416 Claude Code skills tagged Scanner. Browse all behavioural skill type-related skills in the open ClaudSkills registry — free to install, one-click via the desktop app.
Showing top 200 of 416 skills, ranked by quality score.
Atomic Force Microscopy and Scanning Probe Microscopy skill for nanoscale topography, mechanical, and electrical property mapping
general
AWS security configuration scanning and hardening using Prowler, Security Hub, and AWS Config
security
Azure security configuration scanning and hardening using Azure Security Center, Azure Policy, and ScoutSuite
security
Expert-level CodeQL for static analysis, vulnerability detection, and security code scanning
security
Container image and Kubernetes security scanning for CVEs, misconfigurations, and compliance
security
Deploy payloads and shell commands fleet-wide using reliable tasking. Execute scripts, collect data, or run commands across all endpoints with automatic handling of offline sensors
security
GCP security configuration scanning and hardening using Security Command Center, Forseti, and ScoutSuite
security
Git diff forensics for surfacing and classifying code changes for trojan detection
general
Infrastructure as Code security scanning and policy enforcement for Terraform, CloudFormation, Kubernetes, and Pulumi
security
Parses and processes SARIF files from static analysis tools like CodeQL, Semgrep, or other scanners. Triggers on "parse sarif", "read scan results", "aggregate findings", "deduplic
general
Scanning Electron Microscopy with Energy Dispersive X-ray Spectroscopy skill for morphology and elemental analysis
general
Scanning Tunneling Microscopy skill for atomic-resolution imaging and local density of states measurements
general
Automated technical architecture review, security assessment, scalability analysis
security
Write and test YARA rules for malware detection and threat hunting. Use when creating YARA signatures, detecting malware families, scanning files or memory for indicators of compro
security
Single-pass codebase analysis leveraging Opus 4.6 1M context for comprehensive security scanning, architecture review, and dependency auditing. Loads entire codebases for cross-fil
security
Audit all Claude Code skills for compliance with canonical template standards. Use when checking skill quality, validating skill structure, linting SKILL.md files, verifying frontm
general
Generate or refresh coverage manifest for a scanner — lists ALL items in scope so scans can track progress across sessions.
general
Scans Android APKs for Firebase security misconfigurations including open databases, storage buckets, authentication issues, and exposed cloud functions. Use when analyzing APK fil
engineering
Scans Android APKs for Firebase security misconfigurations including open databases, storage buckets, authentication issues, and exposed cloud functions. Use when analyzing APK fil
engineering
Manage and interact with MisarDefender — the local macOS security daemon. Use when: checking security daemon status, viewing security events, starting/stopping defender, scanning f
security
Balto platform help — contact center real-time AI guidance with live call coaching, automated QA on 100% of calls, compliance monitoring, and automatic call summarization to CRM. U
sales
Devi AI platform help — Chrome extension for social media lead monitoring across Facebook groups, LinkedIn, X, Reddit, WhatsApp, Telegram, Nextdoor, Bluesky, Threads with AI buying
sales
VoiceToNotes platform help — AI voice-to-text transcription with real-time capture, AI summaries, grammar correction, OCR scanning, custom prompts, HIPAA compliance, web + iOS + An
sales
Diagnose en fix scanner problemen. Gebruik bij "scanner", "scan", "OAuth", "tokens".
general
Convert raw scanner findings into atomic work items in the backlog. Assigns priority, category, effort, and identifies file conflicts.
general
Chief Security Officer mode. Infrastructure-first security audit: secrets archaeology, dependency supply chain, CI/CD pipeline security, LLM/AI security, skill supply chain scannin
security
Run security scans including SAST, dependency scanning, and secret detection
security
Deep web research, competitor scanning, technology evaluation, and implementation planning. Decomposes work into vertical slices, identifies parallel workstreams, tracks assumption
science
Use when you need to add or configure Maven plugins in your pom.xml — including quality tools (enforcer, surefire, failsafe, jacoco, pitest, spotbugs, pmd), security scanning (OWAS
engineering
Security-Scanner Agent fuer fabrikIQ und andere Projekte. Fuehrt umfassende Sicherheitspruefungen durch.
