5642 Claude Code skills tagged Audit. Browse all behavioural skill type-related skills in the open ClaudSkills registry — free to install, one-click via the desktop app.
Showing top 200 of 5642 skills, ranked by quality score.
Scaffold a project into the current working directory after the tech stack has been picked. Reads context/foundation/tech-stack.md (the hand-off written by /10x-tech-stack-selector
general
Run a health check on an existing project: dependency audit, security scan, test runner detection, CI/CD evaluation, and missing configuration analysis. Maps the three execution ga
security
対応完了したハンドオフを docs/archive/ へ移動するスキル。/audit-handoffs で ✅ 判定が揃ったものを git mv でまとめてアーカイブし、関連ドキュメント(traceability.md・completion-summary.md)からの参照を洗い出す。
general
Use when asked to audit Claude Code config, validate plugin settings, or diagnose plugin issues.
general
Adversarial smart contract security audit. Auto-selects 5-7 specialist agents based on contract features (from a roster of 12). Attacks from every relevant angle: SWC registry, sig
security
Use when asked to detect conflicting requirements or incompatible decisions across open issues.
general
Use when asked to assess loop effectiveness, audit goal achievement, or detect phantom success.
general
Answer Engine Optimization (AEO) audit and SERP analysis for AI-generated answers. Analyzes pages for AEO readiness (structured data, FAQ patterns, heading hierarchy, meta quality)
general
Audit CVE/vulnerability source coverage for a technology stack. Maps each component (container, library, base image, runtime) to authoritative CVE feeds, flags gaps, and produces a
security
Extract design DNA from existing app screenshots or live URLs using Google Stitch. Produces color palettes, typography specs, spacing tokens, and component patterns as design-token
general
Your on-call DevOps assistant — one-click deploy, monitoring setup, scheduled backups, and fault diagnosis. Safety-first design with confirmation prompts, dry-run mode, snapshot ro
engineering
Ověř výsledek nezávislým modelem od jiného providera — Codex (OpenAI), Gemini (Google) nebo Claude Code (Anthropic). Použij na fráze: 'získej druhý názor', 'ověř z jiného modelu',
general
Retroactively audit an executed AI phase's evaluation coverage — scores each eval dimension as COVERED/PARTIAL/MISSING and produces an actionable EVAL-REVIEW.md with remediation pl
general
SEO & GEO content linter — validates Markdown/MDX files for AI search visibility using 92 deterministic rules (35 GEO, 32 SEO, 14 content quality, 8 technical, 3 i18n). Runs an aut
growth
Audit an executed AI phase's evaluation coverage and produce an EVAL-REVIEW.md remediation plan.
general
Audits an Infrahub repository against best practices and rules, producing a structured compliance report. TRIGGER when: reviewing repo for compliance, onboarding to existing projec
security
Plan-vs-implementation deep audit using Agent Teams. Parses a plan file (or inline description), extracts requirements, and summons 4 Inspector Ashes to measure implementation comp
general
Close a tracked ai-task issue on noetl/ai-meta with the landing PR / pointer-bump cited so the trail is auditable.
general
Audits the installed kit against itself: element conformance plus seeded fixtures that prove the safety hooks actually fire, emitting a claim-by-claim PASS/FAIL scorecard with raw
general
Read-only AWS account hygiene audit — security baseline, unused/orphaned resources, and cost optimization across all configured regions. Produces severity-ranked findings (CRITICAL
engineering
Audit which integration credentials are configured. Scans shell env, ops preferences.json, Doppler, macOS Keychain, and Dashlane to report a configured-vs-missing table per service
security
Infrastructure as Code with Terraform/OpenTofu. Trigger to create modules, configure backends, write idiomatic HCL, or audit infrastructure.
engineering
Autonomous multi-project orchestration engine. Audits all registered projects, structures work into dependency-wired tasks, dispatches parallel agents (subagents or Agent Teams), a
general
Audit de performance du code et de l'application. Analyse Lighthouse, bundle size, Core Web Vitals, et optimisations. Utiliser après l'implémentation, avant une release, ou quand l
general
Make your clanker your editor. A prose linter, a set of editor commands anchored in classical style guides (Strunk, Williams, Zinsser, Pinker, Orwell, King), and project commands f
content
Perform a security audit based on OWASP. Use when the user wants to verify security, look for vulnerabilities, or before a production deployment.
