Loading...
Loading...
Found 2,245 Skills
Automated test generation, review, and execution for pytest-based projects. Auto-activates on keywords test, coverage, pytest, unittest, integration test, e2e, performance, benchmark, security testing. Routes to specialized testing workflows based on user intent.
Perform language and framework specific security best-practice reviews and suggest improvements. Trigger only when the user explicitly requests security best practices guidance, a security review/report, or secure-by-default coding help. Trigger only for supported languages (python, javascript/typescript, go). Do not trigger for general code review, debugging, or non-security tasks.
Run parallel quality reviews (React, SOLID, Security, Simplification, Slop) on branch changes and auto-fix issues
Use when user asks to "deep review the code", "thorough code review", "multi-pass review", or when orchestrating the Phase 9 review loop. Provides review pass definitions (code quality, security, performance, test coverage), signal detection patterns, and iteration algorithms.
Search and retrieve pentesting, red teaming, and security research information from the HackTricks wiki (book.hacktricks.wiki). Use for payloads, methodologies, bypasses, and edge-case behaviors across web, network, cloud, and application security topics.
In-depth code review for large PRs (>500 lines). Full analysis including architecture, performance, security, and maintainability.
Fix, configure, tune, or troubleshoot OpenClaw. Use for config changes, security fixes, performance tuning, doctor --fix, or when openclaw-doctor flags issues that need remediation.
Provides comprehensive guidance for AWS EC2 including instance creation, configuration, security groups, and EC2 management. Use when the user asks about AWS EC2, needs to create EC2 instances, configure EC2, or manage AWS compute resources.
Ghost Security - SAST code scanner. Finds security vulnerabilities in source code by planning and executing targeted scans for issues like SQL injection, XSS, BOLA, BFLA, SSRF, and other OWASP categories. Use when the user asks for a code security audit, SAST scan, vulnerability scan of source code, or wants to find security flaws in a codebase.
Scan code or configuration for common security issues. Use when a mid-level developer needs a quick security pass.
Incident response procedures for Clerk authentication issues. Use when handling auth outages, security incidents, or production authentication problems. Trigger with phrases like "clerk incident", "clerk outage", "clerk down", "auth not working", "clerk emergency".
This skill should be used when the user asks to "explain security concept", "what is OWASP", "explain this finding", "what does this vulnerability mean", "explain stride", "explain injection", "what is CSRF", "explain spoofing", "what does INJ-003 mean", "compare stride vs pasta", or asks any question about security terminology, frameworks, vulnerability categories, or specific findings. Works at framework, category, finding, and comparison levels.