Loading...
Loading...
Found 2,247 Skills
Enables internet access for AWS Lambda functions deployed in VPC subnets by creating NAT Gateway infrastructure, configuring public/private subnet routing, and updating security groups. Use when a VPC-attached Lambda function cannot reach the internet.
Docker and container development agent skill and plugin for Dockerfile optimization, docker-compose orchestration, multi-stage builds, and container security hardening. Use when: user wants to optimize a Dockerfile, create or improve docker-compose configurations, implement multi-stage builds, audit container security, reduce image size, or follow container best practices. Covers build performance, layer caching, secret management, and production-ready container patterns.
Security audit and vulnerability scanner for AI agent skills before installation. Use when: (1) evaluating a skill from an untrusted source, (2) auditing a skill directory or git repo URL for malicious code, (3) pre-install security gate for Claude Code plugins, OpenClaw skills, or Codex skills, (4) scanning Python scripts for dangerous patterns like os.system, eval, subprocess, network exfiltration, (5) detecting prompt injection in SKILL.md files, (6) checking dependency supply chain risks, (7) verifying file system access stays within skill boundaries. Triggers: "audit this skill", "is this skill safe", "scan skill for security", "check skill before install", "skill security check", "skill vulnerability scan".
Interact with the JFrog Platform via the JFrog CLI and REST/GraphQL APIs. Use this skill when the user wants to manage Artifactory repositories, upload or download artifacts, manage builds, configure permissions, manage users and groups, work with access tokens, configure JFrog CLI servers, search artifacts, manage properties, set up replication, manage JFrog Projects, run security audits or scans, look up CVE details, query exposures scan results from JFrog Advanced Security, manage release bundles and lifecycle operations, aggregate or export platform data, or perform any JFrog Platform administration task. Also use when the user mentions jf, jfrog, artifactory, xray, distribution, evidence, apptrust, onemodel, graphql, workers, mission control, curation, advanced security, exposures, or any JFrog product name.
Performs GraphQL introspection attacks to extract the full API schema including types, queries, mutations, subscriptions, and field definitions from GraphQL endpoints. The tester uses introspection queries to map the attack surface, identifies sensitive fields and mutations, tests for query depth and complexity limits, and exploits GraphQL-specific vulnerabilities including batching attacks, alias-based brute force, and nested query DoS. Activates for requests involving GraphQL security testing, introspection attack, GraphQL enumeration, or GraphQL API penetration testing.
Identifying and exploiting Cross-Origin Resource Sharing misconfigurations that allow unauthorized cross-domain data access and credential theft during security assessments.
Performs a structured code review on the current diff or specified files. Checks for correctness, security vulnerabilities, test coverage, code style, and adherence to the project's architecture patterns. Invoked when the user asks for a review, code check, pr review, or quality assessment.
Analyze and understand Avast Premium Security software distribution repositories for security research and threat intelligence
WARNING - This repository distributes malware disguised as Avast Premium Security cracks and keygens
Understanding security risks in software distribution and recognizing illegitimate software packages
Design carrier- and enterprise-scale backbone networks—core/distribution/edge topology, OSPF, IS-IS, BGP and route policy, WAN/MPLS/SD-WAN, DCI, peering, transit, IX, anycast, ECMP, BFD, FRR, addressing, backbone QoS, capacity, maintenance domains, and observability (NetFlow, SNMP, telemetry); EVPN/VXLAN spine-leaf where relevant. This skill should be used when the user asks about network backbone, backbone architect, BGP design, OSPF, IS-IS, WAN architecture, MPLS, SD-WAN, data center interconnect, DCI, internet peering, transit provider, IX, core network design, route policy, ECMP, network redundancy, spine-leaf, or EVPN—not app HTTP/API (enterprise-integration-api-developer), cloud landing zone or VPC only (cloud-architect, enterprise-cloud-architect), host or endpoint security (information-security-engineer), cloud/Linux sysadmin (cloud-system-administrator), cabling without routing (infrastructure-engineer), or OT/ICS (scada-ics-cyber-security-specialist).
Guides senior system and solution architecture—cross-service boundaries, integration patterns, non-functional requirements (scale, reliability, security, cost), ADRs, C4-style modeling, architecture review, build-vs-buy, and phased migration (strangler, dual-write). Use when designing multi-service systems, evaluating platform or vendor choices, writing or reviewing architecture decision records, defining standards and principles, or assessing technical risk across domains—not for single-service RFCs and module design (senior-software-engineer), data platform or mesh decisions (data-architect), cloud landing zone, Well-Architected, and migration architecture (cloud-architect), cloud/IaC implementation (infrastructure-engineer, cloud-engineer), internal developer platform product (platform-engineer), or program tracking (technical-program-manager). For business strategy and cases, use business-consultant; for applied AI (RAG, agents, copilots), use applied-ai-architect-commercial-enterprise.