Loading...
Loading...
Found 22 Skills
Runs available security scanning tools against the current project and produces a consolidated markdown report. Auto-detects installed tools (gitleaks, semgrep, grype, npm audit, bandit, pip-audit, gosec, govulncheck, cargo audit, bundle-audit) and activates language-specific scanners based on project files. Gracefully skips missing tools and provides installation hints. By default scans the entire target directory. Pass --full to make the intent explicit (useful in workflows that combine full-codebase and diff-only scans). Use when running security scans, checking for vulnerabilities, detecting leaked secrets in git history, or validating security posture before commits or releases. Pairs with security-review for a complete security workflow.
Use when explicitly asked to run the security-reviewer subagent or when another skill requires the security-reviewer agent card.
Configure an AI agent to send OpenTelemetry traces to Coval. Use when a user wants to add Coval tracing, instrument an agent for simulations or conversation monitoring, make traces show up in Coval, handle SIP/PSTN/WebSocket trace correlation, or replace the one-command wizard with a security-reviewable manual setup.
Execute a complete, deterministic, read-only repository audit and produce a single `improvements.md` action plan with traceable findings (file + lines), severity, category, impact, and high-level fixes. Use when users ask for full code audits, security/performance/architecture reviews, file-by-file analysis, or technical debt mapping without modifying project files.
Comprehensive code review criteria covering correctness, readability, maintainability, security, performance, and testing. Reference when reviewing code changes or preparing code for review.
Review orchestrator: assess your application and recommend the right combination of design, security, privacy, compliance, resilience, performance, SEO, and GEO reviews.
Server-side architecture and security — API design, error handling, validation, logging. Use when building APIs, server logic, or reviewing backend security.
Comprehensive multi-stage code review using specialized subagents. Use when reviewing PRs with complex architectural impact, security concerns, or when thorough multi-perspective analysis is needed.
This skill should be used when the user asks to "review code", "review PR", "code review", "audit code", "check for bugs", "security review", "review my changes", "find issues in this code", "review the diff", or asks for pull request review or code audit.
Audit Flux CD GitOps repositories for structure, security, API compliance, and best practices. Use this skill whenever the user asks to audit, analyze, review, validate, or check a GitOps repository. Also use it when users mention Flux repo structure, GitOps best practices, manifest validation, deprecated APIs, security review, or repository organization — even if they don't explicitly say "audit".
Performs comprehensive C/C++ security review for memory corruption, integer overflows, race conditions, and platform-specific vulnerabilities. Use when auditing native C/C++ applications, reviewing daemons or services for memory safety, or hunting integer overflow / use-after-free / race conditions in userspace code.
Check installed community skills for updates. Shows a diff and requires explicit approval before applying. Use when the user says "check for updates", "update my skills", "anything new for my installed skills", or when invoked from the registry-sync agent.