security
Audit a RecurseKit run for correctness. Reviews events, skipped files, and result quality.
general
Use when asked to review epic health, audit stalled children, check scope drift, find missing coverage, or assess closure readiness. Produces a structured health report and actiona
general
Run a multi-tool repository quality assessment — git object health, contributor analytics, commit hygiene, hook configuration, secret scanning, module dependency architecture, and
engineering
Plan and audit programmatic SEO pages generated at scale from structured data. Use when designing templates, URL systems, internal linking, quality gates, and index-bloat safeguard
growth
Audit technical SEO across crawlability, indexability, security, URLs, mobile, Core Web Vitals, structured data, JavaScript rendering, and related platform signals like robots.txt
growth
Audit de sécurité complet pour les projets Supabase. Lance un pentest automatisé qui vérifie RLS, buckets, auth, keys exposées, et génère un rapport avec remediation. Utiliser quan
security
Audit a repo's test, lint, type-check, static analysis, build, and debug infrastructure for AI coding agents. Generate scored reports and optimized configs for the lint-on-write ho
engineering
Prüft die Transparenz-Compliance des Menschlichkeit Österreich Projekts — ZVR-Nummer 1182213083, Vereinsstatuten, Datenschutzerklärung und Impressum auf Vollständigkeit und Korrekt
general
Quick workflow for trivial changes (single-file fix, rename, typo). Skip the full Explore-Plan-TDD-Audit cycle. Trigger when the user wants a quick fix, a simple change, or mention
engineering
This skill should be used when the user asks to "audit ycc compatibility", "check Cursor/Codex bundle health", "verify cross-target parity", "run a compatibility report for ycc", "
product
This skill should be used when the user asks to "prepare a release", "cut a release", "tag a release", "create a GitHub release", "draft release notes", "set up release CI", "add a
general
This skill should be used when the user asks about 'schema drift', 'schema evolution', 'evolve schema', 'schema sync', 'sync schemas', 'update schema fields', 'schema field frequen
general
Review the condition of an "AI rules" file (CLAUDE.md, AGENTS.md, .cursor/rules/*.mdc, .github/copilot-instructions.md, .windsurfrules, nested per-area rule files, or any other rul
general
Content quality audit for both traditional SEO (E-E-A-T) and AI search (citability, structure, authority). Use when user says "content audit", "content quality", "E-E-A-T", "AI cit
growth
Hreflang and international SEO audit, validation, and generation. Detects common mistakes, validates language/region codes, and generates correct hreflang implementations — from no
growth
Image optimization analysis for SEO and performance. Checks alt text, file sizes, formats, responsive images, lazy loading, and CLS prevention. Use when user says "image — from sic
growth
Local SEO audit and optimization for Google Business Profile, Google Maps, and Gemini Ask Maps. Covers GBP completeness, NAP consistency, review strategy, local schema, competitor
growth
Redirect chain audit and analysis. Detects redirect loops, long chains, mixed protocols, and orphaned redirects. Use when user says "redirect audit", "301 redirect", "redirect chai
growth
Technical SEO audit across 8 categories: crawlability, indexability, security, URL structure, mobile, Core Web Vitals, structured data, JS rendering. Schema deep validation → seo-s
growth
Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations including Claude Code Action, Gemini CLI, OpenAI Codex, and GitHub AI Inference. Detects attac
security
Analyze a target's TLS configuration — negotiated protocol version, cipher suite, certificate chain, expiry, and downgrade vectors. Use when: SOC2 auditor flagged your endpoint for
security
Use when API code changes (routes, endpoints, schemas). Enforces Swagger/OpenAPI sync. Pauses work if documentation has drifted, triggering documentation-audit skill.
