Loading...
Loading...
Found 1,595 Skills
Helps users find the right Azure RBAC role for an identity with least privilege access, then generate CLI commands and Bicep code to assign it. USE FOR: "what role should I assign", "least privilege role", "RBAC role for", "role to read blobs", "role for managed identity", "custom role definition", "assign role to identity". DO NOT USE FOR: creating managed identities (use azure-security), general security hardening (use azure-security-hardening), networking permissions (use azure-networking).
Adversarial security audit playbook for Plutus V3 Aiken DEX contracts (threat model, invariants, findings, tests, tx repro shapes).
Review Bun runtime security audit patterns. Use for auditing Bun-specific vulnerabilities including shell injection, SQL injection, server security, and process spawning. Use proactively when reviewing Bun apps (bun.lockb, bunfig.toml, or bun:* imports present). Examples: - user: "Review this Bun shell script" → audit `$` usage and argument injection - user: "Check my bun:sqlite queries" → verify `sql` tagged template usage - user: "Audit my Bun.serve() setup" → check path traversal and request limits - user: "Is my Bun.spawn() usage safe?" → audit command injection and input validation - user: "Review WebSocket security in Bun" → check authentication before upgrade
Automatically discover container skills when working with Docker, Dockerfile optimization, docker-compose, container networking, container security, container registries, or Kubernetes. Activates for containerization and orchestration tasks.
Automatically discover security skills when working with authentication, authorization, input validation, security headers, vulnerability assessment, or secrets management. Activates for application security, OWASP, and security hardening tasks.
Review FastAPI security audit patterns for dependencies and middleware. Use for auditing auth dependencies, CORS configuration, and TrustedHost middleware. Use proactively when reviewing FastAPI apps. Examples: - user: "Audit FastAPI route security" → check for Depends() and Security() usage - user: "Check FastAPI CORS setup" → verify origins when allow_credentials=True - user: "Review FastAPI middleware" → check TrustedHost and HTTPSRedirect config - user: "Secure FastAPI API keys" → move from query params to header schemes - user: "Scan for FastAPI footguns" → check starlette integration and dependency order
Security auditing and vulnerability assessment specialist. Use when conducting security reviews, analyzing code for vulnerabilities, performing OWASP assessments, or creating security audit reports.
Expert coding guide for OpenHarmony C++ development. Use this skill when writing, refactoring, or reviewing C++ code for OpenHarmony projects. It enforces strict project-specific conventions (naming, formatting, headers) and critical security requirements (input validation, memory safety).
Validate and implement HTTP security headers to protect web applications.
A dedicated skill for security code review of OpenHarmony distributed systems. Triggered when users make requests such as "review code security implementation", "code security audit", "security code review" or similar distributed system code security review requests. This skill provides detailed review guidance for 18 security design rules for OpenHarmony distributed services, covering security areas such as authorization control, state machines, data transmission, permission management, and trusted relationships. Using this skill, you can conduct specialized security reviews for OpenHarmony distributed systems based on general cybersecurity rules.
Example security audit skill demonstrating how to audit code for security vulnerabilities. Use when the user asks to perform security reviews, check for vulnerabilities, or audit code security.
Analyze Flutter and mobile applications for OWASP Mobile Top 10 (2024) security compliance. Use this skill when performing security audits, vulnerability assessments, or compliance checks on mobile applications. Performs automated scans for hardcoded secrets, insecure storage, weak cryptography, network security issues, and provides detailed remediation guidance.