security
Use when you need to review, improve, or build Spring Boot 4.0.x applications — including proper usage of @SpringBootApplication, component annotations (@Controller, @Service, @Rep
engineering
Accessibility audit skill for scanning, fixing, and verifying WCAG 2.2 Level A and AA compliance across React, Next.js, Vue, Angular, Svelte, and plain HTML codebases. Use when aud
product
Automated WCAG 2.1 AA accessibility testing with axe-core and Lighthouse CI. Auto-detects frontend framework (React, Next.js, Vue, Angular, Svelte, Astro, Flutter, React Native), d
product
Discover and configure Bluetooth and Wi-Fi accessories using AccessorySetupKit. Use when presenting a privacy-preserving accessory picker, defining discovery descriptors for BLE or
general
Add private functions from game DLLs (server.dll/engine.dll) to metamod plugins using signature scanning and symbol lookup. Use when adding new private function hooks that require
general
Configure CI/CD pipelines for Adobe integrations with GitHub Actions, including OAuth credential injection, PDF Services testing, Firefly API smoke tests, and secret scanning for A
engineering
Implement Adobe-specific lint rules, CI policy checks, and runtime guardrails covering credential scanning (p8_ patterns), Firefly content policy pre-screening, PDF Services quota
tools
Audit and improve website readiness for AI agents using the Cloudflare "Is It Agent Ready?" scanner (isitagentready.com). Covers scanning via API, interpreting results, generating
engineering
WHEN: Deep AI-powered code analysis, multi-model code review, security scanning with Codex and Gemini WHAT: Comprehensive code review using external AI models with severity-based f
engineering
Performs an initial scan of the Alfworld environment to identify all visible objects and receptacles. Processes raw observation text into a structured list of entities to build a m
general
Scans Algorand smart contracts for 11 common vulnerabilities including rekeying attacks, unchecked transaction fees, missing field validations, and access control issues. Use when
security
Multi-layer virus scanning for Aminet packages. Signature-based detection, heuristic hunk analysis, boot block scanning, quarantine management, and scan orchestration. Use when sca
general
URLScan.io is a free service for scanning and analyzing suspicious URLs. It captures screenshots, DOM content,
general
Parse NetFlow v9 and IPFIX records to detect volumetric anomalies, port scanning, data exfiltration, and C2 beaconing
general
Complete Play Store setup - orchestrates scanning, privacy policy, version management, Fastlane, and workflows (Internal track only)
general
Generate API_CONTRACT.md by scanning existing routes and controllers
general
Discover and document existing API endpoints from code, logs, and traffic analysis
general
Systematic completeness audit of Architecture Documentation using 188-item viewpoint-based checklist, severity-classified gap detection, technical debt indicators, and architecture
engineering
Interpret and triage architecture scanner output — cluster findings by module and root cause, classify true positives vs false positives vs acceptable design, and produce a priorit
engineering
Audit Popoto Redis models for relationship gaps, missing fields, naming inconsistencies, and architectural weaknesses. Use when reviewing data model health, checking model integrit
general
Deploy ECS tasks and services with GitHub Actions CI/CD. Use for building Docker images, pushing to ECR, updating ECS task definitions, deploying ECS services, integrating with Clo
engineering
Scans AWS CloudWatch Logs using the CloudWatch Logs Insights API and CloudWatch Anomaly Detection API. Identifies unusual error patterns, latency spikes, and log volume anomalies a
engineering
Amazon DynamoDB patterns using AWS SDK for Java 2.x. Use when creating, querying, scanning, or performing CRUD operations on DynamoDB tables, working with indexes, batch operations
tools
Use when implementing ANY computer vision feature — image analysis, pose detection, person segmentation, subject lifting, text recognition, barcode scanning.
general
subject not detected, hand pose missing landmarks, low confidence observations, Vision performance, coordinate conversion, VisionKit errors, observation nil, text not recognized, b
general
Vision framework API, VNDetectHumanHandPoseRequest, VNDetectHumanBodyPoseRequest, person segmentation, face detection, VNImageRequestHandler, recognized points, joint landmarks, VN
general
Analyze Azure resource groups and generate detailed Mermaid architecture diagrams showing the relationships between individual resources. USE FOR: create architecture diagram, visu
engineering
Bulk backlog scanner that analyzes the entire finans codebase vs CLAUDE.md, identifies ALL gaps, and generates a comprehensive, prioritized, numbered task backlog. Uses broad→narro
general
Competitive intelligence engine that deconstructs competitor positioning, surfaces exploitable weaknesses, and predicts competitive responses. Use when: competitive analysis, compe
security
Bearer CLI is an open-source static application security testing (SAST) tool that scans source code to identify, filter, and prioritize security vulnerabilities and privacy risks.
