Loading...
Loading...
Found 114 Skills
Main security scanning orchestration. Detects language, runs OWASP Top 10 patterns, identifies vulnerabilities, generates structured reports. Use when scanning for XSS, SQL injection, command injection, secrets, or any security vulnerability.
Coordinate multi-layer security scanning and hardening across application, infrastructure, and compliance controls.
You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across ecosystems to identify vulnerabilities, assess risks, and recommend remediation.
Static Application Security Testing (SAST) for code vulnerability analysis across multiple languages and frameworks
Detect common Python vulnerabilities such as SQL injection, unsafe deserialization, and hardcoded secrets. Use as part of a secure SDLC for Python projects.
Scan for unprotected MCP servers using @contextware/mcp-scan package. Enables security auditing of local AI tools and network endpoints.
Validate security findings from commit-security-scan by assessing exploitability, filtering false positives, and generating proof-of-concept exploits. Use after running commit-security-scan to confirm vulnerabilities.
WHEN: Performance analysis, bundle size optimization, rendering, Core Web Vitals, code splitting WHAT: Bundle analysis + large dependency detection + re-render issues + useMemo/useCallback suggestions + LCP/FID/CLS improvements WHEN NOT: Code quality → code-reviewer, Security → security-scanner
Install Claude skills from GitHub repositories with automated security scanning. Triggers when users want to install skills from a GitHub URL, need to browse available skills in a repository, or want to safely add new skills to their Claude environment.
Run Semgrep static analysis for fast security scanning and pattern matching. Use when asked to scan code with Semgrep, write custom YAML rules, find vulnerabilities quickly, use taint mode, or set up Semgrep in CI/CD pipelines.
Detect security misconfigurations in config files, Docker, and IaC. Use when reviewing configuration security for containers, Kubernetes, Terraform, or application settings.
This skill should be used when the user asks to "verify code", "run verification", "check quality", "validate changes", or before creating a PR. Provides comprehensive verification including build, type check, lint, tests, security scan, and diff review.