Loading...
Loading...
Found 386 Skills
Scan the codebase for potential secret leaks including API keys, tokens, passwords, hardcoded project IDs, and sensitive identifiers. Use when the user says "check for secrets", "scan for leaks", "security check", or before committing sensitive changes.
This skill should be used when the user asks to "check for misconfigurations", "analyze security headers", "find misconfigured settings", "check CORS policy", "find debug mode", "audit server configuration", or mentions "misconfiguration" in a security context. Maps to OWASP Top 10 2021 A05: Security Misconfiguration.
This skill should be used when the user asks to "check for cryptographic issues", "analyze encryption", "find weak hashing", "audit password storage", "check for hardcoded keys", or mentions "cryptography", "encryption", "hashing", "TLS", "certificates", or "random number generation" in a security context. Maps to OWASP Top 10 2021 A02: Cryptographic Failures.
Comprehensive system health scanner that checks security risks, performance metrics, and optimization opportunities. Works on Windows, macOS, and Linux.
Cross-cutting infrastructure security audit skill that checks cloud infrastructure, DNS, TLS, endpoints, access control, network security, containers, CI/CD pipelines, secrets management, logging, and physical security against ALL major compliance frameworks. Use for infrastructure audit, cloud security audit, infrastructure compliance, DNS security audit, TLS audit, endpoint security, access control audit, network security assessment, infrastructure security, cloud compliance, Vanta alternative, compliance automation, security posture assessment, hardware security keys, YubiKey compliance.
Produce a report-only HIPAA, PHI, and PII audit for healthcare codebases and delivery systems. Inspects code, configs, data flows, integrations, logging, and deployment boundaries for privacy and security gaps without modifying code.
Enumerate and audit Active Directory forest trust relationships using impacket for SID filtering analysis, trust key extraction, cross-forest SID history abuse detection, and inter-realm Kerberos ticket assessment.
Review the current branch diff for real bugs and security issues, verify findings against surrounding code, and report only issues that survive context checks. Runs as a forked review workflow so the audit has separate reasoning budget and stays isolated from the main task flow. Use when the user asks to find bugs, review changes, or audit branch risk.
Perform read-only reviews of code changes (`git diff`) for quality, architecture compliance, and security (OWASP Top 10) by delegating to Agent tools. Use for self-reviews before committing/creating PRs, or when requesting "review changes" or "code review". Use implement-review-pr for GitHub PR reviews.
Adversarial code review that breaks the self-review monoculture. Use when you want a genuinely critical review of recent changes, before merging a PR, or when you suspect Claude is being too agreeable about code quality. Forces perspective shifts through hostile reviewer personas that catch blind spots the author's mental model shares with the reviewer.
Validate code quality, test coverage, performance, and security. Use when verifying implemented features meet all standards and requirements before marking complete.
Expert-level code review focusing on quality, security, performance, and maintainability. Use this skill for conducting thorough code reviews, identifying issues, and providing constructive feedback.