security
A fast, configurable secrets scanner built by the creator of Gitleaks and backed by Aikido Security. Betterleaks detects leaked passwords, API keys, and tokens in git repositories,
security
Business card scanner + Google Contacts manager. Auto-detects business card images, extracts contact info via OCR (imageModel), confirms with user, saves to Google Contacts with co
general
Document brownfield projects for AI context by scanning source code and generating comprehensive documentation. Detects project type, scans codebase at configurable depth (quick/de
general
Static analysis security vulnerability scanner for Ruby on Rails applications. Use when analyzing Rails code for security issues, running security audits, reviewing code for vulner
security
Analyzes existing brownfield projects to map documentation to SpecWeave's structure (PRD/HLD/Spec/Runbook). Use when migrating existing projects to SpecWeave, scanning legacy docs,
product
Discover trending topics and content ideas from social feeds for post creation. Use when scanning Twitter timeline or finding content inspiration.
general
Design and implement a comprehensive DevSecOps pipeline in GitLab CI/CD integrating SAST, DAST, container scanning,
security
Deploy DefectDojo as a centralized vulnerability management dashboard with scanner integrations, deduplication,
security
Builds a structured vulnerability scanning workflow using tools like Nessus, Qualys, and OpenVAS to discover,
security
Use when implementing Kubernetes security patterns including RBAC, NetworkPolicies, Pod Security Standards, secrets management, image scanning with Trivy, Cosign signing, and Dapr
security
Execute comprehensive web application security testing using Burp Suite's integrated toolset, including HTTP traffic interception and modification, request analysis and replay, aut
security
Extract contact information from business card images using OCR - name, company, email, phone, address.
general
Scans Cairo/StarkNet smart contracts for 6 critical vulnerabilities including felt252 arithmetic overflow, L1-L2 messaging issues, address conversion problems, and signature replay
security
Cariddi is a Go-based security tool that takes a list of domains, crawls their URLs, and scans for endpoints, secrets, API keys, file extensions, tokens, and errors. It supports co
security
Secure CAST AI API keys, RBAC configuration, and Kvisor security agent. Use when hardening CAST AI cluster access, configuring security scanning, or implementing API key rotation p
security
Checkov IaC Scanner is built around Kubernetes orchestration platform. The underlying ecosystem is represented by kubernetes/kubernetes (121,313+ GitHub stars). It gives an agent a
tools
Scans IaC files with Bridgecrew Checkov for policy violations across Terraform, CloudFormation, Kubernetes, and Dockerfile configurations. Supports custom Python-based policy autho
engineering
Create checkpoints from receipt photos using QR scanning, e-Kasa API, and GPS extraction (10-40s)
general
Design and generate CI/CD pipelines from detected project stack signals. Covers GitHub Actions, GitLab CI, CircleCI, and Buildkite with caching, matrix builds, deployment strategie
engineering
WHEN: CI/CD pipeline review, GitHub Actions, GitLab CI, Jenkins, build optimization WHAT: Pipeline structure + Job optimization + Security scanning + Caching strategy + Deployment
engineering
Diagnose and fix CI/CD pipeline failures, test errors, GitHub Actions issues, and code scanning alerts.
engineering
Audits CircleCI orb dependencies using the CircleCI v2 API and orb registry. Detects outdated orb versions, deprecated commands, and known CVEs in orb executor images via Trivy sca
engineering
Scans CircleCI config.yml for outdated orb versions using the CircleCI Orbs Registry API. Reports CVEs linked to orb dependencies via Snyk vulnerability database lookups.
engineering
Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semg
security
Defense-in-depth security for AI-assisted development. Pre-commit secret scanning (Gitleaks + native fallback), repo-wide pattern detection, token lifecycle management, and AI agen
security
Pre-production security audit and vulnerability scanning. Run Snyk + Aikido dependency scans, OWASP analysis, and set up automated GitHub security checks with Jules. Use when asked
security
Technology-agnostic prompt generator that creates customizable AI prompts for scanning codebases and identifying high-quality code exemplars. Supports multiple programming language
tools
Detect hardcoded values, magic numbers, and leaked secrets. TRIGGERS - hardcode audit, magic numbers, PLR2004, secret scanning.
