보안 강화(Security Hardening) 컨벤션 참조 스킬. 입력 검증, SQL injection 방지, XSS 방지, 암호화, 권한 관리 등 프로덕션 배포 전 필수 보안 조치를 제공한다.
Perform a security audit based on OWASP. Use when the user wants to verify security, look for vulnerabilities, or before a production deployment.
Bandit 보안 검사 설정 및 관리 스킬. pyproject.toml에 Bandit 설정을 구성하고 보안 취약점을 탐지한다. OWASP, CWE 기반의 보안 검사 환경을 구축한다.
Validates SQLite-WAL database configuration and migration discipline for <
>. Checks WAL mode, foreign-key enforcement, migration tracking, and migration file…
Use when working with SQLite databases in Bun. Covers Bun's built-in SQLite driver, database operations, prepared statements, and transactions with high performance.
Helpt bij het implementeren van LLM-specifieke beveiligingscontrols voor overheidstoepassingen, gebaseerd op de OWASP LLM Top 10, BIO2, NIS2 en AVG.
Comprehensive security audits identifying vulnerabilities, misconfigurations, and best-practice violations across applications, APIs, infrastructure, and data pipelines.
Use when auditing a Rails app for SQL injection, XSS, CSRF, mass-assignment, or Gemfile.lock CVEs, or when reviewing only NEW security regressions in a PR vs base branch.
Auditoría de seguridad OWASP Top 10. Usar para revisar código en busca de vulnerabilidades, validar autenticación/autorización, analizar input sanitization, detectar SQL…
Provides web vulnerability testing methodology distilled from 88,636 real-world cases from the WooYun vulnerability database (2010-2016).
Auditoria de seguranca, qualidade e conformidade. OWASP Top 10, secrets scan, dependency audit. Use antes de deploy.
Run the OWASP-aligned agentic security review path — covers goal hijacking, tool misuse, excessive agency, memory poisoning, secrets exposure, handoff failures, and observability.
Security audit checklist based on OWASP Top 10 and best practices. Covers authentication, injection, XSS, CSRF, secrets management, and more.
Use when: billing audit, subscription lifecycle review, Stripe/Paddle integration check, webhook security, payment form CSRF, pricing centralization, webhook idempotency, billing…
Probe a site's authentication flow for redirect leaks, missing CSRF, weak session cookies, and OAuth misconfiguration; produces an auth findings.md
Captures a validated learning into the Memory Graph (SQLite). Invoke when: a bug is resolved non-obviously, a pattern is discovered, the user corrects a mistake, or a solution…
Flutter development skill for Miqotul Khoir TV (MKT) project. Use for: implementing new Flutter features, fixing UI bugs, modifying widgets, creating Cubit state management,…
Formats all confirmed pentest findings from findings.json into copy-pasteable GitHub issue markdown blocks, following the AppSec reporting guide template.
Reviews or implements Spring Security configuration — JWT authentication, OAuth2, method-level security, CORS, and CSRF.
Quick OWASP security scan for injection risks, hardcoded secrets, weak crypto, and Spring Security misconfigs.
OpenAI Agents SDK (Python) development. Use when building AI agents, multi-agent handoffs, function tools, guardrails, sessions, streaming, or tracing with the `openai-agents` /…
Run a full security-in-depth audit including OWASP Top 10, dependency analysis, and defense-in-depth review. Use for security audit, pentest review, or vulnerability assessment.
Proactive secure-coding coach scoped to the file or topic you are working on — surfaces relevant SAST rule IDs, CWE patterns, language-specific PASS/FAIL code snippets.
Web application security testing with Burp Suite integration
Chief Security Officer mode. Infrastructure-first security audit: secrets archaeology, dependency supply chain, CI/CD pipeline security, LLM/AI security, skill supply chain…
SQLite-based project documentation logger for tracking API references, components, and project progress.
Use when you need to design, review, or improve security in Spring Boot applications — including SecurityFilterChain, OAuth2/JWT resource server patterns, form login basics,…
Protect your SaaS app from common vulnerabilities. Use when building auth, handling user data, or deploying features.
Use when you need to design, review, or improve security in Micronaut applications — including micronaut-security authentication, @Secured and intercept-url-map rules, JWT/session…
Security audit: OWASP Top 10, multi-tenancy, injection, auth, XSS, dependencies.
Coleta e consulta dados de leiloeiros oficiais de todas as 27 Juntas Comerciais do Brasil. Scraper multi-UF, banco SQLite, API FastAPI e exportacao CSV/JSON.
