762 Claude Code skills tagged Scanner. Browse all behavioural skill type-related skills in the open ClaudSkills registry — free to install, one-click via the desktop app.
Showing top 200 of 762 skills, ranked by quality score.
Use when wiring a repo to maintained DETERMINISTIC scanner gates (SAST, dependency-CVE/SBOM, secret-history, IaC/container, mutation, fuzz) that produce ground-truth observables —
security
Run a multi-tool repository quality assessment — git object health, contributor analytics, commit hygiene, hook configuration, secret scanning, module dependency architecture, and
engineering
Atomic Force Microscopy and Scanning Probe Microscopy skill for nanoscale topography, mechanical, and electrical property mapping
general
AWS security configuration scanning and hardening using Prowler, Security Hub, and AWS Config
security
Azure security configuration scanning and hardening using Azure Security Center, Azure Policy, and ScoutSuite
security
Expert-level CodeQL for static analysis, vulnerability detection, and security code scanning
security
Verify that a penetration test has explicit, written, signed authorization before any scanning begins. Reads a Rules-of- Engagement (ROE) attestation file, validates required field
security
Container image and Kubernetes security scanning for CVEs, misconfigurations, and compliance
security
Parse the ROE scope definition, enumerate every in-scope target (hostnames, IPs, CIDRs, URLs, cloud accounts, SaaS tenants), validate syntax, detect overlap with out-of-scope or kn
security
Deploy payloads and shell commands fleet-wide using reliable tasking. Execute scripts, collect data, or run commands across all endpoints with automatic handling of offline sensors
security
Full LP workflow from opportunity scanning to position entry. Autonomously finds the best LP opportunity, designs a strategy, assesses risk, executes any needed swaps, enters the p
general
GCP security configuration scanning and hardening using Security Command Center, Forseti, and ScoutSuite
security
Git diff forensics for surfacing and classifying code changes for trojan detection
general
Chief Security Officer mode. Infrastructure-first security audit: secrets archaeology, dependency supply chain, CI/CD pipeline security, LLM/AI security, skill supply cha — from th
security
Infrastructure as Code security scanning and policy enforcement for Terraform, CloudFormation, Kubernetes, and Pulumi
security
Run Checkmarx KICS for Infrastructure as Code security scanning. Use when analyzing Terraform, CloudFormation, Kubernetes, Ansible, Dockerfile, or other IaC for misconfigurations a
security
Scan project dependencies for CVEs, outdated packages, and license compliance across npm, pip, cargo, go, maven, and other ecosystems. Use for vulnerability scanning, SBOM generati
security
Reviews AWS cost optimization findings for accuracy, validates recommendations, and filters false positives using confidence-based scoring. Use after scanning to ensure high-qualit
general
Parses and processes SARIF files from static analysis tools like CodeQL, Semgrep, or other scanners. Triggers on "parse sarif", "read scan results", "aggregate findings", "deduplic
general
Scan a source-code tree for hardcoded credentials embedded in source files: AWS access keys, GitHub tokens, Stripe keys, Slack tokens, Anthropic API keys, OpenAI keys, JWT signing
security
Scanning Electron Microscopy with Energy Dispersive X-ray Spectroscopy skill for morphology and elemental analysis
general
Scanning Tunneling Microscopy skill for atomic-resolution imaging and local density of states measurements
general
Automated technical architecture review, security assessment, scalability analysis
security
Write and test YARA rules for malware detection and threat hunting. Use when creating YARA signatures, detecting malware families, scanning files or memory for indicators of compro
security
Unified code search via ast-grep (AST structural) + ripgrep (text). TRIGGER when: searching code patterns, finding function calls, AST pattern matching, text keyword search, refact
engineering
Single-pass codebase analysis leveraging Opus 4.6 1M context for comprehensive security scanning, architecture review, and dependency auditing. Loads entire codebases for cross-fil
security
Full-site blog health assessment scanning all blog files for quality scores, orphan pages, topic cannibalization, stale content, and AI citation readiness. Spawns parallel subagent
content
Crawl a domain or sitemap to find broken links (4xx/5xx), orphan pages, and soft-404s — with a prioritised remediation register.