engineering
Verifies that <<PROJECT_TITLE>> follows ENV-DISCIPLINE: .env is gitignored and dockerignored, .env.example has empty defaults only (no REPLACE_ME), every environment variable read
engineering
Verifies that <<PROJECT_TITLE>>'s backend follows strict layering: routes → controllers → services → storage. Detects cross-layer violations (routes importing storage, controllers
general
Verifies that <<PROJECT_TITLE>>'s backend services emit observability data per the observability contract: structured JSON logs with the required fields, /healthz and /readyz endpo
general
Verifies that <<PROJECT_TITLE>> conforms to all 15 ASCENT invariants. The umbrella audit — delegates to ascent-layering-check, ascent-env-audit, and ascent-observability-check for
general
GLAW Audit-Readiness & Financial-Statement Assurance seat — the accounting division's controls/assurance layer. Designs and tests internal controls (COSO / SOX-lite), prepares fina
general
Expert-level security auditing, compliance, code review, and vulnerability assessment
security
Autonomous audit-to-fix pipeline — find issues, classify, fix, test, commit — from produtoramaxvision/maxvision
general
Audit milestone completion against original intent before archiving — from Gustavosareto/gerenciador-de-quadras
general
Use when about to install a community tool (MCP, plugin, package) that is not from Anthropic or an explicitly trusted source. Audits against docs/SAFETY_POLICY.md and returns GO /
general
Statistical and non-statistical audit sampling skill with sample size determination and evaluation
science
Use when you want to audit a session for drift between policy.yaml declarations and the real .claude/logs/ — declares candidate signals across skills_allowed, lifecycle hooks_requi
general
Audit a target's CORS posture — Access-Control-Allow-Origin handling, reflected-origin bypass, credentials+wildcard mismatch, preflight OPTIONS behavior, Vary header correctness. U
security
Audit a Node.js project's installed npm dependency tree for known CVEs by wrapping the npm audit JSON output and emitting findings in the canonical penetration-tester schema. Detec
security
Audit a Python project's installed dependencies for known CVEs by wrapping pip-audit (PyPA's official vulnerability auditor) and emitting findings in the canonical penetration-test
security
Authentication and authorization including JWT, OAuth2, OIDC, sessions, RBAC, and security analysis. Activate for login, auth flows, security audits, threat modeling, access contro
security
Designer's eye plan review — interactive, like CEO and Eng review. Rates each design dimension 0-10, explains what would make it a 10, then fixes the plan to get there. W — from ag
general
AWS cost optimization, monitoring, and operational excellence expert. Use when analyzing AWS bills, estimating costs, setting up CloudWatch alarms, querying logs, auditing CloudTra
engineering
Use when a long session has compacted or handed off, before any Edit, to confirm Claude's belief about file contents still matches disk. Diffs current sha256 signatures against the
general
Discover and assess existing brand assets for cohesion, gaps, and inconsistencies. Scans codebases, websites, and social presence. Triggers when someone wants to evaluate their cur
growth
Skill komprehensif untuk Bug Bounty Hunting berbasis AI — mencakup recon, web vuln classes, exploit chaining, finding validation, report writing, LLM/AI attacks, dan Web3 audit. Gu
security
Searches and explores Burp Suite project files (.burp) from the command line. Use when searching response headers or bodies with regex patterns, extracting security audit findings,
security
Read-only story-bible auditor for fiction series with a documented canon. Cross-references character / artifact / location mentions in chapters against the bible and flags drift. P
content
Audit Prefab UI card builders (`build_*_ui` in `katana_mcp_server/src/katana_mcp/tools/prefab_ui.py`) for user-centric content: real names over IDs, no redundant text dumps, named
general
Skill de reporting financier. Flash mensuel M+5, reporting trimestriel YoY, rapport annuel, board pack exécutif, lettres trimestrielles investisseurs, rapport RNS actionnaires, com
general
Audit ytstack internal consistency. Compares README (source of truth) against docs/concept.md, .ytstack/DECISIONS.md, and actual plugin content (skills/, hooks/, agents/, artifacts
general
Audit a target's HTTP security headers — CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and the Cross-Origin trio (COOP, COEP, CORP). Use
