Provides patterns for unit testing Spring Security with `@PreAuthorize`, `@Secured`, `@RolesAllowed`. Validates role-based access control and authorization policies.
Prüft die Einhaltung der Preisangabenverordnung 2022 (PAngV) bei Gesamtpreisen, Grundpreisen, Streichpreisen und Versandkosten, insbesondere die 30-Tage-Niedrigstpreisreg — from…
Deletes or archives secrets in 1Password using the op CLI. Use when the user needs to permanently remove items, archive deprecated credentials, or clean up unused secrets from…
Audit toolkit health, freshness, security, standards. Keywords: updater, audit, outdated, stale, security, OWASP, refresh, check links, standards, compliance
Rebuilds self-extracting stub binaries after triggering curl update. Bumps stubs/binpress/node-smol caches. Use when stub binaries need refresh or after curl security patches.
Markiert Upstream Loan, Upstream Security, Upstream Guarantee, Financial Assistance, Kapitalerhaltung, Corporate Benefit und Organpflichten.
Submit URLs for automated malware and phishing analysis, then retrieve safety verdicts and screenshots via urlscan.io
California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) expert. Deep knowledge of California Civil Code §1798.100 et seq., CPRA-amended applicabil — from…
US Export Controls expert covering ITAR and EAR. Provides comprehensive guidance on defense articles (USML), dual-use commercial items (CCL), jurisdiction determination, FIPS…
FINRA Broker-Dealer Cybersecurity Guidance expert. Stub-depth framework plugin that routes to the SCF crosswalk.
HIPAA Security Rule expert for US healthcare compliance. Deep knowledge of 45 CFR Part 164 Subpart C, Administrative/Physical/Technical Safeguards, Required vs Addressable…
Sarbanes-Oxley Act of 2002 (SOX) expert for ICFR-relevant IT and security work. Deep knowledge of 15 U.S.C.
Use when targeting USENIX Security Symposium (USENIX Security) or deciding whether a computer-science manuscript fits this venue.
Configura el perfil del usuario y establece reglas de interacción para el agente. USA esta skill cuando el usuario mencione 'configurar', 'setup', 'perfil', 'reglas', o cuando el…
Dual-mode skill for github.com/LerianStudio/lib-commons v5, Lerian's shared Go library — the non-observability surface.
Dual-mode skill for github.com/LerianStudio/lib-observability v1.0.0, Lerian's OpenTelemetry foundation.
Use at the start of any session — establishes the cognitive contract that pandastack skills must be checked BEFORE any response or action, including clarifying questions.
Use when the user wants to run ad-hoc SQL against a database from the shell - postgres, mysql, sqlite, mssql, oracle, snowflake, bigquery, redshift, cockroachdb, clickhouse,…
usql is a universal command-line interface for SQL databases including PostgreSQL, MySQL, SQLite, Oracle, SQL Server, and dozens more.
Prepare Kubernetes environment infrastructure by generating K8s manifests for all 3rd party supporting applications for a single target environment defined in CLAUDE.md.
Use after execute to attack the change and demonstrate how it's broken. Default stance — the change is broken; prove and demonstrate it.
Review UI/UX for Safe OpenSig, a verification tool that helps enterprise Safe signers eliminate blind signing by showing the real intent of transactions through simulation before…
Complete security architecture overhaul for claude-flow v3. Addresses critical CVEs (CVE-1, CVE-2, CVE-3) and implements secure-by-default patterns.
Complete security architecture overhaul for claude-flow v3. Addresses critical CVEs (CVE-1, CVE-2, CVE-3) and implements secure-by-default patterns.
15-agent hierarchical mesh coordination for v3 implementation. Orchestrates parallel execution across security, core, and integration domains following 10 ADRs with 14-week…
Checks if a POC provided by some JS and d8 flags is a vulnerability or just a regular bug.
Guides the initial analysis and impact assessment of a V8 security report, strictly excluding implementation or fixing.
Validate that a branch or pull request implementation matches introduced product, technical, security, and related specs.
Deployment validation pipeline — 4 fasi (static, security, smoke, score). Valida un deploy Vercel (preview o production) con TypeScript, ESLint, Jest coverage su file toccati,…
Validate a brand profile end-to-end — required fields, voice/audience completeness, connector reachability, credentials health, and compliance prerequisites — without exposing…
Audit an existing Sim webhook trigger against the service's webhook API docs and repository conventions, then report and fix issues across trigger definitions, provider handler,…
Validate authentication mechanisms for security weaknesses and compliance. Use when reviewing login systems or auth flows.