general
Record a vetted Hex package version in hex_vet.exs after a security review — manages the audit ledger, not the scanner. Use to approve a dep after /phx:deps-audit findings or to in
security
Audit all Claude Code skills for compliance with canonical template standards. Use when checking skill quality, validating skill structure, linting SKILL.md files, verifying frontm
general
Generate or refresh coverage manifest for a scanner — lists ALL items in scope so scans can track progress across sessions.
general
Scans Android APKs for Firebase security misconfigurations including open databases, storage buckets, authentication issues, and exposed cloud functions. Use when analyzi — from Jo
engineering
Scans Android APKs for Firebase security misconfigurations including open databases, storage buckets, authentication issues, and exposed cloud functions. Use when analyzi — from en
engineering
OpenSSF-aligned security posture audit across all repos in a GitHub account: default workflow token permissions, allowed-actions policy, branch protection, secret scanning + push p
security
Ghost Security - Secrets and credentials scanner. Scans codebase for leaked API keys, tokens, passwords, and sensitive data. Detects hardcoded secrets and generates findings with s
security
Attack your own system — under explicit authorization — to prove its defenses hold, before launch and continuously after: scope and authorize, recon, scan and enumerate, exploit an
security
Coverage / readability scanner of the haipipe-insight family. Reads the project's probes/ and existing insights/ folders; reports which probes are CONFIRMED and ready for synthesis
general
Manage and interact with MisarDefender — the local macOS security daemon. Use when: checking security daemon status, viewing security events, starting/stopping defender, scanning f
security
Balto platform help — contact center real-time AI guidance with live call coaching, automated QA on 100% of calls, compliance monitoring, and automatic call summarization to CRM. U
sales
Devi AI platform help — Chrome extension for social media lead monitoring across Facebook groups, LinkedIn, X, Reddit, WhatsApp, Telegram, Nextdoor, Bluesky, Threads with AI buying
sales
ReddGrow platform help — Reddit marketing for AI search visibility (GEO) with AI Visibility Scanning across 220+ countries and 4+ AI platforms, AI comment drafting with human revie
sales
VoiceToNotes platform help — AI voice-to-text transcription with real-time capture, AI summaries, grammar correction, OCR scanning, custom prompts, HIPAA compliance, web + iOS + An
sales
Static application security testing (SAST) for changed source files — Vulnetix''s built-in rule set plus optional Semgrep augmentation when `.semgrep` config is present. Use when r
security
Ghost Security - SAST code scanner. Finds security vulnerabilities in source code by planning and executing targeted scans for issues like SQL injection, XSS, BOLA, BFLA, SSRF, and
security
Diagnose en fix scanner problemen. Gebruik bij "scanner", "scan", "OAuth", "tokens".
general
Triage a security scanner's multi-finding output (read via a pluggable scan-format adapter) and turn findings into security work only after a complete operator-reviewed triage. Rea
security
W3 compliance scanning with structural anti-skip enforcement. Detects auto-skill chaining violations (skills/commands that auto-invoke other skills without user approval) using the
general
Use ONE Bash script instead of N sequential Read calls when analyzing multiple files, auditing codebase, finding all matches, scanning dependencies, counting lines, or listing file
general
Daily threat-intel digest — AI-discovered vulnerabilities, AI-in-the-wild exploitation observations, AI-authored malware families, exploit-trends rollup, vendor-trends month-over-m
security
The repository-evaluation lens: judge whether a repo is worth your time in a few minutes — by SCANNING its dashboards, not reading its code — scoring three axes: ALIVE, HEALTHY, an
general
Convert raw scanner findings into atomic work items in the backlog. Assigns priority, category, effort, and identifies file conflicts.
