Loading...
Loading...
Found 2,967 Skills
This skill should be used when the user asks to "harden code", "security hardening", "improve security posture", "add security headers", "tighten security", "defensive coding suggestions", or "proactive security improvements". Also triggers when the user asks about CSP, CORS hardening, rate limiting, input validation improvements, security logging, or defense-in-depth measures.
Investigate traffic anomalies, spikes, and service degradation on Cloudflare-protected domains. Uses Cloudflare MCP tools for GraphQL analytics, JA4 fingerprint analysis, bot/WAF security scoring, and incident reporting. Use this skill whenever traffic spikes, service overloads, 429 errors, circuit breaker events, Cloudflare analytics, or domain performance issues are mentioned — even if the user doesn't explicitly say "traffic spike". Also triggers when asked to check Cloudflare data for any domain.
Generates secure Aptos Move V2 smart contracts with Object model, Digital Asset integration, security patterns, and storage type guidance. Includes comprehensive storage decision framework for optimal data structure selection. Triggers on: 'write contract', 'create NFT collection', 'build marketplace', 'implement minting', 'generate Move module', 'create token contract', 'build DAO', 'implement staking'. Ask storage questions when: 'store', 'track', 'registry', 'mapping', 'list', 'collection'.
Query token security audit to detect scams, honeypots, and malicious contracts before trading. Returns comprehensive security analysis including contract risks, trading risks, and scam detection. Use when users ask "is this token safe?", "check token security", "audit token", or before any swap.
Develop secure smart contracts using OpenZeppelin Contracts libraries. Use when users need to integrate OpenZeppelin library components — including token standards (ERC20, ERC721, ERC1155), access control (Ownable, AccessControl, AccessManager), security primitives (Pausable, ReentrancyGuard), governance (Governor, timelocks), or accounts (multisig, account abstraction) — into existing or new contracts. Covers pattern discovery from library source, MCP generators, and library-first integration. Supports Solidity, Cairo, Stylus, and Stellar.
Secure API authentication with JWT, OAuth 2.0, API keys. Use for authentication systems, third-party integrations, service-to-service communication, or encountering token management, security headers, auth flow errors.
Analyzes system and application logs to detect anomalies and security threats in blue-team operations.
Review code changes in Tenzir projects. Use when auditing diffs or pull requests for bugs, security issues, missing tests, documentation drift, readability problems, performance regressions, user experience issues, or when deciding how to respond to GitHub review comments. Also use this skill whenever the user says "review", "look at this PR", "check my changes", "audit this diff", "what do you think of this code", or asks for feedback on any code they've written or changed — even if they don't explicitly say "code review."
OpenHarmony Distributed Soft Bus Code Security Review Expert - Comprehensive inspection of C/C++ code against secure coding standards and logging specifications. Covers over 40 security rules, including key areas such as pointer safety, memory management, lock management, and sensitive information protection. Provides cross-file call analysis and control flow analysis, generating detailed code review reports. Only triggered when user input contains "软总线安全卫士" (Soft Bus Security Guard). ⚠️ Important: This skill is a read-only review tool and does not modify source files.
This skill should be used when the user asks to "audit Python dependencies for vulnerabilities", "scan requirements.txt for CVEs", "set up pip-audit", "fix vulnerable Python packages", or needs guidance on Python dependency security scanning with pip-audit.
Use when building any system where email content triggers actions — AI agent inboxes, automated support handlers, email-to-task pipelines, or any workflow processing untrusted inbound email. Always use this skill when the user wants to receive emails and act on them programmatically, even if they don't mention "agent" — the skill contains critical security patterns (sender allowlists, content filtering, sandboxed processing) that prevent untrusted email from controlling your system.
Use when setting up a new AI agent from scratch — asks 10 discovery questions, configures the correct files for the target system, tests integrations, and implements security guardrails