Loading...
Loading...
Found 2,241 Skills
Runs available security scanning tools against the current project and produces a consolidated markdown report. Auto-detects installed tools (gitleaks, semgrep, grype, npm audit, bandit, pip-audit, gosec, govulncheck, cargo audit, bundle-audit) and activates language-specific scanners based on project files. Gracefully skips missing tools and provides installation hints. By default scans the entire target directory. Pass --full to make the intent explicit (useful in workflows that combine full-codebase and diff-only scans). Use when running security scans, checking for vulnerabilities, detecting leaked secrets in git history, or validating security posture before commits or releases. Pairs with security-review for a complete security workflow.
Detect and analyze potential malware distribution repositories masquerading as legitimate security software
Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.
Technology stack evaluation and comparison with TCO analysis, security assessment, and ecosystem health scoring. Use when comparing frameworks, evaluating technology stacks, calculating total cost of ownership, assessing migration paths, or analyzing ecosystem viability.
Use when reviewing code, pull requests, or diffs. Provides patterns, checklists, and templates for systematic code review with a focus on correctness, security, readability, performance, and maintainability.
Creates repeatable security review checklist for PRs with required checks, common pitfalls, and automated gating. Use for "security review", "PR checklist", "code review", or "security gates".
Guidelines for building Python cybersecurity tools with secure coding practices, async scanning, and structured security testing.
Security review and guidance for iOS, macOS, and watchOS apps. Covers secure storage, biometric authentication, network security, and platform-specific patterns. Use when implementing security features or reviewing code for vulnerabilities.
Run Opengrep for pattern-based code search and security scanning. Use when grep is insufficient for finding code patterns that require structural understanding (function calls, data flow, nested structures). Also use for security vulnerability detection with custom YAML rules.
Security engineering that protects applications, data, and users from real-world threatsUse when "security, authentication, authorization, encryption, OWASP, vulnerability, XSS, SQL injection, CSRF, secrets, password, JWT, OAuth, permissions, audit, compliance, security, authentication, authorization, encryption, vulnerabilities, OWASP, compliance, audit" mentioned.
Research-backed code review skill with OWASP Top 10 security checks, SAST tool integration (SonarQube, CodeQL, Snyk), performance pattern detection, and automated quality standards enforcement. Auto-invoked for code review, security audit, PR analysis, and bug checking. Implements 2025 best practices with 92% faster vulnerability remediation.
Resolve npm dependency vulnerabilities detected by security scans.