Search Results: security

Found 2,960 Skills

Security & Compliancevchirrav/product-security...

api-security-spectral

Run Spectral to lint OpenAPI and AsyncAPI specs for security issues. Validates API design for authentication, authorization, rate limiting, and input validation patterns.

🇺🇸|EnglishTranslated

Security & Compliancentaksh42/agents

security-audit

Perform security audits detecting OWASP Top 10 vulnerabilities, insecure dependencies, and security misconfigurations. Use when auditing applications for security vulnerabilities.

🇺🇸|EnglishTranslated

Security & Compliancebagelhole/devops-security...

soc2-compliance

Implement SOC 2 Trust Services Criteria. Configure security, availability, and processing integrity controls. Use when achieving SOC 2 certification.

🇺🇸|EnglishTranslated

Security & Compliancefoxj77/claude-code-skills

k8s-security-redteam

Use when conducting authorized penetration tests, performing security assessments, running red team exercises, testing security controls, identifying attack paths, or validating hardening measures

🇺🇸|EnglishTranslated

Security & Complianceclaude-dev-suite/claude-d...

java-security

Java and Spring Boot security patterns. Covers Spring Security, dependency auditing, secure coding practices, and OWASP for Java ecosystem. USE WHEN: user works with "Java", "Spring Boot", "Spring Security", asks about "Java vulnerabilities", "Maven security", "Gradle security", "Java injection", "Java authentication" DO NOT USE FOR: general OWASP concepts - use `owasp` or `owasp-top-10` instead, Node.js/Python security - use language-specific skills

🇺🇸|EnglishTranslated

Security & Complianceed1s0nz/cyberstrikeai

cloud-security-audit

Professional Skills and Methodologies for Cloud Security Audits

🇨🇳|ChineseTranslated

Security & Compliancemukul975/anthropic-cybers...

analyzing-dns-logs-for-exfiltration

Analyzes DNS query logs to detect data exfiltration via DNS tunneling, DGA domain communication, and covert C2 channels using entropy analysis, query volume anomalies, and subdomain length detection in SIEM platforms. Use when SOC teams need to identify DNS-based threats that bypass traditional network security controls.

🇺🇸|EnglishTranslated

1 scripts/Checked

Security & Compliancemukul975/anthropic-cybers...

implementing-security-chaos-engineering

Implements security chaos engineering experiments that deliberately disable or degrade security controls to verify detection and response capabilities. Tests WAF bypass, firewall rule removal, log pipeline disruption, and EDR disablement scenarios using boto3 and subprocess. Use when validating SOC detection coverage and resilience.

🇺🇸|EnglishTranslated

1 scripts/Checked

Security & Compliancealo-exp/silver-bullet

security

Use when designing, planning, implementing, or reviewing any non-trivial change — enforces defense in depth, input validation, secure defaults, and OWASP best practices to prevent vulnerabilities before they ship

🇺🇸|EnglishTranslated

Security & Compliancecognitedata/dune-skills

security

MUST be used whenever reviewing a Dune app for security issues, or before shipping any feature that handles credentials, user input, or external data. Do NOT skip this when the user asks for a security review, security audit, or vulnerability check — run every step in order. Triggers: security, security review, security audit, vulnerability, XSS, injection, credentials, secrets, auth, authentication, authorization, token, sensitive data, input validation, CORS, CSP, dependency audit.

🇺🇸|EnglishTranslated

Mobile Developmentdpearson2699/swift-ios-sk...

swift-security

Use when working with iOS/macOS Keychain Services (SecItem queries, kSecClass, OSStatus errors), biometric authentication (LAContext, Face ID, Touch ID), CryptoKit (AES-GCM, ChaChaPoly, ECDSA, ECDH, HPKE, ML-KEM), Secure Enclave, secure credential storage (OAuth tokens, API keys), certificate pinning (SecTrust, SPKI), keychain sharing across apps/extensions, migrating secrets from UserDefaults or plists, or OWASP MASVS/MASTG mobile compliance on Apple platforms.

🇺🇸|EnglishTranslated

Security & Compliancemukul975/anthropic-cybers...

detecting-serverless-function-injection

Detects and prevents code injection attacks targeting serverless functions (AWS Lambda, Azure Functions, Google Cloud Functions) through event source poisoning, malicious layer injection, runtime command execution, and IAM privilege escalation via function modification. The analyst combines static analysis of function code, CloudTrail event correlation, runtime behavior monitoring, and IAM policy auditing to identify injection vectors across the expanded serverless attack surface including API Gateway, S3, SQS, DynamoDB Streams, and CloudWatch event triggers. Activates for requests involving Lambda security assessment, serverless injection detection, function event poisoning analysis, or serverless privilege escalation investigation.

🇺🇸|EnglishTranslated

1 scripts/Attention