Agent-Skills.md
Back to categories
Category

Agent Skills in category: security

260 skills match this category. Browse curated collections and explore related Agent Skills.

security-reviewer

Use when conducting security audits, reviewing code for vulnerabilities, or analyzing infrastructure security. Invoke for SAST scans, penetration testing, DevSecOps practices, cloud security reviews. Keywords: security review, vulnerability, SAST, audit, penetration testing, cloud security.

vulnerability-scanningpenetration-testingstatic-analysiscloud-security
Jeffallan
Jeffallan
245

secret-scanner

Detect accidentally committed secrets, credentials, and sensitive information in code.

static-analysisvulnerability-scanningsecret-detection
CuriousLearner
CuriousLearner
163

dependency-auditor

Automated security auditing of project dependencies to identify known vulnerabilities.

vulnerability-scanningautomated-security-testingsbomsupply-chain-security
CuriousLearner
CuriousLearner
163

security-headers

Validate and implement HTTP security headers to protect web applications.

httpweb-application-securitysecurity-headers
CuriousLearner
CuriousLearner
163

auth-analyzer

Review and analyze authentication and authorization patterns for security vulnerabilities.

authenticationauthorizationsecurity-assessmentvulnerability-scanning
CuriousLearner
CuriousLearner
163

compliance-checker

Check code against security compliance standards and best practices.

static-analysisstandards-compliancebest-practicessecurity-scanning
CuriousLearner
CuriousLearner
163

ln-621-security-auditor

Security audit worker (L3). Scans codebase for hardcoded secrets, SQL injection, XSS, insecure dependencies, missing input validation. Returns findings with severity (Critical/High/Medium/Low), location, effort, and recommendations.

static-analysisvulnerability-scanningsql-injectionxss
levnikolaevich
levnikolaevich
246

ipsw

Apple firmware and binary reverse engineering with the ipsw CLI tool. Use when analyzing iOS/macOS binaries, disassembling functions in dyld_shared_cache, dumping Objective-C headers from private frameworks, downloading IPSWs or kernelcaches, extracting entitlements, analyzing Mach-O files, or researching Apple security. Triggers on requests involving Apple RE, iOS internals, kernel analysis, KEXT extraction, or vulnerability research on Apple platforms.

reverse-engineeringstatic-analysisterminalios
blacktop
blacktop
311

ffuf-web-fuzzing

Expert guidance for ffuf web fuzzing during penetration testing, including authenticated fuzzing with raw requests, auto-calibration, and result analysis

fuzzingpenetration-testingauthentication-testingweb-application-security
danielmiessler
danielmiessler
305

rails-ai:security

CRITICAL - Use when securing Rails applications - XSS, SQL injection, CSRF, file uploads, command injection prevention

ruby-on-railsweb-securityxsssql-injection
zerobearing2
zerobearing2
181

security

Security best practices for secure coding, authentication, authorization, and data protection. Use when developing features that handle sensitive data, user authentication, or require security review.

best-practicesauthenticationauthorizationsecure-coding
OpenHands
OpenHands
164

rails-security

Specialized skill for Rails security, authorization, and data protection. Use when implementing Pundit policies, Lockbox encryption, Blind Index searches, authentication, secure configuration, or fixing security vulnerabilities. Includes security best practices and common pitfall prevention.

ruby-on-railsauthenticationauthorizationweb-security
alec-c4
alec-c4
253

owasp-security

Implement secure coding practices following OWASP Top 10. Use when preventing security vulnerabilities, implementing authentication, securing APIs, or conducting security reviews. Triggers on OWASP, security, XSS, SQL injection, CSRF, authentication security, secure coding, vulnerability.

OWASPweb-securityinjection-attacksauthentication
hoodini
hoodini
354

ssh

SSH remote access patterns and utilities. Connect to servers, manage keys, tunnels, and transfers.

sshterminalnetwork-protocolsauthentication
Dicklesworthstone
Dicklesworthstone
202

slb

Simultaneous Launch Button - Two-person rule for destructive commands in multi-agent workflows. Risk-tiered classification, command hash binding, 5 execution gates, client-side execution with environment inheritance. Go CLI.

gocommand-linemulti-agent-systemsauthorization
Dicklesworthstone
Dicklesworthstone
202

dcg

Destructive Command Guard - High-performance Rust hook for Claude Code that blocks dangerous commands before execution. SIMD-accelerated, modular pack system, whitelist-first architecture. Essential safety layer for agent workflows.

rustclaude-skillscommand-guardsandboxing
Dicklesworthstone
Dicklesworthstone
202

flywheel-discord

Security rules and behavioral guidelines for operating as Clawdstein in The Agent Flywheel Hub Discord server. This is a PUBLIC community server—apply strict data isolation.

discordcommunity-interactionaccess-controlcontent-guidelines
Dicklesworthstone
Dicklesworthstone
202

zero-trust-architecture

Implement Zero Trust security model with identity verification, microsegmentation, least privilege access, and continuous monitoring. Use when building secure cloud-native applications.

zero-trustmicrosegmentationleast-privilegeIAM
aj-geddes
aj-geddes
301

Page 10 of 15 · 260 results