MCP Agent Mail - Mail-like coordination layer for multi-agent workflows. Identities, inbox/outbox, file reservations, contact policies, threaded messaging, pre-commit guard, Human…
OWASP Agentic Security Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in AI agent systems.
Author, edit, and lint `governance:` blocks in `*.eval.yaml` files. Use when creating or updating evaluation suites that carry AI-governance metadata (OWASP LLM Top 10, OWASP…
Enterprise AI security - OWASP LLM Top 10, prompt injection defense, guardrails, PII protection
Ad hoc SQL analytics on local parquet, CSV, Excel, JSON, Avro, or SQLite files — auto-triggers on data analysis requests
Parses API Gateway access logs (AWS API Gateway, Kong, Nginx) to detect BOLA/IDOR attacks, rate limit bypass,
AndroidアプリのセキュリティレビューをOWASP Mobile Top 10 2024およびMASVS (Mobile Application Security Verification Standard) の観点で実施し、Markdownレポートを生成する。 Use when: (1) Androidアプリのセキュリティ監査/レビュー依頼時 (2)…
Coleta e consulta dados de leiloeiros oficiais de todas as 27 Juntas Comerciais do Brasil. Scraper multi-UF, banco SQLite, API FastAPI e exportacao CSV/JSON.
Anyquery is a SQL query engine that lets you run SQL against 40+ apps, files, and databases including GitHub, Notion, Chrome, and Apple Notes.
IHK Fachinformatiker AP1 Training-Tracker mit 280 Fragen in SQLite-Datenbank. 50 Subnetting-Fragen, interaktives Training, automatische Statistiken.
Automated API security testing starting from domains. Discovers REST, GraphQL, and SOAP APIs, reconstructs schemas, and tests for BOLA/IDOR, BFLA, mass assignment, JWT attacks,…
Generate complete FastAPI backend scaffolds from OpenAPI 3.x specifications. Automatically creates SQLAlchemy models, Pydantic schemas, FastAPI routers, CRUD operations, database…
Domain specialist for API design, development, and best practices. Scope: RESTful API design, GraphQL, API documentation, authentication, authorization, rate limiting, CORS, error…
API security hardening patterns. Use when implementing rate limiting, input validation, CORS configuration, API key management, request throttling, or protecting endpoints from…
Durcissement de la sécurité des APIs — rate limiting, validation d'entrée, headers de sécurité, CORS, protection contre les attaques courantes.
REST API security hardening with authentication, rate limiting, input validation, security headers. Use for production APIs, security audits, defense-in-depth, or encountering…
Designs and documents authentication, authorization, and security patterns for any API. Use whenever the user asks about OAuth 2.0, JWT, API keys, RBAC, ABAC, rate limiting for…
API specification linting and security validation using Stoplight's Spectral with support for OpenAPI, AsyncAPI, and Arazzo specifications.
Export and convert Apple Notes to Markdown, JSON, HTML, and SQLite. Use when backing up notes, exporting to other apps, converting HTML to Markdown, or building searchable note…
Secure applications against common vulnerabilities. Use when reviewing code for security, implementing security controls, or hardening applications. Covers OWASP Top 10.
Skills para trabalho de AppSec defensivo ponta-a-ponta. Inclui intake, threat modeling, code review, testes de seguranca, correcoes e entrega de relatorios.
Elite Application Security engineer specializing in secure SDLC, OWASP Top 10 2025, SAST/DAST/SCA integration, threat modeling (STRIDE), and vulnerability remediation.
Sinh TOML semantic index cho ảnh/video raw để các skill phía sau map vào kịch bản. Ưu tiên đọc từ asset-index SQLite vector DB (mỗi file gọi Gemini đúng 1 lần trong toàn bộ…
Audit, tái cấu trúc và sửa lỗi AssetCore — kiểm tra production-readiness toàn module (BE 3-tier, FE views, workflow, fixtures, tests, docs, permissions, audit trail), đồng thời…
OWASP ASVS 5.0 requirements database for security audits. Provides chapter structure, control objectives, and verification requirements for all 17 ASVS domains.
Looks up OWASP Top 10 attack methods, CWE references, and form-specific vulnerability patterns with a bounty hunter mindset.
Shared audit integrity framework for all AppSec agents — enforces output quality, intellectual honesty, and continuous improvement through anti-rationalization guards,…
Quick security audit checking for hardcoded secrets, SSRF vectors, injection points, dependency issues, and missing security headers
Sonnet Amplified fullstack engine. 34 modes, SEC-01~15 OWASP security, 13 runtime hooks, 75% token reduction. Install: npx @smorky85/aurakit