security
Audit a project's dependency licenses against an explicit policy (allow-list / deny-list / review-required) and flag incompatibilities before they ship to production. Reads SPDX li
engineering
Use when a Bash command references ~/.claude/ and fails with "path not found" or "No such file or directory" in multi-account setups. Use when writing rm -rf for team or task direc
general
Hit the Cloudflare REST API directly for operations that wrangler and MCP can't handle well. Bulk DNS, custom hostnames, email routing, cache purge, WAF rules, redirect rules, zone
engineering
Audit a codebase for maintenance and modernization. Challenges scope, reviews architecture/quality/tests/performance/dependencies, files deferred work via bd. Language-specific add
engineering
Turn suspected OS command injection (a parameter that lands in a shell or a child process) into proof of remote code execution via an OAST callback, plus one safe demonstration of
general
Diagnose when intuitive judgment, agent confidence, or expert routing can be trusted by classifying environment validity, feedback quality, and task-boundary fit. Use for confidenc
engineering
GLAW Controller — the Accounting Agent that keeps and closes the books. Runs the day-to-day and period accounting: imports transactions to the general ledger, posts adjusting entri
general
Database performance audit — detects N+1 queries, missing indexes, join opportunities, slow queries, EXPLAIN analysis, and per-endpoint DB call counts. Use when asked to "optimize
general
Scan a source tree for command-injection vulnerable patterns: shell=True calls in Python subprocess, os.system / os.popen with interpolated strings, Node child_process.exec with te
security
Probe a target for accidentally-public admin / debug / introspection endpoints — Spring Boot Actuator, Apache server-status, Prometheus metrics, GraphQL playground, Swagger UI, php
engineering
Probe a target for directories that return auto-generated index listings instead of denying or serving a specific file — exposes the full file tree under any reachable directory, i
security
Probe a target for accidentally-served secret-bearing files in the web root — `.git/`, `.env`, `.DS_Store`, backup files, database dumps, key files, CI configs, IDE configs. Use wh
security
Scan a source tree for unsafe-by-default deserialization APIs: Python pickle.loads / cPickle / shelve / dill, Ruby Marshal.load / YAML.load (pre-3.1 default), Java ObjectInputStrea
tools
Audit a target's TLS certificate beyond protocol/expiry — chain ordering, OCSP stapling, revocation status, Certificate Transparency presence, key-usage flags, and over-broad wildc
security
Scan a source tree for weak cryptographic primitives: MD5 / SHA-1 used for security purposes, DES / 3DES / RC4 ciphers, ECB block mode, custom-built crypto (XOR loops, hand-rolled
security
Modern web auth implementation (better-auth, Lucia, NextAuth/Auth.js, Clerk, Supabase Auth). Trigger when the user wants to add login, signup, sessions, OAuth, magic links, 2FA, or
engineering
Live developer experience audit. Uses the browse tool to actually TEST the developer experience: navigates docs, tries the getting started flow, times TTHW, screenshots e — from Cl
general
Orchestrate production releases with deployment automation, smoke testing, rollback capabilities, and release documentation. Use after QA approval to deploy stories to production.
engineering
GitHub/Railway housekeeping for CI env/secret management and DX maintenance. Use when setting or auditing GitHub Actions variables/secrets, syncing Railway env → GitHub, or fixing
engineering
Use when documentation drift is detected. Comprehensively audits codebase and creates/updates Swagger, features docs, and general documentation to achieve full sync. — from enginee
engineering
Use when drafting prose that DEFENDS or DEVELOPS specific claims using cited evidence from the local library — claims the user has stated explicitly, or claims they want help artic
general
Process energy audit skill for consumption analysis, benchmarking, and efficiency improvement identification
general
Analyzes smart contract codebases to identify state-changing entry points for security auditing. Detects externally callable functions that modify state, categorizes them by access
security
Use when user-facing features change. Ensures features documentation is updated. Pauses work if documentation has drifted, triggering documentation-audit skill.
