Use when creating or editing files in pkg/migration/. Covers cross-DB type safety across MySQL/PostgreSQL/SQLite, DDL error handling, time-column conventions, and path…
Use dogsheep/github-to-sqlite when an agent needs a local, queryable snapshot of GitHub activity instead of bouncing through the web UI or ad hoc API calls.
OWASP Machine Learning Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in machine learning systems.
Run a complete mobile app pre-launch verification — chains performance audit, QA testing, OWASP mobile security review, App Store and Play Store compliance checks, and store…
Mobile application security skill for implementing OWASP MASVS compliance, secure storage, certificate pinning, biometric authentication, and security hardening across iOS and…
Audit mobile apps against OWASP Mobile Top 10 (M1-M10): credential hardcoding, supply chain dependencies, insecure auth/token storage (Keychain/Keystore), input validation (deep…
OWASP Mobile Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in mobile application environments.
Performs a comprehensive security review of code changes in a GitHub PR or issue. Checks out the branch, analyzes changed files against a 9-category security checklist, and…
Configure and audit Salesforce network security controls — trusted IP ranges (org-wide Network Access), login IP ranges on profiles, CSP Trusted Sites for Lightning components,…
Use when adding authentication and authorization to a Node.js service, hardening its HTTP surface, or running an OWASP-style security review after the service scaffold exists and…
Set up RAG pipelines, vector indexing, document ingestion, ChromaDB/FAISS/SQLite-vec search, and knowledge base creation in NodeTool.
Skill para produzir uma plataforma de pesquisa NPS com PHP Slim, SQLite, HTMX, VanJS e Squeleton.dev, incluindo home showcase, admin completo, widget embed e gatilhos de exibição.
Initialise le projet Nudge de zéro avec Expo, expo-router, TypeScript, NativeWind, Drizzle ORM, expo-sqlite, et configure WebStorm pour un confort optimal.
Use when building NuxtHub v0.10.6 applications - provides database (Drizzle ORM with sqlite/postgresql/mysql), KV storage, blob storage, and cache APIs.
Implement secure Obsidian plugin development practices. Covers credential storage, input validation, XSS prevention, network security, URI handler safety, and Electron security.
Business logic vulnerability testing for web/mobile/API engagements. Covers workflow bypass, state machine violations, multi-step process abuse, price/quantity/discount…
Penetration test and red team report writing methodology. Covers executive summary structuring (risk-led narrative for non-technical readers), technical finding format (title,…
SQL injection testing skill for offensive security assessments and bug bounty hunting. Covers error-based, UNION-based, boolean/time-based blind, out-of-band, second-order, NoSQL,…
Quality assurance specialist for security, performance, accessibility, comprehensive testing, and quality standard alignment.
Offline, zero-API-key search over the full OpenAlex academic corpus — 284M+ works, abstracts, authors, DOIs in a local SQLite + FTS5 index.
OWASP Open Source Software Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in open source software dependencies.
Authenticates to Microsoft Graph API using MSAL with Mail.ReadWrite and Calendars.ReadWrite permissions.
Systematic audit against the OWASP 2021 Top 10 web application security risks with severity-rated, file-level findings.
OWASP API Security Top 10 testing patterns, injection payloads, auth bypass vectors, and security test generation for REST APIs.
Vérifie un projet contre le OWASP Top 10 et propose des remédiations. À utiliser pour vérifier la conformité OWASP.
Use when performing security audits, vulnerability assessments, or compliance checks on Flutter or mobile applications.
Use when reviewing code for security vulnerabilities, implementing authentication/authorization, handling user input, or discussing web application security.
Provides comprehensive security standards and checklists based on OWASP Top 10:2025. Includes language-specific secure coding patterns for 20+ languages, guidance on Agentic AI…
Automated OWASP Top 10 vulnerability detection and assessment. Run OWASP ZAP automated scans, detect injection vulnerabilities, identify broken authentication patterns, check for…
Runs OWASP ZAP active security scans via the ZAP API daemon with custom scan policies. Generates SARIF reports compatible with GitHub Advanced Security code scanning alerts.