general
Use when starting an epic's wireframe designs, scanning a frontend for UI components, cataloguing existing routes, or inventorying frontend state. Generates or refreshes the UI Dis
product
Diagnoses what makes code complex and why, using the three-symptom two-root-cause framework. Use when code feels harder to work with than it should but the specific problem is uncl
general
Chief Security Officer mode. Infrastructure-first security audit: secrets archaeology, dependency supply chain, CI/CD pipeline security, LLM/AI security, skill supply cha — from Cl
security
ALWAYS use this skill when the user wants to process, route, OCR, index, or organize documents in their knowledge system. Triggers on: processing an inbox or team-inbox, routing dr
content
Run security scans including SAST, dependency scanning, and secret detection
security
Generate a Makefile for a code directory by scanning scripts for output paths and building dependency rules.
tools
Technische Implementierung der Signal-Erkennung und Telegram-Zustellung. Nutze diesen Skill wenn du den Signal-Scanner einrichten, konfigurieren, starten oder debuggen willst. Auch
general
Deep web research, competitor scanning, technology evaluation, and implementation planning. Decomposes work into vertical slices, identifies parallel workstreams, tracks — from sci
science
Use when you need to add or configure Maven plugins in your pom.xml — including quality tools (enforcer, surefire, failsafe, jacoco, pitest, spotbugs, pmd), security scan — from en
engineering
Security-Scanner Agent fuer fabrikIQ und andere Projekte. Fuehrt umfassende Sicherheitspruefungen durch. — from tools-only/X-Skills
security
Use when you need to review, improve, or build Spring Boot 4.0.x applications — including proper usage of @SpringBootApplication, component annotations (@Controller, @Ser — from ja
engineering
Accessibility audit skill for scanning, fixing, and verifying WCAG 2.2 Level A and AA compliance across React, Next.js, Vue, Angular, Svelte, and plain HTML codebases. Use when aud
product
Use when you need to run real accessibility tests — Playwright keyboard interactions, axe-core scanning, visual regression, and WCAG 2.2 compliance checks. The measurement layer th
product
Expert in building accessibility scanning tools, rule engines, document parsers, report generators, and audit automation. WCAG criterion mapping, severity scoring, CLI/GUI scanner
product
Professional LaTeX writing assistant. Capabilities include: scanning existing LaTeX templates, reading reference materials (Word/Text), drafting content strictly following template
content
Automated WCAG 2.1 AA accessibility testing with axe-core and Lighthouse CI. Auto-detects frontend framework (React, Next.js, Vue, Angular, Svelte, Astro, Flutter, React Native), d
product
Discover and configure Bluetooth and Wi-Fi accessories using AccessorySetupKit. Use when presenting a privacy-preserving accessory picker, defining discovery descriptors for BLE or
general
Add private functions from game DLLs (server.dll/engine.dll) to metamod plugins using signature scanning and symbol lookup. Use when adding new private function hooks that require
general
Configure CI/CD pipelines for Adobe integrations with GitHub Actions, including OAuth credential injection, PDF Services testing, Firefly API smoke tests, and secret scanning for A
engineering
Implement Adobe-specific lint rules, CI policy checks, and runtime guardrails covering credential scanning (p8_ patterns), Firefly content policy pre-screening, PDF Services quota
tools
Harness-native operator system cho agentic work — skills, instincts, memory optimization, security scanning, cross-harness workflows. 205K stars.
