Loading...
Loading...
Found 2,241 Skills
Security vulnerability expert covering OWASP Top 10 and common security issues. Use when conducting security audits or reviewing code for vulnerabilities.
Check compliance with OWASP Top 10 security risks and best practices. Use when performing comprehensive security audits. Trigger with 'check OWASP compliance', 'audit web security', or 'validate OWASP'.
Эксперт ISO 27001. Используй для ISMS, security controls и compliance implementation.
Use this skill for proactive backend health audits in an InsForge project — security misconfigurations, performance regressions, and system health issues surfaced by `diagnose advisor`, plus the backend-side deep-dives that pair with each advisor issue. Also use this skill when a user reports backend-wide performance degradation (high CPU/memory, all responses slow, connection pool exhaustion, lock contention) without a single failing request. Trigger on requests like "health check", "audit my backend", "review security", "check RLS policies", "find slow queries", "backend performance review", "high CPU/memory", "everything is slow", "EC2/database/system health", or pre-launch readiness audits. For reactive runtime errors with a single concrete failing request (SDK error objects, HTTP 4xx/5xx, function failures, deploy failures), use `insforge-debug` instead.
Run Semgrep static analysis for fast security scanning and pattern matching. Use when asked to scan code with Semgrep, write custom YAML rules, find vulnerabilities quickly, use taint mode, or set up Semgrep in CI/CD pipelines.
Supabase security and performance guidelines with Clerk authentication integration. Contains 40+ rules across 10 categories covering RLS policies, Clerk setup, database security, and more.
OWASP security patterns, secrets management, security testing
Perform comprehensive code reviews with best practices, security checks, and constructive feedback. Use when reviewing pull requests, analyzing code quality, checking for security vulnerabilities, or providing code improvement suggestions.
Verification loop for Spring Boot projects: build, static analysis, tests with coverage, security scans, and diff review before release or PR.
Analyzes smart contract codebases to identify state-changing entry points for security auditing. Detects externally callable functions that modify state, categorizes them by access level (public, admin, role-restricted, contract-only), and generates structured audit reports. Excludes view/pure/read-only functions. Use when auditing smart contracts (Solidity, Vyper, Solana/Rust, Move, TON, CosmWasm) or when asked to find entry points, audit flows, external functions, access control patterns, or privileged operations.
Use when reviewing pull requests, conducting code quality audits, or identifying security vulnerabilities. Invoke for PR reviews, code quality checks, refactoring suggestions.
Use when writing tests, creating test strategies, or building automation frameworks. Invoke for unit tests, integration tests, E2E, coverage analysis, performance testing, security testing.