general
Security-focused code review for OpenSite/Toastability platform. Use when reviewing PRs for security issues, auditing new API endpoints, checking for HIPAA/SOC2 compliance violatio
security
Comprehensive code review skill for TypeScript, JavaScript, Python, Swift, Kotlin, Go. Includes automated code analysis, best practice checking, security scanning, and review check
engineering
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities,
security
Configure CodeRabbit for security-focused code review with secret detection and vulnerability scanning. Use when setting up security review rules, configuring secret detection in P
security
VMware vCenter/ESXi read-only monitoring. Code-level enforced safety — no destructive operations exist in this codebase. Use when monitoring VMware infrastructure via natural langu
general
Use when the user wants to set up ongoing competitor monitoring — define competitors to track, configure scanning frequency, enable change detection alerts, and establish competiti
general
Container vulnerability scanning and dependency risk assessment using Grype with CVSS severity ratings, EPSS exploit probability, and CISA KEV indicators. Use when: (1) Scanning co
security
Scans Docker and OCI container images for vulnerabilities using Trivy JSON output and the Docker Hub API v2 for image metadata. Analyzes base image layers via Syft SBOM generation
security
Manage container registries (Docker Hub, ECR, GCR) with image scanning, retention policies, and access control.
engineering
Scans containers and Dockerfiles for security issues. Wraps Hadolint for Dockerfile linting and Trivy for container image scanning. Use when user asks to "scan Dockerfile", "lint D
security
Comprehensive container security guidance including vulnerability scanning with Trivy, image hardening, secrets management, and CIS benchmark compliance. Activates when working wit
security
Create or update a task context dump document by scanning existing content and appending only new, non-duplicative progress. Use only when the user explicitly requests a context du
general
Validate cross-episode continuity by scanning scenes for invented details, contradictions, and timeline violations. Use after scene creation/editing to detect continuity errors. Tr
general
Read and write NFC tags using CoreNFC. Use when scanning NDEF tags, reading ISO7816/ISO15693/FeliCa/MIFARE tags, writing NDEF messages, handling NFC session lifecycle, configuring
general
Scans Cosmos SDK blockchain modules and CosmWasm contracts for consensus-critical vulnerabilities — chain halts, fund loss, state divergence. 25 core + 16 IBC + 10 EVM + 3 CosmWasm
security
Code Query with AI-enhanced deterministic analysis via SplitMix ternary classification
security
Create and run custom background analysis workers with composable phases. Use when you need automated code analysis, security scanning, pattern learning, or API documentation gener
security
Discover all customers of a given company by scanning websites, case studies, review sites, press, social media, job postings, and more. Use when you need competitive intelligence
general
Fast web fuzzer for DAST testing with directory enumeration, parameter fuzzing, and virtual host discovery. Written in Go for high-performance HTTP fuzzing with extensive filtering
security
Fast, template-based vulnerability scanning using ProjectDiscovery's Nuclei with extensive community templates covering CVEs, OWASP Top 10, misconfigurations, and security issues a
security
Dynamic Application Security Testing execution and management. Configure and execute OWASP ZAP and Nuclei scans, run authenticated scanning, manage scan policies and scope, correla
security
Dynamic application security testing (DAST) using OWASP ZAP (Zed Attack Proxy) with passive and active scanning, API testing, and OWASP Top 10 vulnerability detection. Use when: (1
security
Detection rules and grep patterns for database performance anti-patterns. Use when scanning codebase for N+1 queries, sequential queries, or connection pool issues.
general
Automated dependency management with security scanning, update orchestration, and compatibility validation
security
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities,
security
Scan codebase to identify opportunities to replace custom implementations with well-maintained open source libraries. Creates worktree, implements changes, and submits PR for revie
general
Comprehensive dependency scanning, inventory generation, and SBOM creation for migration readiness assessment
general
Enforce dependency security scanning and SBOM generation. Use when adding dependencies, reviewing package.json, or during security audits. Covers OWASP dependency check, npm audit,
security
Scans project dependencies using OSV.dev API and Snyk CLI for known CVEs across npm, PyPI, Maven, and Go modules. Generates SBOM in CycloneDX format via syft.