security
Cross-project blocker scanner. Reads the user-managed project list, runs the upgraded triage prompt against each registered project (catalog mode), maintains the per-project `.dev/
general
Audit and improve website readiness for AI agents using the Cloudflare "Is It Agent Ready?" scanner (isitagentready.com). Covers scanning via API, interpreting results, generating
engineering
Agentic security patterns for AI agent systems including attack vector defense, sandboxing, input sanitization, security scanning, CVE awareness, and least-privilege tool access. U
security
Security scanning for Agent Skills and MCP servers using Snyk agent-scan. Use when installing new skills, auditing existing skills, reviewing MCP server security, or when user says
security
Run agent evaluation tests via `sf agent test run` against the target org's Testing Center. Produces severity-graded findings; CI mode emits SARIF for GitHub Code Scanning. Persist
engineering
AI agent configuration security scanner — 102 rules across secrets, permissions, hooks, MCP servers, and agent definitions. Detects hardcoded secrets, permission misconfigurations,
security
WHEN: Deep AI-powered code analysis, multi-model code review, security scanning with Codex and Gemini WHAT: Comprehensive code review using external AI models with severity-based f
engineering
AI Innovation Radar — strategic AI innovation scanning and advising system. Auto-trigger on ANY of these cues: 'drop' or pasting Perplexity findings/article batches for evaluation,
content
AI Agent 安全检测工具。扫描 OpenClaw 等 AI Agent 的安全风险,包括 API Key 泄露、Skill 投毒、敏感信息泄露、配置风险等。当用户询问 AI 安全、Agent 安全、API Key 泄露、Skill 风险、安全扫描、安全审计时触发。
security
A.I.G Scanner — AI security scanning for infrastructure, AI tools / skills, AI Agents, and LLM jailbreak evaluation via Tencent Zhuque Lab AI-Infra-Guard. Uses built-in exec + Pyth
security
Performs an initial scan of the Alfworld environment to identify all visible objects and receptacles. Processes raw observation text into a structured list of entities to build a m
general
Scans Algorand smart contracts for 11 common vulnerabilities including rekeying attacks, unchecked transaction fees, missing field validations, and access control issues. Use when
security
Govern Alibaba Cloud Container Registry (ACR) — Enterprise Edition vs Personal Edition selection, image vulnerability scanning, namespace IAM least privilege, image retention polic
security
Harden Alibaba Cloud security posture via Security Center (threat detection, vulnerability scanning, baseline checks), WAF, Anti-DDoS Pro, Cloud Firewall, and Network Traffic Analy
security
Analyzes the repository for technical debt, including outdated dependencies, dead code, duplication, and architectural inconsistencies. Provides a classified report based on critic
engineering
Multi-layer virus scanning for Aminet packages. Signature-based detection, heuristic hunk analysis, boot block scanning, quarantine management, and scan orchestration. Use when sca
general
URLScan.io is a free service for scanning and analyzing suspicious URLs. It captures screenshots, DOM content,
general
Parse NetFlow v9 and IPFIX records to detect volumetric anomalies, port scanning, data exfiltration, and C2 beaconing
general
Android BLE hardware integration using the Nordic Semiconductor BLE library (no.nordicsemi.android:ble). Covers UART/GATT service discovery, callbackFlow-based device scanning, con
general
Complete Play Store setup - orchestrates scanning, privacy policy, version management, Fastlane, and workflows (Internal track only)
general
AOSP Part VIII — Connectivity. Use when reasoning about Networking (ConnectivityService, Wi-Fi framework, netd, DNS resolver, VPN, tethering, NetworkSecurityConfig, VCN — from aosp
security
AOSP Part VIII — Connectivity. Use when reasoning about Networking (ConnectivityService, Wi-Fi framework, netd, DNS resolver, VPN, tethering, NetworkSecurityConfig, VCN — from aosp
security
Professional scanner for Binance Futures. SMA 8/21 crossovers. 🇺🇸 | Scanner profissional para Binance Futures. Cruzamentos SMA 8/21. 🇧🇷
general
Generate API_CONTRACT.md by scanning existing routes and controllers
general
Discover and document existing API endpoints from code, logs, and traffic analysis
general
Use when the user wants to audit Aptos Move smart contracts, scan Aptos-specific patterns including global storage model, resource accounts, or coin modules, review Aptos DeFi prot
security
Agent de conception qui génère des diagrammes Mermaid à partir de l'index d'architecture produit par archi-scanner. Génère sur demande (jamais tout d'un coup) : diagramme de classe
engineering
Systematic completeness audit of Architecture Documentation using 188-item viewpoint-based checklist, severity-classified gap detection, technical debt indicators, and architecture
engineering
