Loading...
Loading...
Found 58 Skills
OWASP IoT Top 10 - prevention, detection, and remediation for IoT device and ecosystem security. Use when designing or reviewing IoT devices - passwords, network services, ecosystem interfaces, secure updates, components, data transfer/storage, device management, default settings, physical hardening, privacy.
OWASP Top 10 for LLM Applications - prevention, detection, and remediation for LLM and GenAI security. Use when building or reviewing LLM apps - prompt injection, information disclosure, training/supply chain, poisoning, output handling, excessive agency, system prompt leakage, vectors/embeddings, misinformation, unbounded consumption.
Main security scanning orchestration. Detects language, runs OWASP Top 10 patterns, identifies vulnerabilities, generates structured reports. Use when scanning for XSS, SQL injection, command injection, secrets, or any security vulnerability.
Write secure-by-default Node.js and TypeScript applications following security best practices. Use when: (1) Writing new Node.js/TypeScript code, (2) Creating API endpoints or middleware, (3) Handling user input or form data, (4) Implementing authentication or authorization, (5) Working with secrets or environment variables, (6) Setting up project configurations (tsconfig, eslint), (7) User mentions security concerns, (8) Reviewing code for vulnerabilities, (9) Working with file paths or child processes, (10) Setting up HTTP headers or CORS.
Audit de sécurité couvrant l'authentification, l'injection SQL, l'exposition de secrets, le CSRF et les vulnérabilités du Top 10 OWASP.
Static security analysis for code, auditing for OWASP Top 10 risks. Triggers: "security audit", "is this secure", "check for vulnerabilities". Capabilities: - Static analysis of code snippets. - Mapping findings to OWASP Top 10 (2021). - Providing remediation code patterns.
This skill should be used when the user asks to "check for cryptographic issues", "analyze encryption", "find weak hashing", "audit password storage", "check for hardcoded keys", or mentions "cryptography", "encryption", "hashing", "TLS", "certificates", or "random number generation" in a security context. Maps to OWASP Top 10 2021 A02: Cryptographic Failures.
GitHub PR の CI ステータス (`gh pr checks`)・コード品質・セキュリティ (OWASP Top 10)・Conventional Commits 準拠をレビューする。`gh pr review --approve/--request-changes/--comment` でレビュー投稿も可能。「PR #N をレビュー」「PR レビューして」などで使用。ローカル diff のレビューには implement-review を使用。
Perform read-only reviews of code changes (`git diff`) for quality, architecture compliance, and security (OWASP Top 10) by delegating to Agent tools. Use for self-reviews before committing/creating PRs, or when requesting "review changes" or "code review". Use implement-review-pr for GitHub PR reviews.
This skill should be used when the user asks to "check for SSRF", "analyze server-side request forgery", "find URL fetching vulnerabilities", "check for internal network access", or mentions "SSRF", "URL fetching", "cloud metadata", "169.254.169.254", or "request forgery" in a security context. Maps to OWASP Top 10 2021 A10: Server-Side Request Forgery.