general
Identify the server software, framework, and component versions a target is running from its HTTP response signatures — Server header, X-Powered-By, Via, X-AspNet-Version, X-Runtim
security
5S workplace organization audit skill with scoring, photo documentation, and sustainability tracking
general
GLAW end-to-end forensic financial reconstruction — RE-RUNNABLE. Takes a set of bank statements (or a classified master-ledger CSV) and rebuilds a complete, gapless, fully-reconcil
general
Audit and enforce the core/client boundary in multi-client projects. Detects where shared platform code is tangled with client-specific code, finds hardcoded client checks, config
engineering
Framework-internal rot/silo audit. Detects wiring/reference rot in a DevForgeAI install — artifacts DEFINED but never wired in (orphaned agents/hooks/skills = silos) and references
general
Automated freight bill validation skill with discrepancy detection and payment processing automation
general
Avalia quality gates entre fases do SDLC. Verifica artefatos obrigatorios, criterios de qualidade, e aprovacoes necessarias antes de permitir transicao. Use quando: transicao entre
general
Helpt bij het implementeren van technische governance-controls voor generatieve AI-systemen bij de Nederlandse overheid, conform de EU AI Act (hoog-risico), AVG en BIO2. Biedt mode
general
Multi-agent PR code review. Dispatches 3 parallel reviewers: bugs finder, security auditor, and code quality reviewer. Produces a single consolidated review report. Inspired by Ant
engineering
Audits git repository hygiene: worktree state, stale branches, uncommitted changes, orphaned worktrees, and hook configuration. Finds the rot before it causes a crisis.
general
Multi-agent regulatory council that drafts, fills, and generates all SEC/FINRA/state filings and compliance documents for tokenized fund offerings. Covers Form D (EDGAR), Form ADV
general
Autonomous audit-to-fix pipeline — find issues, classify, fix, test, commit — from welkhazen/wzwznew
general
Retroactive 6-pillar visual audit of implemented frontend code — from Gustavosareto/gerenciador-de-quadras
general
Retroactively audit and fill Nyquist validation gaps for a completed phase — from Gustavosareto/gerenciador-de-quadras
general
Chief Security Officer mode. Infrastructure-first security audit: secrets archaeology, dependency supply chain, CI/CD pipeline security, LLM/AI security, skill supply cha — from th
security
Designer's eye QA: finds visual inconsistency, spacing issues, hierarchy problems, AI slop patterns, and slow interactions — then fixes them. Iteratively fixes issues in source cod
general
Automated PR Review, Windows Compatibility & Security Audit. Wraps maintainer_auditor.py to scan active files for Unix Bashisms, hardcoded Unix paths, and hardcoded secrets, genera
security
Designer's eye plan review — interactive, like CEO and Eng review. Rates each design dimension 0-10, explains what would make it a 10, then fixes the plan to get there. W — from th
general
Audit all live Home Assistant automations against the safety policy. Catches policy drift from automations added via the HA UI that bypassed this plugin's safety gate. Runs weekly
general
Containerized security auditing and ethical hacking tools. All operations run in isolated Docker containers for safety.
security
Audit the `bd remember` store and recommend which entries to prune, so each one earns its per-session `bd prime` injection cost. Read-only: it proposes a triage table plus the exac
general
HIPAA security and privacy compliance automation for ePHI protection, safeguards assessment, and audit preparation
security
Detects and eliminates 40 AI writing tells across vocabulary, structure, formatting, content inflation, and communication artifacts. Includes personality injection, 6-dimension sco
general
Full-lifecycle Instagram content engine with 13 sub-skills, 6 specialized agents, and 5-category 100-point scoring. Optimized for the 2026 Instagram algorithm (watch time, DM-sends
content
Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing confi
security
Install skills, agents, and teams from agent-almanac into any supported agentic framework using the CLI. Covers framework detection, content search, installation with dependency re
general
Visual design audit for iOS apps on real hardware. Connects to a real iPhone via the same StateServer as /ios-qa, screenshots every screen, evaluates against Apple HIG, DESIGN.md,
general
GLAW IRS audit-defense seat — drive an IRS examination (or a state DOR audit) from the first notice to resolution: triage the notice, fix the statute-of-limitations clock, reconstr
content
Use when asked to evaluate issue size, decompose large issues, or audit backlog complexity.
