Expert en sécurité applicative pour détecter les vulnérabilités, auditer le code, et guider les bonnes pratiques de sécurité.
Expert en sécurité applicative pour détecter les vulnérabilités, auditer le code, et guider les bonnes pratiques de sécurité.
PreToolUse security-anti-pattern hook for Claude Code. Catches 12 common security risks (command injection, XSS, SQL injection, unsafe deserialization, GitHub Actions workflow…
Security headers and hardening for Next.js — CSP, CORS, rate limiting, CSRF protection, input sanitization, secrets management.
Security patterns and OWASP guidelines. Triggers on: security review, OWASP, XSS, SQL injection, CSRF, authentication, authorization, secrets management, input validation, secure…
Use when the user asks to perform security audits, penetration testing, vulnerability scanning, OWASP Top 10 checks, or offensive security assessments.
Security vulnerability assessment identifying OWASP risks, injection vectors, authentication issues, and data exposure with severity classification.
Security anti-patterns — localStorage token storage (XSS risk), trusting client-side authorization checks, reflecting full error details to clients, blacklist vs whitelist input…
Scan the codebase for security vulnerabilities based on the OWASP Top 10. Use when the user asks to audit security, find vulnerabilities, check for security issues, or says…
Schneller Security-Scan der Speicher Analyse Tauri-App (React + TypeScript Frontend). Prüft Command Injection, XSS, Path Traversal und Tauri-Sicherheitskonfiguration.
Use when working with authentication, API routes, user input, or sensitive data. Audits code for security vulnerabilities based on OWASP Top 10.
Repository-grounded threat modeling that enumerates trust boundaries, assets, attacker capabilities, abuse paths, and mitigations, and writes a concise Markdown threat model.
نظام إدارة واكتشاف ومعالجة الثغرات الأمنية. استخدم هذا الـ skill عند: فحص الثغرات، إدارة نقاط الضعف، اختبار الاختراق، تقييم المخاطر الأمنية، OWASP compliance، إدارة الأحداث…
Autonomously detect and fix broken dependencies, missing packages, Docker issues, Playwright, WhatsApp auth, TypeScript build failures, and SQLite corruption.
Guidelines for developing with Sequelize, a promise-based Node.js ORM supporting PostgreSQL, MySQL, MariaDB, SQLite, and SQL Server
OWASP Serverless Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in serverless application environments.
Проводит глубокий QA-аудит спецификации на основе стандартов ISTQB, BABOK и OWASP. Выявляет не только архитектурные дыры, но и логические противоречия между Требованиями, Схемой…
Sport- und Fitness-Tracking mit P90X, Fahrrad, Wandern, Laufen. SQLite-basiert mit automatischem Komoot-Import, Berichten (Woche, Monat), Emoji-Visualisierung, Kalorien-Berechnung…
Use when reviewing or hardening authentication and authorization in a Spring Boot service that uses Spring Security, JWT, OAuth2, sessions, refresh tokens, or service-to-service…
中文优先:用于Spring Boot安全相关任务,帮助识别、设计、实现或验证对应工作流。English keywords: Spring Security best practices for authn/authz, validation, CSRF, secrets, headers, rate limiting, and dependency…
Expert SQL query writing, optimization, and database schema design with support for PostgreSQL, MySQL, SQLite, and SQL Server.
Sql Injection Detector - Auto-activating skill for Security Fundamentals. Triggers on: sql injection detector, sql injection detector Part of the Security Fundamentals skill…
Prévenir les injections SQL. Utiliser quand on vérifie qu'une requête utilise db.all(sql, [params]) correctement.
Execute comprehensive SQL injection vulnerability assessments on web applications to identify database security flaws, demonstrate exploitation techniques, and validate input…
Query, design, migrate, and optimize SQL databases. Use when working with SQLite, PostgreSQL, or MySQL — schema design, writing queries, creating migrations, indexing,…
SQLite - embedded database, SQL queries, schema design, Python integration, optimization
SQLite Analyst is built around SQLite embedded database. The underlying ecosystem is represented by WiseLibs/better-sqlite3 (7,041+ GitHub stars).