Interpret and triage architecture scanner output — cluster findings by module and root cause, classify true positives vs false positives vs acceptable design, and produce a priorit
engineering
Statically scan agent-generated JavaScript and shell scripts for dangerous patterns using AST analysis (acorn/swc). Detect eval(), process.env access, dynamic require(), child_proc
engineering
Audit Popoto Redis models for relationship gaps, missing fields, naming inconsistencies, and architectural weaknesses. Use when reviewing data model health, checking model integrit
general
Ordnet automatisierte Accessibility-Scans mit axe, Lighthouse, Pa11y oder ähnlichen Tools ein. Erklärt Treffer, False Positives, False Negatives, manuelle Nachprüfung und Entwickle
product
Deploy ECS tasks and services with GitHub Actions CI/CD. Use for building Docker images, pushing to ECR, updating ECS task definitions, deploying ECS services, integrating with Clo
engineering
Scans AWS CloudWatch Logs using the CloudWatch Logs Insights API and CloudWatch Anomaly Detection API. Identifies unusual error patterns, latency spikes, and log volume anomalies a
engineering
Amazon DynamoDB patterns using AWS SDK for Java 2.x. Use when creating, querying, scanning, or performing CRUD operations on DynamoDB tables, working with indexes, batch operations
tools
Use when implementing ANY computer vision feature — image analysis, pose detection, person segmentation, subject lifting, text recognition, barcode scanning.
general
subject not detected, hand pose missing landmarks, low confidence observations, Vision performance, coordinate conversion, VisionKit errors, observation nil, text not recognized, b
general
Vision framework API, VNDetectHumanHandPoseRequest, VNDetectHumanBodyPoseRequest, person segmentation, face detection, VNImageRequestHandler, recognized points, joint landmarks, VN
general
Analyze Azure resource groups and generate detailed Mermaid architecture diagrams showing the relationships between individual resources. USE FOR: create architecture diagram, visu
engineering
Bulk backlog scanner that analyzes the entire finans codebase vs CLAUDE.md, identifies ALL gaps, and generates a comprehensive, prioritized, numbered task backlog. Uses broad→narro
general
Stock momentum scanner and portfolio intelligence. Look up any ticker for momentum scores, RSI, coil breakout patterns, and AI analysis. Scan top signals across 6,500+ stocks and c
security
Competitive intelligence engine that deconstructs competitor positioning, surfaces exploitable weaknesses, and predicts competitive responses. Use when: competitive analysis, compe
security
Automated reconnaissance using BBOT (Black Lantern Security's recursive internet scanner). Use when performing bug bounty recon, attack surface management, subdomain enumeration, w
security
Bearer CLI is an open-source static application security testing (SAST) tool that scans source code to identify, filter, and prioritize security vulnerabilities and privacy risks.
security
Cross-cutting best practices enforcement across code, templates, skills, prompts, scripts, documentation, pages, and design. The enforcement layer that catches violations any speci
security
A fast, configurable secrets scanner built by the creator of Gitleaks and backed by Aikido Security. Betterleaks detects leaked passwords, API keys, and tokens in git repositories,
security
Scans Azure Bicep templates for security misconfigurations and compliance violations. Detects issues like public endpoints, missing encryption, overly permissive access, disabled l
security
Analyzes base-editing screens for variant function. Covers library design (Sanson 2020 GRACE, Hanna 2021 BRCA1/2 SNV scanning, Cuella-Martin 2021), CBE vs ABE chemistry choice (BE3
science
Designs and ranks guide RNAs (sgRNAs) for CRISPR-Cas9/Cas12a gene knockout by scanning a target for PAM sites (NGG SpCas9, NNGRRT SaCas9, TTTV Cas12a, NG SpCas9-NG, near-PAMless Sp
science
Business card scanner + Google Contacts manager. Auto-detects business card images, extracts contact info via OCR (imageModel), confirms with user, saves to Google Contacts with co
general
Document brownfield projects for AI context by scanning source code and generating comprehensive documentation. Detects project type, scans codebase at configurable depth (quick/de
general
Static analysis security vulnerability scanner for Ruby on Rails applications. Use when analyzing Rails code for security issues, running security audits, reviewing code for vulner
security
Analyzes existing brownfield projects to map documentation to SpecWeave's structure (PRD/HLD/Spec/Runbook). Use when migrating existing projects to SpecWeave, scanning legacy docs,
product
Discover trending topics and content ideas from social feeds for post creation. Use when scanning Twitter timeline or finding content inspiration.