general
Full LinkedIn Ads account audit — campaign structure, targeting, creative performance, spend efficiency
ads
Scheduled live-audit pipeline for rafaelalex.de, events.rafaelalex.de, zeit.rafaelalex.de. Runs weekly via Scheduled Tasks MCP. Audits via PageSpeed Insights API (Performance, SEO,
general
Comprehensive security audits identifying vulnerabilities, misconfigurations, and best-practice violations across applications, APIs, infrastructure, and data pipelines. Use for OW
security
Quick routine security checks for secrets, dependencies, container images, and common vulnerabilities. Use for lightweight pre-commit and CI scans with tools like Semgrep, Trivy, g
security
Discovers all businesses of a given type in any geography using Nimble WSAs. Two modes: Discovery finds businesses from scratch; Audit compares a user's existing list (Google Sheet
general
Enterprise systematic code review orchestrator with TRUST 5 principles, multi-language support, Context7 integration, AI-powered quality checks, SOLID principle validation, securit
engineering
Find commitments the user made in the last two weeks and did not follow through on. A promises audit.
general
Audit a Primavera P6 XER schedule file. Produces a health score, critical path analysis, float distribution, logic quality assessment, and prioritised recommendations. Use when som
general
Audit paper drafts for logical consistency, compliance, and academic integrity (Triangulation Matrix).
science
Use when you want to validate that existing `.claude/patterns/` entries remain consistent with the codebase and flag drift.
general
Designer's eye plan review — interactive, like CEO and Eng review. Rates each design dimension 0-10, explains what would make it a 10, then fixes the plan to get there. W — from Cl
general
Interactive developer experience plan review. Explores developer personas, benchmarks against competitors, designs magical moments, and traces friction points before scoring. Three
general
Report policy-gateway activity — secret/injection blocks and sensitive-op audits — pulled from the lineage ledger. Also scans the working tree for secrets that pre-date the plugin.
general
PR triage: audit open PRs, deep review selected ones, draft and post review comments. Args: "all" to review all, PR numbers to focus (e.g. "42 57"), "en"/"fr" for language, no arg
general
Review Product Overview Documents for completeness, clarity, source-of-truth conflicts, module-boundary drift, and likely downstream FRD / Blueprint / Work Order impact. Reads the
product
迁移或大规模重构前,按四层递进的静态+语义分析产出可机器消费的 JSON 与简短摘要(BLIR → 业务推理 → v1/v2 语义差分 → 模式/反模式)。适用于框架升级、模块拆分、遗留改造、分支对比、Breaking change 审计、以及需要论证业务等价而不仅是文本 diff 的场景。 Triggers:迁移前分析、重构预分析、语义 diff、BLIR
engineering
Programmatic alignment audit for pstack-managed repos. Greps the repo for known-stale vocabulary, dropped invocations (gstack, codex), and posture references that drifted from the
general
High-fidelity prototype workflow. Monorepo: lands in apps/lab/<name>/. Output: working prototype + DESIGN.md + preview deploy. Uses the project's existing design system; calls gsta
product
Production validation specialist for post-deployment smoke tests, SEO audits, visual regression, and analytics verification. Validates that deployed features meet acceptance criter
engineering
UI/UX design audit and verification of web best practices. Trigger when the user wants to audit the design, verify the UI/UX, or improve the user interface.
general
Internal quality audit skill with planning, execution, findings documentation, and corrective action tracking
general
Use when auditing a Rails app for SQL injection, XSS, CSRF, mass-assignment, or Gemfile.lock CVEs, or when reviewing only NEW security regressions in a PR vs base branch.
security
Package an engagement's findings, scan outputs, evidence, and signed ROE into a timestamped archive with a SHA-256 manifest covering every file. Establishes chain of custody so leg
security
Automates the drafting of regulatory documents (e.g., FDA CTD sections) with citation management and audit trails.
