Penetration testing, OWASP scanning, CVE triage, cloud-config audits, threat modeling, and bug-bounty workflows. Skills that wrap industry scanners so one prompt yields a structured findings report.
Related searches: claude code skills for security engineers, AI security engineering skills, claude penetration testing skills, claude code OWASP scanner skills.
Comprehensive security vulnerability analysis for codebases and infrastructure. Scans dependencies (npm, pip, gem, go, cargo), containers (Docker, Kubernetes), cloud IaC (Terraform, CloudFormation), a
security
Comprehensive security auditing framework for LLM applications covering OWASP Top 10 for LLMs, threat modeling, penetration testing, and compliance with NIST AI RMF and ISO 42001Use when "security aud
security
Use this skill when conducting authorized penetration tests, vulnerability assessments, or security audits within proper engagement scope. Triggers on pentest methodology, vulnerability scanning, OWAS
engineering
Security forensics for git repos, AI skills, and MCP servers. Audits dependencies, detects prompt injection, credential theft, runtime dynamism, manifest drift, known CVEs, CISA KEV (actively exploite
security
OWASP ZAP/Burp Suite/Nuclei integration, penetration test planning, DAST execution, and vulnerability scanning. For dynamic security testing, pentesting, or runtime vulnerability validation. Complemen
security
Application security agent that audits code for OWASP Top 10 vulnerabilities, hardcoded secrets, and common security flaws. Triggers on: security audit, vulnerability scan, OWASP check, security revie
security
Conducts comprehensive security code reviews including vulnerability detection (OWASP Top 10, CWE), authentication/authorization flaws, injection attacks, cryptography issues, sensitive data exposure,
security
Comprehensive security audits identifying vulnerabilities, misconfigurations, and best-practice violations across applications, APIs, infrastructure, and data pipelines. Use for OWASP Top 10 reviews,
security
This skill enables automated penetration testing of web applications. It uses the penetration-tester plugin to identify vulnerabilities, including OWASP Top 10 threats, and suggests exploitation techn
engineering
Run a full security-in-depth audit including OWASP Top 10, dependency analysis, and defense-in-depth review. Use for security audit, pentest review, or vulnerability assessment.
security
Daily threat-intel digest — AI-discovered vulnerabilities, AI-in-the-wild exploitation observations, AI-authored malware families, exploit-trends rollup, vendor-trends month-over-month deltas. Use whe
security
Complete bug bounty workflow — recon (subdomain enumeration, asset discovery, fingerprinting, HackerOne scope, source code audit), pre-hunt learning (disclosed reports, tech stack research, mind maps,
security
Expert CIS Controls v8 (CIS Top 18) advisor — implementation group scoping (IG1/IG2/IG3), control gap assessments, safeguard-level guidance, asset inventory, software inventory, data protection, secur
security
Comprehensive container security guidance including vulnerability scanning with Trivy, image hardening, secrets management, and CIS benchmark compliance. Activates when working with "container securit
security
Fast, template-based vulnerability scanning using ProjectDiscovery's Nuclei with extensive community templates covering CVEs, OWASP Top 10, misconfigurations, and security issues across web applicatio
security
Security hardening superbrain — CWE Top 25, STRIDE threat modeling, Electron hardening, encryption, dependency audits, OWASP compliance
security
Security review for Go applications: input validation, SQL injection, authentication/authorization, secrets management, TLS, OWASP Top 10, and secure coding patterns. Use when performing security revi
security
Checks outdated packages, unused deps, reinvented wheels, CVE/CVSS vulnerability scan. Use when auditing dependencies. — from security/appsec-tools
security
· Handle authorized privesc, CTFs, post-exploitation on Linux, containers, K8s. Triggers: 'privesc', 'CTF', 'pentest', 'post-exploitation', 'container escape', 'SUID', 'GTFOBins'. Not for hardening (u
security
Perform comprehensive security audits on Node.js, JavaScript, and TypeScript codebases. Scans source code for OWASP Top 10 vulnerabilities, insecure patterns, dependency risks, and generates a priorit
security
PCI DSS v4.0 compliance audit for payment-handling codebases. Scans for PAN patterns (Visa, Mastercard, Amex, Discover), CVV storage violations, and track data retention. Audits all 12 requirements: n
engineering
Provide a comprehensive command reference for penetration testing tools including network scanning, exploitation, password cracking, and web application testing. Enable quick command lookup during sec
security
Software Composition Analysis (SCA) and container vulnerability scanning using Aqua Trivy for identifying CVE vulnerabilities in dependencies, container images, IaC misconfigurations, and license comp
security
Full-stack security posture assessment with 0-100 risk scoring. Scans dependency vulnerabilities (npm audit, pip-audit, cargo audit, govulncheck), dangerous code patterns (SQL injection, eval, command
security
Comprehensive security auditing workflow covering web application testing, API security, penetration testing, vulnerability scanning, and security hardening. — from DROOdotFOO/agent-skills
security
Comprehensive security auditing workflow covering web application testing, API security, penetration testing, vulnerability scanning, and security hardening. — from bg-szy/TOP-SKILLS
security
Use when the user asks to perform security audits, penetration testing, vulnerability scanning, OWASP Top 10 checks, or offensive security assessments. Covers static analysis, dependency scanning, sec
security
Team Mode security research skill. Orchestrates 3 vulnerability hunters and 2 PoC engineers to audit a codebase in parallel, prove exploitability, classify root causes, and calibrate severity by actua
security
Autonomous security vulnerability scanner for codebases. Detects secrets, XSS, missing security headers, auth issues, OWASP Top 10 patterns, dependency vulnerabilities, PII exposure, CORS misconfigura
security
Automated web application vulnerability scanner and exploit generator starting from domains or URLs. Tests for SQLi, XSS, SSRF, IDOR, SSTI, authentication bypass, file upload bypass, and race conditio
security
SKILL.md files, not affiliated with, endorsed by, or sponsored by Anthropic.