general
Design and implement a comprehensive DevSecOps pipeline in GitLab CI/CD integrating SAST, DAST, container scanning,
security
Deploy DefectDojo as a centralized vulnerability management dashboard with scanner integrations, deduplication,
security
Builds a structured vulnerability scanning workflow using tools like Nessus, Qualys, and OpenVAS to discover,
security
Use when implementing Kubernetes security patterns including RBAC, NetworkPolicies, Pod Security Standards, secrets management, image scanning with Trivy, Cosign signing, and Dapr
security
Execute comprehensive web application security testing using Burp Suite's integrated toolset, including HTTP traffic interception and modification, request analysis and replay, aut
security
Extract contact information from business card images using OCR - name, company, email, phone, address.
general
Scans Cairo/StarkNet smart contracts for 6 critical vulnerabilities including felt252 arithmetic overflow, L1-L2 messaging issues, address conversion problems, and signature replay
security
Comprehensive procedures for building and extending Myco's Canopy code intelligence system. Covers agent harness task standardization, three-layer file exclusion models, context in
engineering
Cariddi is a Go-based security tool that takes a list of domains, crawls their URLs, and scans for endpoints, secrets, API keys, file extensions, tokens, and errors. It supports co
security
Secure CAST AI API keys, RBAC configuration, and Kvisor security agent. Use when hardening CAST AI cluster access, configuring security scanning, or implementing API key rotation p
security
Run CDK validation, security scanning, build, test, and deployment. Use when the user asks to test CDK code, validate CDK configurations, run CDK checks, or deploy CDK to a dev env
engineering
Run the full repository compatibility pass: scanner score, startup path, validation loop, and docs reliability.
general
Checkov IaC Scanner is built around Kubernetes orchestration platform. The underlying ecosystem is represented by kubernetes/kubernetes (121,313+ GitHub stars). It gives an agent a
tools
Scans IaC files with Bridgecrew Checkov for policy violations across Terraform, CloudFormation, Kubernetes, and Dockerfile configurations. Supports custom Python-based policy autho
engineering
Create checkpoints from receipt photos using QR scanning, e-Kasa API, and GPS extraction (10-40s) — from general/general-misc
general
Create checkpoints from receipt photos using QR scanning, e-Kasa API, and GPS extraction (10-40s) — from majiayu000/claude-skill-registry
general
Health check — verify dev-core config, GitHub project, labels, workflows, branch protection, secret scanning, CI hardening. Triggers: "checkup" | "health check" | "check setup" | "
security
Design and generate CI/CD pipelines from detected project stack signals. Covers GitHub Actions, GitLab CI, CircleCI, and Buildkite with caching, matrix builds, deployment strategie
engineering
WHEN: CI/CD pipeline review, GitHub Actions, GitLab CI, Jenkins, build optimization WHAT: Pipeline structure + Job optimization + Security scanning + Caching strategy + Deployment
engineering
Diagnose and fix CI/CD pipeline failures, test errors, GitHub Actions issues, and code scanning alerts.
engineering
Audits CircleCI orb dependencies using the CircleCI v2 API and orb registry. Detects outdated orb versions, deprecated commands, and known CVEs in orb executor images via Trivy sca
engineering
Scans CircleCI config.yml for outdated orb versions using the CircleCI Orbs Registry API. Reports CVEs linked to orb dependencies via Snyk vulnerability database lookups.
