS, SFTP, WebDAV, or cloud storage targets.
Security-focused PR review for snarkVM codebase. WHEN: User says "review PR", "audit PR", "security review", "check PR changes", or wants thorough analysis of PR changes for…
Share code snippets and files securely via snipit.sh with AES-256 encryption. Use when sharing code, configs, logs, diffs, or secrets with password protection, burn-after-read, or…
Comprehensive security audit with evidence-based findings. Combines deep pattern knowledge with contextual reasoning to eliminate false positives.
Comprehensive Snowflake development assistant covering SQL best practices, data pipeline design (Dynamic Tables, Streams, Tasks, Snowpipe), Cortex AI functions, Cortex Agents,…
Implement Snowflake governance guardrails with network rules, session policies, authentication policies, and automated compliance checks.
Implement Snowflake reliability patterns: replication, failover, Time Travel recovery, and application-level resilience for Snowflake integrations.
Apply Snowflake security best practices: network policies, key rotation, MFA, encryption, and least-privilege access.
Scan your AI agents, MCP servers, and skills for security vulnerabilities from the command line. Snyk Agent Scan discovers and audits every agent component on your machine —…
Compliance expert for snyk-agent-scan — the agent skill file scanner — NOT for other Snyk CLI tools (snyk test, snyk code SAST, snyk iac, snyk container).
Snyk Agent Scan automatically discovers and scans AI agent components including MCP servers, agent skills, and agent harnesses for security vulnerabilities like prompt injections,…
Scans Docker and OCI container images for OS and application vulnerabilities using Snyk Container API.
Scans Docker images for OS and application vulnerabilities using the Snyk Container API. Generates fix PRs with upgraded base images and patched dependency versions.
Audits npm, pip, and Go module dependencies using the Snyk CLI and REST API. Generates SBOM reports and auto-patches known CVEs with version-pinned upgrade recommendations.
Performs deep dependency analysis using the Snyk CLI and REST API to detect vulnerable transitive packages. Generates fix PRs with version pinning and patch recommendations.
Uses Snyk REST API v1 to scan project dependencies for known CVEs and license compliance issues. Integrates with Snyk Test endpoint for real-time SBOM analysis and generates…
Guide pour analyste SOC — triage d'alertes, investigation, SIEM, indicateurs de compromission et playbooks de réponse.
Use when composing an SoC from peripherals and a bus fabric, or when generating device trees, ACPI tables, docs, or pin lists from a hardware description and they keep drifting…
SOC 2 Type II readiness assessment against all five Trust Service Criteria. Evaluates Security controls (CC6/CC7 -- RBAC, access provisioning/removal, network segmentation, TLS…
Soc2 Compliance Checker - Auto-activating skill for Security Advanced. Triggers on: soc2 compliance checker, soc2 compliance checker Part of the Security Advanced skill c — from…
SOC 2 Type I and Type II compliance management. Use when conducting SOC 2 readiness assessments, performing gap analysis against Trust Services Criteria, collecting audit…
When the user needs to prepare for SOC 2, build a compliance roadmap, assess security posture, quantify security risk, or says "we need SOC 2", "security audit", "complia — from…
Guides SOC 2 Type II Privacy Trust Services Criteria preparation and audit execution. Covers AICPA TSP Section 100 Privacy criteria P1-P8 including notice, choice/consent,…
SOC 2 readiness for Rails apps — the 5 Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy), audit log requirements, access reviews,…
Social engineering testing - phishing, pretexting, vishing, and physical security assessment techniques.
How individuals think about, influence, and relate to one another. Covers conformity (Asch line experiments, informational vs.
Use when targeting 《社会保障评论》(Social Security Studies) or deciding whether a Chinese social-science/econ/management manuscript fits this journal.
Prüft Software-IP, OSS, Datenschutz, Security, Verträge, Kundenlizenzen, Mitarbeiter/Freelancer und technische Schulden im Deal.
Project CodeGuard-based secure-by-default coding rules (23 rule files spanning injection, authentication/MFA, cryptography, secrets, authorization, sessions, cloud/Kubernetes,…
Operate the Solana Attestation Service verification layer vendored under /attestation — create credentials, generate schemas, issue attestations for skills/agents/plugins, verify…
Use when user asks to "build a Solana dapp", "write an Anchor program", "create a token", "debug Solana errors", "set up wallet connection", "test my Solana program", "deploy to…
Audit Solana programs (Anchor or native Rust) for security vulnerabilities. Use when reviewing smart contract security, finding exploits, analyzing attack vectors, performing…
Scans Solana programs for 6 critical vulnerabilities including arbitrary CPI, improper PDA validation, missing signer/ownership checks, and sysvar spoofing.