security
Detect network reconnaissance and port scanning using Suricata and Snort IDS signatures, threshold-based detection
security
Configures Fail2ban with custom filters and actions to detect port scanning activity, SSH brute force attempts,
security
Package and dependency management patterns across ecosystems (npm, pip, cargo, maven). Covers lockfiles, semantic versioning, dependency security scanning, update strategies, monor
security
OCR mobile et extraction de champs depuis CIN, passeport, permis, factures. Se déclenche avec "OCR", "scanner document", "extraire texte", "CIN", "passeport", "MRZ", "ID card", "do
general
Détecte les secrets, clés API et credentials exposés dans le code. À utiliser pour vérifier qu'aucun secret n'est dans le code. Se déclenche avec "secrets", "clé API exposée", "cre
security
Expert DevSecOps engineer specializing in secure CI/CD pipelines, shift-left security, security automation, and compliance as code. Use when implementing security gates, container
security
Defense-in-depth, PII protection, secrets scanning, and secure packaging for distributed software
security
Scans for project documentation files (AGENTS.md, CLAUDE.md, GEMINI.md, COPILOT.md, CURSOR.md, WARP.md, and 15+ other formats) and synthesizes guidance. Auto-activates when user as
general
WHEN: Dockerfile review, multi-stage builds, layer optimization, docker-compose WHAT: Image optimization + Layer caching + Security scanning + Compose best practices + Build effici
engineering
Secure Docker containers and images with hardening, scanning, and secrets management
security
Audits Dockerfiles for security vulnerabilities using Hadolint and Trivy container scanner. Recommends hardening steps based on CIS Docker Benchmark and Snyk container advisories.
security
Domain reconnaissance coordinator that orchestrates subdomain discovery and port scanning to build comprehensive domain attack surface inventory
security
Set up or refine open-source .NET code-quality gates for CI: formatting, `.editorconfig`, SDK analyzers, third-party analyzers, coverage, mutation testing, architecture tests, and
engineering
Blockchain analytics and DeFi intelligence via Einstein's x402 micropayment services. Use when user wants on-chain market analysis, token research, whale tracking, smart money trac
science
EKS security hardening and best practices. Use when configuring cluster security, implementing pod security, managing secrets, preparing for compliance audits, hardening infrastruc
security
Gestionnaire d'emails Gmail PERSONNELS en français pour scanner, trier et archiver automatiquement les emails de l'INBOX selon des règles prédéfinies. **Utiliser pour TOUS les emai
general
Visual language mode. Emoji + short text for faster scanning and fewer output tokens. Three personalities: friendly, professional (default), nightmare. Use when user says "emoji mo
general
Environment and assets sub-skill for README-first AI repo reproduction. Use when the task is specifically to prepare a conservative conda-first environment, checkpoint and dataset
general
Complete environment and secrets management lifecycle. Covers .env file scaffolding, validation scripts, secret leak detection in git history, credential rotation playbooks, and in
security
Monitors external trends across PESTLE dimensions, detects weak signals of emerging change, develops scenario-based futures, and sets adaptive signposts for early warning. Use when
general
Security-focused pull request and diff review skill for finding newly introduced vulnerabilities, risky regressions, and missing security tests in changed code. Trigger when the us
security
Security remediation skill for fixing confirmed or likely SAST findings in source code. Trigger when the user asks to: "fix a vulnerability", "patch this security bug", "remediate
security
General-purpose Static Application Security Testing (SAST) skill for code vulnerability analysis. Trigger when the user asks to: "analyze code for vulnerabilities", "review code se
security
Serialization and deserialization security review skill for object mappers, parser pipelines, message formats, and state transfer mechanisms. Trigger when the user asks to: "review
security
Threat modeling skill for new features, services, endpoints, or repositories. Trigger when the user asks to: "threat model this", "analyze attack surface", "find abuse cases", "map
security
Use when generating branded QR codes for ProductTank SF events - speaker LinkedIn profiles, sponsor websites, or Slack join links. Handles single/bulk generation, correct logo mapp
tools
Smart Excel/CSV file parsing with intelligent routing based on file complexity analysis. Analyzes file structure (merged cells, row count, table layout) using lightweight metadata
general
Feroxbuster is a high-performance content discovery tool written in Rust that performs forced browsing attacks to enumerate hidden files, directories, and endpoints on web servers.
