Loading...
Loading...
Found 90 Skills
Run ESLint with security plugins on JavaScript/TypeScript code. Detects eval usage, non-literal RegExp, prototype pollution, and other JS/TS security anti-patterns.
Run tfsec (now part of Trivy) to scan Terraform code for security misconfigurations. Deep HCL analysis with support for Terraform modules, variables, and expressions.
Run Dockle to audit container images against CIS Docker Benchmark and best practices. Checks for running as root, sensitive files, HEALTHCHECK, and more.
Implement security best practices for web applications and infrastructure. Use when securing APIs, preventing common vulnerabilities, or implementing security policies. Handles HTTPS, CORS, XSS, SQL Injection, CSRF, rate limiting, and OWASP Top 10.
Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist and patterns.
Implement secure coding practices following OWASP Top 10. Use when preventing security vulnerabilities, implementing authentication, securing APIs, or conducting security reviews. Triggers on OWASP, security, XSS, SQL injection, CSRF, authentication security, secure coding, vulnerability.
Daily coding assistant that auto-triggers when writing/modifying code, providing a core checklist. ✅ Trigger scenarios: - Implementing new features, adding code, modifying existing code - User requests "write a...", "implement...", "add...", "modify..." - Any coding task involving Edit/Write tools ❌ Does not trigger: - Pure reading/understanding code (no modification intent) - Already covered by specialized skills (bug-detective, architecture-design, tdd-guide) - Configuration file changes, documentation writing
Expert in secure backend coding practices specializing in input validation, authentication, and API security. Use PROACTIVELY for backend security implementations or security code reviews.
Expert at securing web applications against OWASP Top 10 vulnerabilities. Covers authentication, authorization, input validation, XSS prevention, CSRF protection, secure headers, and security testing. Treats security as a first-class requirement, not an afterthought. Use when "security, OWASP, XSS, CSRF, SQL injection, authentication security, authorization, input validation, secure headers, vulnerability, penetration testing, security, owasp, authentication, authorization, xss, csrf, injection, headers" mentioned.
Prevent Cross-Site Scripting (XSS) attacks through input sanitization, output encoding, and Content Security Policy. Use when handling user-generated content in web applications.
Security guidelines for writing secure code. Use when writing code, reviewing code for vulnerabilities, or asking about secure coding practices like "check for SQL injection" or "review security".
Expert-level application security, OWASP Top 10, penetration testing, and security best practices