SQLite expert for WAL mode, query optimization, embedded patterns, and advanced features
Guide pour écrire des requêtes SQL et concevoir des schémas SQLite avec les bonnes pratiques. À utiliser quand l'utilisateur travaille avec SQLite, écrit des requêtes SQL ou…
Patterns for SQLite databases in Python projects - state management, caching, and async operations. Triggers on: sqlite, sqlite3, aiosqlite, local database, database schema,…
Design or review schemas for `crates/cloudsync` using SQLite Sync constraints, not generic SQLite advice.
sqlite-utils is a Python CLI utility and library by Simon Willison for manipulating SQLite databases.
sqlite-vec extension for vector similarity search in SQLite. Use when storing embeddings, performing KNN queries, or building semantic search features.
sqlite-vec is a lightweight SQLite extension for vector similarity search. Written in pure C with zero dependencies, it runs anywhere SQLite runs—Linux, macOS, Windows, WASM in…
Use when working with iOS/macOS Keychain Services (SecItem queries, kSecClass, OSStatus errors), biometric authentication (LAContext, Face ID, Touch ID), CryptoKit (AES-GCM,…
Generate synthetic data from scratch through an interactive dialog — ask the user table-by-table about columns, types, foreign keys, and constraints; render the data model as…
[Tier 2 — Non-Functional: Security · ISO 25010] Security test workflow — OWASP Top 10, dependency CVEs, secrets scanning, and auth testing. Run after Tier 1 functional tests pass.
Tests APIs for mass assignment (auto-binding) vulnerabilities where clients can modify object properties they
Systematically assessing REST and GraphQL API endpoints against the OWASP API Security Top 10 risks using automated
Identify and test open redirect vulnerabilities in web applications by analyzing URL redirection parameters,
Test web applications for XML injection vulnerabilities including XXE, XPath injection, and XML entity attacks
Tests web applications for Cross-Site Scripting (XSS) vulnerabilities by injecting JavaScript payloads into
Identifying and validating cross-site scripting vulnerabilities using Burp Suite's scanner, intruder, and repeater
Discovering and exploiting XML External Entity injection vulnerabilities to read server files, perform SSRF,
Provides security review capability for TypeScript/Node.js applications, validates code against XSS, injection, CSRF, JWT/OAuth2 flaws, dependency CVEs, and secrets exposure.
Audit toolkit health, freshness, security, standards. Keywords: updater, audit, outdated, stale, security, OWASP, refresh, check links, standards, compliance
usql is a universal command-line interface for SQL databases including PostgreSQL, MySQL, SQLite, Oracle, SQL Server, and dozens more.
Validate CORS policies for security issues and misconfigurations. Use when reviewing cross-origin resource sharing.
Validate CSRF protection implementations for security gaps. Use when reviewing form security or state-changing operations.
Self-test the maxvision-orchestration plugin after install. Runs five read-only checks (index, cheatsheets, gh auth, jq+sqlite3 in PATH, sample BM25 query) and reports…
Security intelligence for code analysis. Detects SQL injection, XSS, CSRF, authentication issues, crypto failures, and more.
Designing and debugging Visualforce pages: standard/custom controllers, view state management, CSRF and SOQL injection security, PDF rendering, Visualforce email templates.
Realiza auditoria de segurança completa em VPS Linux: análise de portas expostas, configuração SSH, vulnerabilidades em containers Docker, usuários do sistema, permissões, logs de…
Autonomous security vulnerability scanner for codebases. Detects secrets, XSS, missing security headers, auth issues, OWASP Top 10 patterns, dependency vulnerabilities, PII…
Full security audit — secrets, dependencies, IAM, auth, injection, XSS, HTTPS, rate limiting, public storage.
Use when manually monitoring, watching, tracking, or reviewing AI assistant storage, session, transcript, JSONL, or SQLite format drift after official upstream repository,…
OWASP Top 10, security headers, CSP, XSS prevention, and vulnerability prevention.
Expert guidance on identifying and mitigating common web vulnerabilities from a bug hunter's perspective.
Web application security testing workflow for OWASP Top 10 vulnerabilities including injection, XSS, authentication flaws, and access control issues.
OWASP Top 10 for Web Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in web application environments.