Search Results: vulnerability-scanning

Found 54 Skills

security-review-2

A general skill for performing security reviews and auditing codebases for vulnerabilities. ALWAYS run this at the end of each task.

🇺🇸|EnglishTranslated

583

Security & Compliancejeffallan/claude-skills

security-reviewer

Use when conducting security audits, reviewing code for vulnerabilities, or analyzing infrastructure security. Invoke for SAST scans, penetration testing, DevSecOps practices, cloud security reviews.

🇺🇸|EnglishTranslated

Security & Complianceaffaan-m/everything-claud...

security-scan

Scan your Claude Code configuration (.claude/ directory) for security vulnerabilities, misconfigurations, and injection risks using AgentShield. Checks CLAUDE.md, settings.json, MCP servers, hooks, and agent definitions.

🇺🇸|EnglishTranslated

Security & Compliancetrailofbits/skills

algorand-vulnerability-scanner

Scans Algorand smart contracts for 11 common vulnerabilities including rekeying attacks, unchecked transaction fees, missing field validations, and access control issues. Use when auditing Algorand projects (TEAL/PyTeal).

🇺🇸|EnglishTranslated

Security & Compliancetrailofbits/skills

substrate-vulnerability-scanner

Scans Substrate/Polkadot pallets for 7 critical vulnerabilities including arithmetic overflow, panic DoS, incorrect weights, and bad origin checks. Use when auditing Substrate runtimes or FRAME pallets.

🇺🇸|EnglishTranslated

Security & Compliancetrailofbits/skills

ton-vulnerability-scanner

Scans TON (The Open Network) smart contracts for 3 critical vulnerabilities including integer-as-boolean misuse, fake Jetton contracts, and forward TON without gas checks. Use when auditing FunC contracts.

🇺🇸|EnglishTranslated

Security & Compliancetrailofbits/skills

cairo-vulnerability-scanner

Scans Cairo/StarkNet smart contracts for 6 critical vulnerabilities including felt252 arithmetic overflow, L1-L2 messaging issues, address conversion problems, and signature replay. Use when auditing StarkNet projects.

🇺🇸|EnglishTranslated

Security & Compliancehieutrtr/ai1-skills

code-review-security

Security-focused code review checklist and automated scanning patterns. Use when reviewing pull requests for security issues, auditing authentication/authorization code, checking for OWASP Top 10 vulnerabilities, or validating input sanitization. Covers SQL injection prevention, XSS protection, CSRF tokens, authentication flow review, secrets detection, dependency vulnerability scanning, and secure coding patterns for Python (FastAPI) and React. Does NOT cover deployment security (use docker-best-practices) or incident handling (use incident-response).

🇺🇸|EnglishTranslated

1 scripts/Attention

Security & Compliancejorgealves/agent_skills

prompt-injection-scanner

Audits agent skill instructions and system prompts for vulnerabilities to prompt hijacking and indirect injection. Use when designing new agent skills or before deploying agents to public environments where users provide untrusted input.

🇺🇸|EnglishTranslated

Security & Compliancegiuseppe-trisciuoglio/dev...

typescript-security-review

Provides comprehensive security review capability for TypeScript and Node.js applications, validates code against XSS, injection, CSRF, JWT/OAuth2 flaws, dependency CVEs, and secrets exposure. Use when performing security audits, before deployment, reviewing authentication/authorization implementations, or ensuring OWASP compliance for Express, NestJS, and Next.js. Triggers on "security review", "check for security issues", "TypeScript security audit".

🇺🇸|EnglishTranslated

Security & Compliancetrailofbits/skills

solana-vulnerability-scanner

Scans Solana programs for 6 critical vulnerabilities including arbitrary CPI, improper PDA validation, missing signer/ownership checks, and sysvar spoofing. Use when auditing Solana/Anchor programs.

🇺🇸|EnglishTranslated

Security & Compliancesergiodxa/agent-skills

owasp-security-check

Security audit guidelines for web applications and REST APIs based on OWASP Top 10 and web security best practices. Use when checking code for vulnerabilities, reviewing auth/authz, auditing APIs, or before production deployment.

🇺🇸|EnglishTranslated