Loading...
Loading...
Found 44 Skills
Performs comprehensive codebase audit checking architecture, tech debt, security vulnerabilities, test coverage, documentation, dependencies, and maintainability. Use when auditing a project, assessing codebase health, running security scans, checking for vulnerabilities, reviewing code quality, analyzing tech debt, or asked to audit/analyze the entire codebase.
This skill should be used when analyzing technical debt in a codebase, documenting code quality issues, creating technical debt registers, or assessing code maintainability. Use this for identifying code smells, architectural issues, dependency problems, missing documentation, security vulnerabilities, and creating comprehensive technical debt documentation.
Comprehensively reviews Python libraries for quality across project structure, packaging, code quality, testing, security, documentation, API design, and CI/CD. Provides actionable feedback and improvement recommendations. Use when evaluating library health, preparing for major releases, or auditing dependencies.
Review Python dependencies for known security advisories, stale version pins, and unsafe upgrade paths. Use when users ask for dependency security reviews, requirements or lockfile audits, upgrade planning, pre-release risk checks, or remediation prioritization for Python projects.
Automated security scanning for dependencies, code, containers with Trivy, Snyk, npm audit. Use for CI/CD security gates, pre-deployment audits, compliance requirements, or encountering CVE detection, outdated packages, license compliance, SBOM generation errors.
Java and Spring Boot security patterns. Covers Spring Security, dependency auditing, secure coding practices, and OWASP for Java ecosystem. USE WHEN: user works with "Java", "Spring Boot", "Spring Security", asks about "Java vulnerabilities", "Maven security", "Gradle security", "Java injection", "Java authentication" DO NOT USE FOR: general OWASP concepts - use `owasp` or `owasp-top-10` instead, Node.js/Python security - use language-specific skills
Audit project dependencies for risk when the user asks to check dependencies, audit packages, review dependency health, check for vulnerabilities, or assess supply chain risk
Detect package managers and discover outdated or vulnerable dependencies. Returns structured findings without upgrading. Use when the user asks to "review dependencies", "check for outdated packages", "check dependencies", "scan dependencies", or "dependency review".
Execute this skill enables comprehensive vulnerability scanning using the vulnerability-scanner plugin. it identifies security vulnerabilities in code, dependencies, and configurations, including cve detection. use this skill when the user asks to scan fo... Use when appropriate context detected. Trigger with relevant phrases based on skill purpose.
Manage project dependencies effectively. Use when adding, updating, or auditing dependencies. Covers version management, security scanning, and lockfiles.
Scan code repositories for security threats including data exfiltration, backdoors, malicious code injection, dependency chain risks, and sensitive file access. Use this skill when users want to audit a codebase (especially TypeScript/JavaScript/Node.js projects) for security vulnerabilities, detect hidden malware, review npm dependencies for supply-chain attacks, check for credential leaks, or perform a pre-deployment security review. Triggers on requests like "scan for malicious code", "security audit", "check for backdoors", "review dependencies for vulnerabilities", "detect data exfiltration".
Run Google's OSV-Scanner for Software Composition Analysis. Scans lockfiles and SBOMs across all major ecosystems (npm, PyPI, Maven, Go, Cargo, NuGet, RubyGems) for known vulnerabilities.