general
Removes a pinned audit reference from this repository. Use when the user explicitly asks to remove, delete, or retire an audit reference. Requires a stated reason before proceeding
general
Reviewer para Axé Hub — audita backend, frontend e specs contra os padrões do projeto
general
Use when running /rune:appraise or /rune:audit, when spawning multiple review agents, when TOME aggregation fails or produces malformed output, or when a TeammateIdle hook fires be
general
Use when agents need to read or write project memory, when persisting learnings from reviews or audits, when managing echo lifecycle (prune, reset), when a user wants to remember s
general
Scan a source-code tree for hardcoded credentials embedded in source files: AWS access keys, GitHub tokens, Stripe keys, Slack tokens, Anthropic API keys, OpenAI keys, JWT signing
security
Audits Solidity codebases for smart contract vulnerabilities using a four-phase workflow (cheatsheet loading, codebase sweep, deep validation, reporting) covering 36 vulnerability
security
GLAW SEC Financial Reporting seat — the mechanics of taking GLAW's audited numbers into an SEC filing. Determines filer status (Large Accelerated / Accelerated / Smaller Reporting
general
Apply security awareness during code review and implementation. Catches common vulnerabilities without requiring full security audit.
security
Auditoría de seguridad OWASP Top 10. Usar para revisar código en busca de vulnerabilidades, validar autenticación/autorización, analizar input sanitization, detectar SQL injection,
security
Run Semgrep static analysis scan on a codebase using parallel subagents. Supports two scan modes — "run all" (full ruleset coverage) and "important only" (high-confidence security
security
SEO intelligence toolkit covering the full lifecycle via live web data: keyword research, rank tracking, site audits, content gap analysis, competitor keyword reverse-engineering,
growth
Analyze internal link structure by crawling a domain. Identifies orphan pages, underlinked pages (fewer than 3 inbound links), and broken internal links. Suggests anchor text for t
growth
Generate, validate, or audit llms.txt files for AI search visibility. Crawls site structure, generates spec-compliant Markdown index for LLMs. Use when user says "llms.txt", "llm t
growth
Audit markdown files for SEO before publishing. Checks heading structure, meta description, keyword density, content length, link quality, image alt text, and frontmatter completen
growth
Validate SEO preservation during site migrations. Checks redirect chains (301 vs 302, hop count), canonical consistency, title/meta preservation, HTTP status codes, content similar
growth
Generate and save a complete SEO report to disk. Use when user says "SEO report", "generate report", "monthly report", "weekly report", "audit report", "competitor report", "save r
growth
Audit robots.txt for AI crawler access policies. Checks GPTBot, ClaudeBot, PerplexityBot, Google-Extended, and other AI crawlers. Use when user says "robots AI", "AI crawlers", "bl
growth
Flagship comprehensive SEO audit combining Ahrefs and GSC data in sequential waves with checkpoint saves. Use when user says "site audit pro", "full audit", "comprehensive audit",
growth
Синхронизация .serena/memories - fact-only заметки из кода/диффов/тестов. Используй для: обнови memories, синхронизируй память, после коммита, после Stop-хука, .serena/plans, .sere
science
Discover, choose, and rewrite backend-specific VibeProxy cc-* aliases for Claude Code. Use when setting up, resetting, or auditing VibeProxy aliases for Codex, Copilot, Antigravity
tools
Nutze diesen Skill wenn der Nutzer Claude Code einrichten, konfigurieren oder Best Practices umsetzen moechte. Ausloeser: "setup", "einrichten", "bootstrapping", "checkliste", "bes
tools
SOC 2 Trust Services Criteria compliance automation for evidence collection, control mapping, and audit preparation
general
Thorough code-quality audit of the Solarxy workspace. Reviews Rust idioms, wgpu + WGSL correctness, egui patterns, ratatui (where used), architecture, performance, safety, workspac
engineering
Automated documentation generation, auditing, and remediation with structural anti-skip enforcement. Supports 3 workflows: Generation (greenfield/brownfield), Audit (4-di — from ba
general
Automated documentation generation, auditing, and remediation with structural anti-skip enforcement. Supports 3 workflows: Generation (greenfield/brownfield), Audit (4-di — from ma
general
Identifies dependencies at heightened risk of exploitation or takeover. Use when assessing supply chain attack surface, evaluating dependency health, or scoping security engagement
security
GLAW U.S. Tax Court litigation seat — owns the forum that /glaw-irs-audit only drafts the petition for. Docks the jurisdictional 90-day clock, files and prosecutes the Tax Court pe
general
Use when you want to audit test suites for potential issues (declares candidate signals: flaky, orphan, trivial assertions).
