Loading...
Loading...
Found 349 Skills
OWASP Top 10 security vulnerabilities and mitigations. Use when conducting security audits, implementing security controls, or reviewing code for common vulnerabilities.
OWASP Security Checklist
Universal security and robustness scanner for any codebase. Use when auditing code for vulnerabilities, security issues, bugs, or robustness problems. Automatically detects tech stack, creates custom audit plans, and performs recursive deep analysis.
Use when explicitly asked to run the security-reviewer subagent or when another skill requires the security-reviewer agent card.
Validate code quality, test coverage, performance, and security. Use when verifying implemented features meet all standards and requirements before marking complete.
Reviews pull requests and code changes for quality, security, and best practices. Use when user asks for code review, PR review, or mentions reviewing changes.
Perform automated code reviews with best practices, security checks, and refactoring suggestions. Use when reviewing code, checking for vulnerabilities, or analyzing code quality.
Review code changes from multiple specialist perspectives in parallel. Use when you want a thorough review of a PR, branch, or set of changes covering security, performance, correctness, edge cases, and ripple effects. Spawns parallel reviewer agents that each focus on a different lens, then synthesizes into a unified review.
Rummage through code with curious precision, inspecting every corner for security risks and cleaning up what doesn't belong. Use when auditing security, finding secrets, removing dead code, or sanitizing before deployment.
Reverse-engineer a product into a mechanically verifiable feature catalog + code map + specs using an RPI-style loop. Triggers: reverse engineer product, catalog full feature set, docs->code mapping, feature inventory, code map, “Ralph loop”, SaaS boundary mapping, security audit reverse engineering, authorized binary analysis.
Comprehensive thoroughness framework. Auto-invoked when planning features, implementing code, fixing bugs, writing tests, analyzing existing code, auditing features, reviewing architecture, or investigating issues. Forces systematic consideration of all edge cases, failure modes, error scenarios, security implications, state transitions, and hidden assumptions so nothing gets missed. Do NOT invoke for trivial changes like typos, renames, single-line fixes, adding imports, or updating config values.
Creates and manages Prowler compliance frameworks. Trigger: When working with compliance frameworks (CIS, NIST, PCI-DSS, SOC2, GDPR, ISO27001, ENS, MITRE ATT&CK).