Loading...
Loading...
Found 34 Skills
Run Anchore Grype for SCA vulnerability scanning on filesystems and container images. Matches dependencies against multiple vulnerability databases (NVD, GitHub, OS advisories).
Security auditing for Rust/WebAssembly applications. Identifies vulnerabilities, reviews unsafe code, validates input handling, and ensures secure defaults. Follows OWASP guidelines and Rust security best practices.
CVE vulnerability testing coordinator that identifies technology stacks, researches known vulnerabilities, and tests applications for exploitable CVEs using public exploits and proof-of-concept code.
Security architecture and threat modeling. OWASP Top 10 analysis, security pattern implementation, vulnerability assessment, and security review for code and infrastructure.
Use this agent when you need to perform security audits, vulnerability assessments, or security reviews of code. This includes checking for common security vulnerabilities, validating input handling, reviewing authentication/authorization implementations, scanning for hardcoded secrets, and ensuring OWASP compliance. <example>Context: The user wants to ensure their newly implemented API endpoints are secure before deployment.\nuser: "I've just finished implementing the user authentication endpoints. Can you check them for security issues?"\nassistant: "I'll use the security-sentinel agent to perform a comprehensive security review of your authentication endpoints."\n<commentary>Since the user is asking for a security review of authentication code, use the security-sentinel agent to scan for vulnerabilities and ensure secure implementation.</commentary></example> <example>Context: The user is concerned about potential SQL injection vulnerabilities in their database queries.\nuser: "I'm worried about SQL inj...
Perform language and framework specific security best-practice reviews and suggest improvements. Trigger only when the user explicitly requests security best practices guidance, a security review/report, or secure-by-default coding help. Trigger only for supported languages (python, javascript/typescript, go). Do not trigger for general code review, debugging, or non-security tasks.
Validate authentication mechanisms for security weaknesses and compliance. Use when reviewing login systems or auth flows. Trigger with 'validate authentication', 'check auth security', or 'review login'.
Load PROACTIVELY when task involves security review, vulnerability assessment, or hardening. Use when user says "check for security issues", "audit for vulnerabilities", "scan for secrets", "review auth security", or "check OWASP compliance". Covers authentication and session security, authorization and access control, input validation and injection prevention, data protection and encryption, dependency vulnerability scanning, API security (CORS, rate limiting, headers), and infrastructure hardening. Produces structured reports with severity ratings.
Security analysis, vulnerability assessment, and security code reviews
Use when conducting authorized penetration tests, performing security assessments, running red team exercises, testing security controls, identifying attack paths, or validating hardening measures