engineering
Retroactively audit and fill Nyquist validation gaps for a completed phase — from produtoramaxvision/maxvision
general
Ingest data from S3 into bauplan using the Write-Audit-Publish pattern for safe data loading. Use when loading new data from S3, performing safe data ingestion, or when the user me
general
Provides web vulnerability testing methodology distilled from 88,636 real-world cases from the WooYun vulnerability database (2010-2016). Use when performing penetration testing, s
security
Analyse a business workflow to find where time is actually lost and recommend specific improvements. Use when someone asks to audit a process, find bottlenecks, improve efficiency,
general
Detects missing zeroization of sensitive data in source code and identifies zeroization removed by compiler optimizations, with assembly-level analysis, and control-flow verificati
general
Review UI code for Web Interface Guidelines compliance. Use when asked to "review my UI", "check accessibility", "audit design", "review UX", or "check my site against be — from pr
product
Gera CLAUDE.md inteligente para projetos consumidores. Consome output do Repo Auditor, faz entrevista guiada com o dev e produz um CLAUDE.md especifico, conciso e acionavel. Use ap
tools
Use when: writing, rewriting, or auditing acceptance criteria, definition-of-done lists, or user-story AC for quality: testable, observable, single, scoped, and implementation-neut
product
Run a WCAG 2.1 AA accessibility audit on a design or page. Trigger with "audit accessibility", "check a11y", "is this accessible?", or when reviewing a design for color c — from Er
product
Run the AgentRC readiness assessment on the current repository and produce a static HTML dashboard at reports/index.html. Wraps `npx github:microsoft/agentrc readiness` and hands o
tools
Active Directory security audit using the MITRE ATT&CK framework. Full domain enumeration, trust mapping, GPO analysis, ACL abuse paths, ADCS attacks (ESC1-ESC8), delegation abuse
security
Quarterly life-admin sweep tailored to life stage — renewals, audits, reviews — so admin items don't drift into emergencies.
general
Auditoria completa de software (wrapper FORTRESS). Roda MERIDIAN + SENTINEL + ARCHITECT + CONDUCTOR + LIGHTHOUSE em sequencia. Fortress Score = laudo completo.
tools
Deploy para Vercel ou plataforma detectada, com smoke tests. Use quando codigo esta auditado, testado e versionado.
general
Metodologia Mock-First para frontends de integracao. 6 fases (mock data → UI → auditoria UX → preparacao integracao → validacao → execucao). Carregado on-demand como referencia.
general
Auditoria de seguranca, qualidade e conformidade. OWASP Top 10, secrets scan, dependency audit. Use antes de deploy.
security
**DEFAULT for authoring or refining an Ultraprompt agent — produces a new agent definition with frontmatter, body, tool permissions, and orchestration plan.** Different from /skill
general
Use when: auditing agent instructions, skill files, SKILL.md artifacts, prompt-packaged workflows, AI assistant instruction artifacts, custom agent modes, or reusable assistant gui
general
Create governed Hermes agents as auditable enterprise operating units with manifest, capability stack, memory seed, deployment plan, verification contract, registry entry, and kill
engineering
Wraps the Research Preview `claude agents` CLI (CC 2.1.139+) and `claude plugin details ork` for live observability of parallel agent sessions. Surfaces running/blocked/done state,
science
**DEFAULT for AI agent safety reviews — dispatches security-auditor + risk-and-controls-reviewer with AI/agent safety focus.**
security
SKILL.md files, not affiliated with, endorsed by, or sponsored by Anthropic.