Loading...
Loading...
Found 203 Skills
Use when reviewing code, pull requests, or diffs. Provides patterns, checklists, and templates for systematic code review with a focus on correctness, security, readability, performance, and maintainability.
Identifies and fixes XSS, SQL injection, and command injection vulnerabilities with validation schemas, sanitization libraries, and safe coding patterns. Use for "input validation", "XSS prevention", "SQL injection", or "sanitization".
Ensures tenant isolation at query and policy level using Row Level Security, automated testing, and security audits. Prevents data leakage between tenants. Use for "multi-tenancy", "tenant isolation", "RLS", or "data security".
Coordinates dependency upgrades across all detected package managers
Use when working with comprehensive review full review
Review secret detection patterns and scanning workflows. Use for identifying high-signal secrets like AWS keys, GitHub tokens, and DB passwords. Use proactively during all security audits to scan code and history. Examples: - user: "Scan for secrets in this repo" → run high-signal rg patterns and gitleaks - user: "Check for AWS keys" → scan for AKIA patterns and server-side exposure - user: "Audit my .env files" → ensure secrets are gitignored and not committed - user: "Verify secret redaction" → check that reported secrets follow 4+4 format - user: "Scan build artifacts for keys" → search dist/ and build/ for secret patterns
Perform general code reviews for PRs and code changes. Evaluate code quality, security, and design based on common standards to make approve/reject decisions. Use this for requests like "Review this PR", "Do a code review", "Pre-merge check", or when executing the gh pr view command.
Comprehensive audit logging for compliance and security. Track user actions, data changes, and system events with tamper-proof storage.
Comprehensive checklist for conducting thorough code reviews covering functionality, security, performance, and maintainability
Extract and decode Supabase-related JWTs from client-side code, cookies, and local storage patterns.
Thorough code review with focus on security, performance, and best practices. Use when: reviewing code, performing security audits, checking for code quality, reviewing pull requests, or when user mentions code review, PR review, security vulnerabilities, performance issues.
Scan your project for exposed credentials, API keys, and secrets before running OpenClaw skills. Prevents accidental exfiltration.