Loading...
Loading...
Found 2,968 Skills
Entry P1 category router for API security. Use when choosing between API recon, authorization, token abuse, and hidden-parameter workflows before any deeper API topic skill.
Use when assessing or reviewing Kubernetes workloads running on Amazon EKS for best practice compliance, including pod configuration, security posture, observability, networking, storage, image security, and CI/CD practices. Requires kubectl and awscli access to the target cluster. Triggers on "assess my EKS workloads", "check k8s best practices", "assess container workloads", "evaluate pod security", "workload compliance check", "EKS workload assessment", "检查 K8s 工作负载", "评估容器最佳实践", "审计 EKS 应用", "检查 Pod 配置", "容器安全评估", "工作负载合规检查".
Automated code review and analysis. Use when: user wants to review code changes, check for issues, analyze complexity, or perform security scans.
Threat modeling methodologies (STRIDE, PASTA, LINDDUN), attack tree analysis, common attack patterns (OWASP Top 10, CWE), risk assessment frameworks, and security architecture patterns
Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), container security scanning, dependency vulnerability management, and common vulnerability tools (Snyk, Trivy, OWASP ZAP, SonarQube)
Reviews code for quality, security, tests, and project standards (PEP 8, type hints, VERSION, Docker, funcoes.md). Use when reviewing pull requests, code changes, or when the user asks for a code review or quality check.
Generate a STRIDE-based security threat model for a repository. Use when setting up security monitoring, after architecture changes, or for security audits.
Code review and audit system with specialized sub-skills covering SOLID principles, security, performance, architecture, error handling, testing, code smells, design patterns, and framework best practices. Generates severity-scored findings with copy-pasteable fix prompts. Strictly read-only — never modifies user code. Use when user says "review", "audit", "code review", "check my code", "security scan", "code smells", "SOLID check".
Use these skills when you need to monitor replication health, manage sync states between nodes, and audit database roles and security settings to ensure environment integrity.
Add Arcjet Guard protection to AI agent tool calls, background jobs, queue workers, and other code paths where there is no HTTP request. Covers rate limiting, prompt injection detection, sensitive information blocking, and custom rules using `@arcjet/guard` (JS/TS) and `arcjet.guard` (Python). Use this skill whenever the user wants to protect tool calls, agent loops, MCP tool handlers, background workers, or any non-HTTP code from abuse — even if they describe it as "rate limit my tool calls," "block prompt injection in my agent," "add security to my MCP server," or "protect my queue worker" without mentioning Arcjet or Guard specifically. Uses the Arcjet CLI (`npx @arcjet/cli` or `brew install arcjet`) for authentication and site/key setup.
Read a GitHub Issue, create a detailed plan in `_/local-plans/<issue-number>-<slug>.md`, and implement the code **after user approval**. After implementation, perform a security review (OWASP Top 10) → run tests → commit using Conventional Commits. Used for implementation requests where an Issue number or URL is provided, such as "Implement Issue #N" or "Start working on this Issue".
Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for "run ship gate", "am I ready to ship", "pre-launch audit", "can I deploy", "push to production", "go live checklist", "preflight check". Not for CI/CD setup or infra provisioning.