Loading...
Loading...
Found 2,001 Skills
Use when reviewing code for security vulnerabilities, implementing authorization, or ensuring data protection.
Multi-Model Collaboration — Invoke gemini-agent and codex-agent for auxiliary analysis **Trigger Scenarios** (Proactive Use): - In-depth code analysis: algorithm understanding, performance bottleneck identification, architecture sorting - Large-scale exploration: 5+ files, module dependency tracking, call chain tracing - Complex reasoning: solution evaluation, logic verification, concurrent security analysis - Multi-perspective decision-making: requiring analysis from different angles before comprehensive judgment **Non-Trigger Scenarios**: - Simple modifications (clear changes in 1-2 files) - File searching (use Explore or Glob/Grep) - Read/write operations on known paths **Core Principle**: You are the decision-maker and executor, while external models are consultants.
Framework for assessing IT service providers, technology vendors, and third-party partners. Creates structured risk assessments across financial, operational, compliance, security, and reputational dimensions with regulatory checklists (GDPR, DORA, NIS2, SOX). Use when: (1) Evaluating new vendors or technology providers, (2) Conducting third-party risk assessments for procurement, (3) Performing critical vendor due diligence for regulatory compliance, (4) Creating vendor onboarding documentation, (5) Establishing ongoing vendor monitoring processes, (6) Assessing vendor concentration risk, or (7) Generating executive-level vendor risk reports.
Elasticsearch and Elastic APM integration with Serilog structured logging for .NET applications. Use when: (1) Implementing or configuring Serilog with Elasticsearch sink, (2) Setting up Elastic APM with data streams and authentication, (3) Creating logging extension methods in Infrastructure layer, (4) Enriching logs with app-name and app-type properties, (5) Configuring log levels and environment-specific logging, (6) Questions about logging security (PII, credentials), or (7) Troubleshooting observability and monitoring setup.
Comprehensive guide for building Model Context Protocol (MCP) servers with support for tools, resources, prompts, and authentication. Use when: (1) Creating custom MCP servers, (2) Integrating external APIs with Claude, (3) Building tool servers for specialized domains, (4) Creating resource providers for documentation, (5) Implementing authentication and security
Kubernetes security policies, RBAC, and Pod Security Standards for hardened cluster deployments. Use when implementing cluster security, defining network policies, or enforcing security compliance in Kubernetes environments.
Use when writing, reviewing, or refactoring WordPress PHP code. Covers WordPress Coding Standards (WPCS), naming conventions, Yoda conditions, $wpdb usage, escaping with esc_html/esc_attr/esc_url, wp_kses, hooks (add_action, add_filter, apply_filters, do_action), i18n functions (__(), _e(), _x, _n), wp_enqueue_script, wp_enqueue_style, formatting rules, deprecated function replacements, and WordPress API best practices. For security see wp-security; for performance see wp-performance; for blocks see wp-blocks.
WHEN: Dockerfile review, multi-stage builds, layer optimization, docker-compose WHAT: Image optimization + Layer caching + Security scanning + Compose best practices + Build efficiency WHEN NOT: Kubernetes → k8s-reviewer, Terraform → terraform-reviewer
Threat modeling methodologies (STRIDE, DREAD), attack trees, threat modeling as code, and integration with SDLC for proactive security design
Security audit for vulnerabilities, compliance issues, and sensitive data exposure. Use before production deployments or when reviewing security-sensitive code.
Security vulnerability scanner and OWASP compliance auditor for codebases. Dependency scanning (npm audit, pip-audit), secret detection (high-entropy strings, API keys), SAST for injection/XSS vulnerabilities, and security posture reports. Activate on 'security audit', 'vulnerability scan', 'OWASP', 'secret detection', 'dependency check', 'CVE', 'security review', 'penetration testing prep'. NOT for runtime WAF configuration (use infrastructure tools), network security/firewalls, or compliance certifications like SOC2/HIPAA (legal/organizational).
Guide for implementing MongoDB - a document database platform with CRUD operations, aggregation pipelines, indexing, replication, sharding, search capabilities, and comprehensive security. Use when working with MongoDB databases, designing schemas, writing queries, optimizing performance, configuring deployments (Atlas/self-managed/Kubernetes), implementing security, or integrating with applications through 15+ official drivers. (project)