engineering
Security scanner and input sanitizer for AI agents. Detects prompt injection, command injection, SSRF, credential exfiltration, and path traversal attacks. Use when (1) installing
security
Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semg
security
Pure local 2026 ClawHub/OpenClaw skill scanner. Detects ClawHavoc malware, MCP backdoors, obfuscated payloads, and supply-chain attacks. 100% read-only analysis.
security
Defense-in-depth security for AI-assisted development. Pre-commit secret scanning (Gitleaks + native fallback), repo-wide pattern detection, token lifecycle management, and AI agen
security
Pre-production security audit and vulnerability scanning. Run Snyk + Aikido dependency scans, OWASP analysis, and set up automated GitHub security checks with Jules. Use when asked
security
Technology-agnostic prompt generator that creates customizable AI prompts for scanning codebases and identifying high-quality code exemplars. Supports multiple programming language
tools
Detect hardcoded values, magic numbers, and leaked secrets. TRIGGERS - hardcode audit, magic numbers, PLR2004, secret scanning.
general
Security-focused code review for OpenSite/Toastability platform. Use when reviewing PRs for security issues, auditing new API endpoints, checking for HIPAA/SOC2 compliance violatio
security
Comprehensive code review skill for TypeScript, JavaScript, Python, Swift, Kotlin, Go. Includes automated code analysis, best practice checking, security scanning, and re — from Al
engineering
Comprehensive code review skill for TypeScript, JavaScript, Python, Swift, Kotlin, Go. Includes automated code analysis, best practice checking, security scanning, and re — from bg
engineering
Automated code review with security scanning, quality metrics, and best practices analysis. Use when reviewing code for: (1) Security vulnerabilities and common attack vectors, (2)
engineering
Review code with security scanning, complexity analysis, and auto docs. Use when auditing codebases, suggesting refactors, or enforcing standards.
engineering
Comprehensive code security audit toolkit combining OWASP Top 10 vulnerability scanning, dependency analysis, secret detection, SSL/TLS verification, AI Agent security checks, and
security
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnera — from se
security
Use when checking a repository's .coderabbit.yaml (or .coderabbit.yml) to determine whether inheritance: true is set
general
Configure CodeRabbit for security-focused code review with secret detection and vulnerability scanning. Use when setting up security review rules, configuring secret detection in P
security
Find missed token savings by scanning AI coding session files for commands that ran without tokf filtering.
general
VMware vCenter/ESXi read-only monitoring. Code-level enforced safety — no destructive operations exist in this codebase. Use when monitoring VMware infrastructure via nat — from Da
general
Scans a repo for disciplines that exist only in prose, convention, or agent memory but are NOT enforced by executable code, then codifies each into the right surface — a script, a
general
Findet missverständliche deutsch-englische Rechtsbegriffe und schlägt sichere Formulierungen für Verträge und Memos vor.
general
Deep research on any company by scanning their public website to extract customers, partners, case studies, testimonials, key metrics, and competitive positioning. Produces a polis
science
Use when the user wants to set up ongoing competitor monitoring — define competitors to track, configure scanning frequency, enable change detection alerts, and establish competiti
general
Generate docker-compose.yml by scanning your project. Use when containerizing an existing app.
engineering
Configure code scanning in Harness pipelines using STO security scanners. Helps identify where to inject SAST/SCA scanning steps into existing pipelines, recommends appropriate sca
security
Container vulnerability scanning and dependency risk assessment using Grype with CVSS severity ratings, EPSS exploit probability, and CISA KEV indicators. Use when: (1) Scanning co
security
Scans Docker and OCI container images for vulnerabilities using Trivy JSON output and the Docker Hub API v2 for image metadata. Analyzes base image layers via Syft SBOM generation
security
Manage container registries (Docker Hub, ECR, GCR) with image scanning, retention policies, and access control.