content
Use when uploading, downloading, managing, or integrating files and documents with Salesforce — covering ContentVersion/ContentDocument, REST multipart uploads, base64 inserts, Fil
general
Implement secure file uploads with validation, size limits, type checking, virus scanning, and UUID naming. Use when handling file uploads like profile photos, documents, or resour
general
Use when designing malware and content scanning for files uploaded to Salesforce (Files, Attachments, ContentVersion) — external scanning service callouts, quarantine patterns, and
security
Screen prompts and responses with input and output scanners before an LLM interaction reaches production users or downstream systems.
general
Detect profitable arbitrage opportunities across CEX, DEX, and cross-chain markets in real-time. Use when scanning for price spreads, finding arbitrage paths, comparing exchange pr
general
Prompt injection and jailbreak detection pack. 16 compiled regex patterns across 3 severity levels (CRITICAL, HIGH, MEDIUM). Supports single-prompt and batch scanning modes.
security
Find cheaper flight routes using hidden-city arbitrage and hub transfer combinations. Activates when users search for flights, find cheap flights, compare routes, or look for budge
engineering
Game-specific security review covering cheat prevention, exploit surfaces, and server authority. Audits client-side authority vulnerabilities (damage, health, currency, cooldown, m
security
Gdpr Compliance Scanner - Auto-activating skill for Security Advanced. Triggers on: gdpr compliance scanner, gdpr compliance scanner Part of the Security Advanced skill category.
security
Generate/update project README by scanning all plugins and tools. Use when user asks to "生成 README", "更新 README", "generate README", "update README".
general
Canonical reference for all gh CLI command shapes used by skills in this plugin. Defines the placeholder convention, allowed --json fields, GraphQL fallback rules, -f/-F/--raw-fiel
tools
Set up and configure Git pre-commit hooks for code quality, secrets scanning, and commit message validation. Use when installing git hooks, configuring pre-commit checks, or enforc
tools
Detects leaked secrets in Git repositories using pattern-based scanning with Gitleaks rule definitions and the GitHub Secret Scanning API. Identifies exposed API keys, tokens, and
security
Scans Git repositories for leaked secrets using Gitleaks, TruffleHog, and custom regex patterns. Detects API keys, AWS credentials, private keys, and database connection strings ac
security
Scans git diffs for exposed secrets using truffleHog entropy detection and custom regex patterns. Integrates with pre-commit hooks and GitHub push protection API for real-time bloc
tools
Git security best practices for 2025 including signed commits, zero-trust workflows, secret scanning, and verification
security
Use when the user wants to create, generate, or set up a GitHub Actions workflow. Handles CI/CD pipelines, testing, deployment, linting, security scanning, release automation, Dock
security
Build production CI/CD pipelines with GitHub Actions. Implements matrix builds, caching, deployments, testing, security scanning. Use for automated testing, deployments, release wo
security
Load GitHub Actions automation workflows documentation including CI/CD pipelines, security scanning, and maintenance automation
security
Utility scripts for GitHub pull request management. Includes tools for fetching bot-generated review comments (linters, security scanners, dependabot), replying to review threads p
security
GitHub repository automation (CI/CD, issue templates, Dependabot, CodeQL). Use for project setup, Actions workflows, security scanning, or encountering YAML syntax, workflow config
security
Analyze GitHub repository security alerts and generate remediation plans. Use when the user asks to review security alerts, fix vulnerabilities, check dependabot alerts, review cod
security
Creates GitLab CI/CD pipeline templates using Auto DevOps components, Kaniko for container builds, and SAST/DAST security scanning. Supports multi-project pipelines with trigger an
science
Gitleaks is an open-source SAST tool for detecting hardcoded secrets like passwords, API keys, and tokens in Git repositories, files, and directories. With 24,000+ GitHub stars and
security
Triage inbox backlog with the Gmail API’s `users.threads`, `users.messages`, and `users.labels` methods so agents can classify and prioritize whole conversations instead of isolate
general
Security review for Go applications: input validation, SQL injection, authentication/authorization, secrets management, TLS, OWASP Top 10, and secure coding patterns. Use when perf
security
Provides CI/CD pipeline configuration using GitHub Actions for Golang projects. Covers testing, linting, SAST, security scanning, code coverage, Dependabot, Renovate, GoReleaser, c
