Loading...
Loading...
Found 1,609 Skills
Use this skill when securing cloud infrastructure, configuring IAM policies, managing secrets, implementing network policies, or achieving compliance. Triggers on cloud IAM, secrets management, network security groups, VPC security, cloud compliance, SOC 2, HIPAA, zero trust, and any task requiring cloud security architecture or hardening.
Master smart contract security best practices, vulnerability prevention, and secure Solidity development patterns.
Multi-tenant architecture patterns. Database-per-tenant, schema-per-tenant, shared-schema with tenant ID, row-level security, tenant resolution, and data isolation. USE WHEN: user mentions "multi-tenant", "multitenancy", "SaaS architecture", "tenant isolation", "row-level security", "tenant ID", "subdomain routing" DO NOT USE FOR: general database design - use database skills; authentication - use auth skills
Use this skill when you need security analysis of Solidity smart contract code. User cases: auditing Solidity contracts, identifying re-entrancy bugs, detecting access control issues, reviewing unsafe external calls, evaluating code before deployment, gate-checking contracts in transaction pipelines, or performing security assessments.
Technical SEO audit with GEO-specific checks — crawlability, indexability, security, performance, SSR, and AI crawler access
Configures, manages, and debugs the Fastly CDN platform — covering service and backend setup, caching and VCL, security features like DDoS/WAF/NGWAF/rate limiting/bot management, TLS certificates and cache purging, the Compute platform, and the REST API. Use when working with Fastly services or domains, setting up edge caching or origin shielding, configuring security features, making Fastly API calls, enabling products, or looking up Fastly documentation. Also applies when troubleshooting 503 errors or SSL/TLS certificate mismatches on Fastly, and for configuring logging endpoints, load balancing, ACLs, or edge dictionaries.
Explicit anti-rationalization enforcement for maximum-rigor task execution. Loads all anti-rationalization patterns, gate enforcement, and pressure resistance as a composable modifier on any task. Use when executing critical production changes, security-sensitive code, complex multi-file refactors, or any task where shortcuts could cause harm. Use for "with rigor", "carefully", "maximum verification", or "no shortcuts". Do NOT use for trivial lookups, documentation-only edits, or simple typo fixes where full gate enforcement would be disproportionate overhead.
4-phase code review methodology: UNDERSTAND changes, VERIFY claims against code, ASSESS security/performance/architecture risks, DOCUMENT findings with severity classification. Use when reviewing pull requests, auditing code before release, evaluating external contributions, or pre-merge verification. Use for "review PR", "code review", "audit code", "check this PR", or "review my changes". Do NOT use for writing new code or implementing features.
ML supply chain security scanner. Scans model files, scores risk (0-100), maps to 5 global compliance frameworks (ISM-2072, EU AI Act, OWASP LLM, MITRE ATLAS, NIST AI RMF), and provides remediation steps. Zero-config, auto-installs scanners. Use when the user asks to scan a model, check if a model is safe, audit ML security posture, check compliance, inspect pickle/safetensors/pytorch files, or mentions model supply chain security. Also trigger on ISM-2072, EU AI Act, OWASP LLM06, model risk score, "is this model safe", "scan my models", "check compliance".
Audit and harden OpenClaw deployments and interpret `openclaw security audit` findings. Use when the user wants to secure OpenClaw, review gateway exposure/auth/reverse proxies/Tailscale Serve or Funnel, check DM/group access (pairing, allowlists, mention gating, `session.dmScope`), minimise tool permissions and sandboxing, review plugins/skills/secrets/transcripts/log retention, or lock down Docker/macOS/laptop/EC2 installs. Not for generic OS, Docker, or cloud hardening unrelated to OpenClaw.
Agent skill for security-manager - invoke with $agent-security-manager
Review the code quality of a spec-driven change. Checks readability, security, performance, and best practices before archiving.