Loading...
Loading...
Found 242 Skills
Use when you need to add or configure Maven plugins in your pom.xml — including quality tools (enforcer, surefire, failsafe, jacoco, pitest, spotbugs, pmd), security scanning (OWASP), code formatting (Spotless), version management, container image build (Jib), build information tracking, and benchmarking (JMH) — through a consultative, modular step-by-step approach that only adds what you actually need. This should trigger for requests such as Add Maven plugins in pom.xml; Improve Maven plugins in pom.xml. Part of cursor-rules-java project
Automatically discover security skills when working with authentication, authorization, input validation, security headers, vulnerability assessment, or secrets management. Activates for application security, OWASP, and security hardening tasks.
Generate Python FastAPI code following project design patterns. Use when creating models, schemas, repositories, services, controllers, database migrations, authentication, or tests. Enforces layered architecture, async patterns, OWASP security, and Alembic migration naming conventions (yyyymmdd_HHmm_feature).
OWASP ASVS 5.0 Level 1 security audit with deterministic, evidence-based findings. Use this when asked for a security audit or asvs audit.
Perform dynamic application security testing with OWASP ZAP, Burp Suite, and Nikto. Test running applications for security vulnerabilities through automated and manual testing. Use when testing web applications, APIs, or performing penetration testing.
Provides comprehensive security review capability for TypeScript and Node.js applications, validates code against XSS, injection, CSRF, JWT/OAuth2 flaws, dependency CVEs, and secrets exposure. Use when performing security audits, before deployment, reviewing authentication/authorization implementations, or ensuring OWASP compliance for Express, NestJS, and Next.js. Triggers on "security review", "check for security issues", "TypeScript security audit".
OWASP Top 10, CSP, CORS, XSS/CSRF prevention, auth patterns, dependency scanning
Use when reviewing code for security vulnerabilities, implementing authentication or authorization, handling user input, managing secrets, or auditing dependencies for known CVEs. Triggers: auth implementation, input handling, secrets management, dependency audit, pre-deployment security check, OWASP compliance review.
Conducts security testing of REST, GraphQL, and gRPC APIs to identify vulnerabilities in authentication, authorization, rate limiting, input validation, and business logic. The tester uses the OWASP API Security Top 10 as the testing framework, combining Burp Suite interception with Postman collections and custom scripts to test endpoint security at every privilege level. Activates for requests involving API security testing, REST API pentest, GraphQL security assessment, or API vulnerability testing.
Security & compliance skill suite providing OWASP scanning, CVE detection, GDPR/SOC2 audits, threat modeling, and incident response workflows for AI coding agents
Battle-tested security checks for AI coding assistants — 29 categories covering OWASP Top 10, CWE Top 25, and ASVS Level 3
Guardião da qualidade de código e entregas no SynkOS. Use esta skill quando o usuário pedir para revisar código implementado, executar gates de qualidade, fazer code review, validar se uma story atende os critérios de aceite, checar segurança (OWASP), ou fazer perguntas como "revise o código da story X", "o que passou no gate de qualidade?", "há problemas de segurança?", "a implementação cobre os critérios de aceite?", "rode o code review automatizado". Ative também para documentar findings com severidade, decidir PASS/CONCERNS/FAIL/WAIVED para stories, e devolver ao dev com checklist de correções quando a story falha.