Loading...
Loading...
Found 2,968 Skills
Produce a report-only HIPAA, PHI, and PII audit for healthcare codebases and delivery systems. Inspects code, configs, data flows, integrations, logging, and deployment boundaries for privacy and security gaps without modifying code.
Authors, reviews, installs, and debugs GitHub Agentic Workflows in repositories, including workflow markdown, frontmatter, gh aw compile and run flows, safe outputs, security guardrails, and operational patterns. Use when creating or maintaining GH-AW automation. Don't use for standard deterministic GitHub Actions YAML, generic CI pipelines, or non-GitHub automation systems.
Install, configure, and operate Strix for AI-driven application security testing. Use when you need to run authorized vulnerability scans against local codebases, GitHub repositories, staging URLs, domains, or CI pipelines; configure Docker and LLM providers; choose quick, standard, or deep scan depth; or pass authenticated testing instructions to Strix. Triggers on: strix, ai pentest, vulnerability scan cli, appsec scan, bug bounty automation, strix ci, strix docker, strix scan mode, strix instruction file, headless security scan.
Think and act like an attacker to identify security vulnerabilities, weaknesses, and penetration vectors through adversarial security testing
· Write, review, or architect CI/CD pipelines -- GitHub Actions, GitLab CI, Forgejo. Covers pipeline security, SHA pinning, SBOM, and runner configuration. Triggers: 'ci/cd', 'pipeline', 'github actions', 'gitlab ci', 'forgejo', '.github/workflows', 'runner', 'sha pinning'.
Use when hardening npm supply chain, pinning dependency versions, adding .npmrc security flags, or setting up Renovate and audit workflows. Locks down install-time scripts, registries, version ranges, and CI checks.
Solution skill for using WAF to protect web applications on ECS. Used for quickly deploying network environments including VPC, security groups, and ECS instances, and integrating WAF for web application protection. Trigger words: "WAF protection", "ECS web protection", "Web Application Firewall", "website security"
Query and handle security risk events from Alibaba Cloud Data Security Center. Supports viewing the list of unprocessed risk events and performing manual handling operations on risk events. Trigger words: "Data Security Center", "security risk events", "DSC", "risk handling", "DescribeRiskRules", "PreHandleAuditRisk"
This skill should be used when the user asks to "plan a red team engagement", "scope a penetration test", "design a security assessment methodology", "create rules of engagement", or "plan an adversary simulation".
Ascend C Code Inspection Skill. Conduct security specification inspection on code based on the hypothesis testing methodology. When calling, you must clearly provide: code snippets and inspection rule descriptions. TRIGGER when: Users request code inspection, code review, ask code security questions, check coding specifications, or need to check specific code issues (such as memory leaks, integer overflows, null pointers, etc.). Keywords: Ascend C, code inspection, code review, security specification, memory, pointer, overflow, leak, coding specification.
Guides discovery and documentation of Solana DeFi protocol risks from public code and chain state—Anchor/native programs, PDAs, CPIs, oracles, pools, SPL mechanics, and historical tx reconstruction. Use when the user asks for Solana program security review, DeFi vulnerability triage, PDA or CPI safety, oracle or liquidity-pool risk, launchpad/bonding-curve issues, or evidence-backed severity findings without exploits or private keys.
Managing third-party dependencies — version pinning, security auditing, license compliance, update workflows, lockfile management, supply chain security. Activate on "npm audit", "dependabot", "renovate", "pin versions", "dependency update", "supply chain", "license compliance", "lockfile", "security advisory", "typosquatting", "SBOM". NOT for internal monorepo package management (use monorepo-management) or publishing your own packages to npm/PyPI.