Automates REST API security testing using the OWASP ZAP Python SDK. Runs active scans, SQL injection probes, and XSS tests against OpenAPI specs with structured vulnerability…
Orchestrates OWASP ZAP active and passive scans against REST and GraphQL endpoints using ZAP's Python API client.
Automates OWASP ZAP scans against REST APIs using the ZAP Python API client. Imports OpenAPI/Swagger specs for targeted scanning and generates SARIF-format reports for GitHub…
Runs automated DAST scans against REST and GraphQL APIs using OWASP ZAP daemon API. Detects injection flaws, broken auth, and CORS misconfigurations with detailed remediation…
Runs automated penetration tests using OWASP ZAP API with spider crawling, active scanning, and AJAX-aware testing.
Runs OWASP ZAP active and passive scans against target URLs using the ZAP Docker API. Parses JSON reports to flag XSS, SQLi, and CSRF vulnerabilities with severity scoring.
Orchestrates OWASP ZAP active and passive scans via the ZAP API, automating spider crawls, AJAX spidering with Selenium, and generating SARIF-format vulnerability reports.
OWASP ZAP Scanner is built around OWASP security tooling ecosystem. The underlying ecosystem is represented by zaproxy/zaproxy (14,896+ GitHub stars).
Integrates the OWASP ZAP API to run automated DAST scans against web applications. Parses ZAP JSON reports, triages alerts by CVSS severity, and generates remediation tickets via…
Deep integration with OWASP ZAP for automated security scanning, vulnerability detection, and API security testing.
Wraps OWASP ZAP API for automated web application security testing including active scan, spider crawl, and ajax spider endpoints.
Automates OWASP ZAP active and passive scanning against web applications, parsing alerts into structured vulnerability reports.
Isolated agent runtime for code execution, live preview URLs, browser automation, 50+ tools (ffmpeg, sqlite, pandoc, imagemagick), LLM inference, and persistent memory — all via…
Path Traversal Finder - Auto-activating skill for Security Fundamentals. Triggers on: path traversal finder, path traversal finder Part of the Security Fundamentals skill category.
Uses Postman to perform structured API security testing by building collections that test for OWASP API Security
Detect and exploit blind Server-Side Request Forgery vulnerabilities using out-of-band techniques, DNS interactions,
Testing web applications for clickjacking vulnerabilities by assessing frame embedding controls and crafting
Testing web applications for Cross-Site Request Forgery vulnerabilities by crafting forged requests that exploit
Assessing GraphQL API endpoints for introspection leaks, injection attacks, authorization flaws, and denial-of-service
Detect and exploit second-order SQL injection vulnerabilities where malicious input is stored in a database and
Test automate security vulnerability testing covering OWASP Top 10, SQL injection, XSS, CSRF, and authentication issues.
Perform forensic analysis of SQLite databases to recover deleted records from freelists and WAL files, decode
Test for Server-Side Request Forgery vulnerabilities by probing cloud metadata endpoints, internal network services,
Use OWASP Threat Dragon to create data flow diagrams, identify threats using STRIDE and LINDDUN methodologies,
Bypass Web Application Firewall protections using encoding techniques, HTTP method manipulation, parameter pollution,
Performs systematic security testing of web applications following the OWASP Web Security Testing Guide (WSTG)
Triage web application vulnerability findings from DAST/SAST scanners using OWASP risk rating methodology to
Execute web cache deception attacks by exploiting path normalization discrepancies between CDN caching layers
Exploiting web cache mechanisms to serve malicious content to other users by poisoning cached responses through
中文优先:用于Perl安全相关任务,帮助识别、设计、实现或验证对应工作流。English keywords: Comprehensive Perl security covering taint mode, input validation, safe process execution, DBI parameterized queries, web…