engineering
Classify IP addresses as internet scanners (benign/malicious) or targeted attackers — filters noise from security alerts
security
Scan container images, filesystems, and SBOMs for known vulnerabilities using Anchore Grype. Supports major OS package ecosystems and language-specific packages with EPSS risk scor
security
Expert Harbor container registry administrator specializing in registry operations, vulnerability scanning with Trivy, artifact signing with Notary, RBAC, and multi-region replicat
security
Scans codebases for hardcoded secrets using HashiCorp Vault SDK and truffleHog patterns. Integrates with Vault Transit engine for automatic secret rotation and re-encryption of det
security
KI-Selbstheilung durch systematische Subsystembewertung, Neubalancierung und Integration. Bildet Heilungsmodalitaeten auf KI-interne Prozesse ab: Gedaechtnisfundament, Klarheit des
general
Conduct comprehensive Helm chart security and quality audits with automated checks for security contexts, resource limits, and production readiness. Use when reviewing pull request
engineering
Full repo onboarding — bootstraps test infrastructure (Phase A), wires the CI/CD pipeline (Phase B), and generates a project CLAUDE.md (Phase C). Use when onboarding a new repo, se
security
Combined analysis skill to find viral-worthy highlights from videos. Scans transcripts, detects laughter, analyzes sentiment/emotion, and uses scene changes to identify the most en
growth
Automatically maintain repository cleanliness and organization by scanning for misplaced files, organizing loose scripts, and ensuring professional folder structure
general
Implement HubSpot lint rules, secret scanning, and CI policy checks. Use when setting up code quality rules for HubSpot integrations, preventing token leaks, or configuring CI guar
sales
Infrastructure as Code (IaC) security scanning using Checkov with 750+ built-in policies for Terraform, CloudFormation, Kubernetes, Dockerfile, and ARM templates. Use when: (1) Sca
security
Scans Infrastructure as Code for security misconfigurations. Wraps tfsec for Terraform and Checkov for multi-cloud IaC. Use when user asks to "scan Terraform", "IaC security", "inf
security
Deploy Aqua Security's Trivy scanner to detect vulnerabilities, misconfigurations, secrets, and license issues
security
Integrates Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software
security
Configure GitHub Advanced Security with CodeQL to perform automated static analysis and vulnerability detection
security
Configure Google Workspace advanced phishing and malware protection settings including pre-delivery scanning,
security
Deploy and configure Rapid7 InsightVM Security Console and Scan Engines for authenticated and unauthenticated
security
Integrate gitleaks and trufflehog into CI/CD pipelines to detect leaked secrets before deployment
engineering
Open one or more `<tracker>` tracking issues from a markdown file containing a batch of security findings (typically the output of an AI security review or a third-party scanner).
security
Daily industry intelligence scanner. Scans web, social media, news, blogs, and communities for industry-relevant events, trends, and signals. Produces a comprehensive intelligence
content
Comprehensive infrastructure engineering covering DevOps, cloud platforms, FinOps, and DevSecOps. Platforms: AWS (EC2, Lambda, S3, ECS, EKS, RDS, CloudFormation), Azure basics, Clo
engineering
WHEN: Infrastructure security audit, secrets management, network policies, compliance checks WHAT: Secrets scanning + Network policies + IAM/RBAC audit + Compliance validation + Se
security
Test infrastructure configurations and deployments - security scanning with Checkov/tfsec, cost estimation analysis, pre-deployment validation, post- deployment verification, integ
engineering
Provides Infrastructure as Code best practices for Terraform, Pulumi, CloudFormation, and OpenTofu. Use when provisioning infrastructure, writing IaC modules, managing cloud resour
engineering
JASPAR 2024 TF binding profiles via REST API and pyJASPAR. Retrieve PFMs/PWMs by TF name, JASPAR ID, species, or structural class. Scan DNA for TFBS; browse by taxon (human, mouse)
general
VMware vCenter/ESXi read-only monitoring. Code-level enforced safety — no destructive operations exist in this codebase. Use when monitoring VMware infrastructure via natural langu
general
Use when the user wants to learn from external resources (URLs, repos, articles), extract patterns from merged PRs, process a learning queue, configure the daily learning scanner,
content
Comprehensive legacy codebase analysis skill for technical debt assessment, security vulnerability scanning, performance bottleneck detection, and modernization roadmap generation.
security