Validate backup integrity through cryptographic hash verification, automated restore testing, corruption detection,
Validate CORS policies for security issues and misconfigurations. Use when reviewing cross-origin resource sharing.
Validate CSRF protection implementations for security gaps. Use when reviewing form security or state-changing operations.
API de Variações de Produtos da Tray. Utilize quando o desenvolvedor precisar gerenciar variantes de produtos (SKUs) como diferentes tamanhos, cores ou modelos.
Find similar vulnerabilities and bugs across codebases using pattern-based analysis. Use when hunting bug variants, building CodeQL/Semgrep queries, analyzing security…
Systematically hunt for every variant of a discovered vulnerability across the entire codebase. Use when a bug is found and all instances of the same root cause pattern must be…
Find similar vulnerabilities across a codebase after discovering one instance. Uses pattern matching, AST search, Semgrep/CodeQL queries, and manual tracing to propagate findings.
Secure environment variable management with Varlock. Use when handling secrets, API keys, credentials, or any sensitive configuration.
Manage training data and model artifacts securely on Vast.ai GPU instances. Use when transferring data to instances, managing checkpoints, or implementing secure data lifecycle on…
Apply Vast.ai security best practices for API keys and instance access. Use when securing API keys, hardening SSH access to GPU instances, or auditing Vast.ai security…
Manages secret lifecycle through the HashiCorp Vault HTTP API v1. Rotates database credentials via Vault dynamic secrets engine and syncs to Kubernetes via External Secrets…
Verifies encryption workflows with HashiCorp Vault Transit endpoints like `/encrypt`, `/decrypt`, and `/rewrap`, plus key metadata inspection.
Use when scanning code for security vulnerabilities. Use when user says "scan security", "kiểm tra bảo mật", "security audit", "review security", or invokes `/vbs-scan-security`.
Inject VCP security and architecture standards into context. Run this at session start or after context compaction so the AI internalizes rules while writing code.
Mutation-driven test vector generation. Finds implementations of a cryptographic algorithm or protocol, runs mutation testing to identify escaped mutants, then generates new test…
Renders canned Vectra AI dashboard reports via the Python channel. The user must explicitly name a report from the catalog — active connections, C2 beacon report, DNS error rate,…
Veeva Vault security basics for REST API and clinical operations. Use when working with Veeva Vault document management and CRM. Trigger: "veeva security basics".
Use when the user wants to inspect company or customer data that lives behind Velen, resolve org or source context, validate or execute ad hoc read-only SQL against a…
Review Vellum Assistant code changes for correctness, repo-specific quality rules, security risks, and missing validation.
Vendasta integration. Manage data, records, and automate workflows. Use when the user wants to interact with Vendasta data.
Conducts comprehensive vendor security assessments. Evaluates vendor security posture, identifies risks, and generates assessment reports with recommendations.
Framework for assessing IT service providers, technology vendors, and third-party partners. Creates structured risk assessments across financial, operational, compliance,…
Analyze vendor management systems for performance scorecards, third-party risk assessment, SLA enforcement, vendor rationalization, and relationship governance.
Drafts a Vendor Security Assessment Questionnaire evaluating third-party cybersecurity posture, data handling, and regulatory compliance.
Use Venice as a pay-per-call JSON-RPC proxy to 20+ EVM and Starknet networks. Covers GET /crypto/rpc/networks, POST /crypto/rpc/{network}, the 1×/2×/4× method-tier pricin — from…
Use Venice as a pay-per-call JSON-RPC proxy to 20+ EVM and Starknet networks. Covers GET /crypto/rpc/networks, POST /crypto/rpc/{network}, the 1×/2×/4× method-tier pricin — from…
Entscheidungsbaum durch alle acht verbotenen Praktiken nach Art. 5 KI-VO: subliminale Techniken Vulnerabilitaetsausnutzung Social Scoring Predictive Policing Untargeted Scraping…
Apply Vercel security best practices for secrets, headers, and access control. Use when securing API keys, configuring security headers, or auditing Vercel security configuration.