engineering
Scans containers and Dockerfiles for security issues. Wraps Hadolint for Dockerfile linting and Trivy for container image scanning. Use when user asks to "scan Dockerfile", "lint D
security
Comprehensive container security guidance including vulnerability scanning with Trivy, image hardening, secrets management, and CIS benchmark compliance. Activates when working wit
security
Harden Docker/container images and runtime deployments with secure base images, non-root users, CVE scanning, SBOM/signing, seccomp/AppArmor, and Kubernetes pod security controls.
security
Create or update a task context dump document by scanning existing content and appending only new, non-duplicative progress. Use only when the user explicitly requests a context du
general
Validate cross-episode continuity by scanning scenes for invented details, contradictions, and timeline violations. Use after scene creation/editing to detect continuity errors. Tr
general
Copy-pasteable Continuum patterns — RAG, plan-and-execute, ReAct, multi-tenant agents, FastAPI integration, structured output, prompt-injection scanning, custom containers. Invoke
content
Read and write NFC tags using CoreNFC. Use when scanning NDEF tags, reading ISO7816/ISO15693/FeliCa/MIFARE tags, writing NDEF messages, handling NFC session lifecycle, configuring
general
Scans Cosmos SDK blockchain modules and CosmWasm contracts for consensus-critical vulnerabilities — chain halts, fund loss, state divergence. 25 core + 16 IBC + 10 EVM + 3 CosmWasm
security
Code Query with AI-enhanced deterministic analysis via SplitMix ternary classification
security
Identifies security vulnerabilities, generates structured audit reports with severity ratings, and provides actionable remediation guidance. Use when conducting security — from ank
security
Create and run custom background analysis workers with composable phases. Use when you need automated code analysis, security scanning, pattern learning, or API documentation gener
security
Discover all customers of a given company by scanning websites, case studies, review sites, press, social media, job postings, and more. Use when you need competitive intelligence
general
Remediate dependency vulnerability scanner failures by verifying live package registry data and upgrading instead of suppressing. Use when an SCA / CVE tool fails or files an alert
security
Run deterministic CWE Top 25 checks (Semgrep + custom rules) before and after edits to enforce Constitution principle 7 at G2 Validate. Activate on file edits at risk moderate or h
general
Scan your codebase to extract design tokens, detect framework, discover components, and configure preferred libraries. Run once per project before /d2c-build. Use when setting up d
general
Fast web fuzzer for DAST testing with directory enumeration, parameter fuzzing, and virtual host discovery. Written in Go for high-performance HTTP fuzzing with extensive filtering
security
Fast, template-based vulnerability scanning using ProjectDiscovery's Nuclei with extensive community templates covering CVEs, OWASP Top 10, misconfigurations, and security issues a
security
Dynamic Application Security Testing with two tiers: Nuclei (fast, template-based) and ZAP (deep, active scanning via Docker). Use when asked to scan for vulnerabilities, run a sec
security
Dynamic Application Security Testing execution and management. Configure and execute OWASP ZAP and Nuclei scans, run authenticated scanning, manage scan policies and scope, correla
security
Dynamic application security testing (DAST) using OWASP ZAP (Zed Attack Proxy) with passive and active scanning, API testing, and OWASP Top 10 vulnerability detection. Use when: (1
security
Local-first data asset manager — scan, classify, and report on your data before deciding what to share. Use when user mentions scanning files, classifying data, data inventory, or
general
Detection rules and grep patterns for database performance anti-patterns. Use when scanning codebase for N+1 queries, sequential queries, or connection pool issues.
general
Deal intelligence assistant that combines Attio CRM, Gmail, Granola, and Extruct AI signal monitoring to answer questions about deals, contacts, and pipeline. Supports deal analysi
general
Deep directory traversal, dependency analysis, env var discovery, and architecture summarization. Returns partial JSON for the parent scanner to assemble.
engineering
Enforces dependency health rules (DEP-1 through DEP-5). Loaded by the conductor for dependency update operations and CI full-check runs. Detects known vulnerabilities, version lag,
security
SKILL.md files, not affiliated with, endorsed by, or sponsored by Anthropic.