Loading...
Loading...
Found 10 Skills
OWASP Top 10 for Web Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in web application environments - Brought to you by microsoft/hve-core.
Identify storage buckets that are publicly accessible and may contain sensitive data.
CRITICAL - Detect if the Supabase service_role key is leaked in client-side code. This is a P0 severity issue.
Complete security remediation workflow. Scans code for vulnerabilities using Snyk, fixes them, validates the fix, and optionally creates a PR. Supports both single-issue and batch mode for multiple vulnerabilities. Use this skill when: - User asks to fix security vulnerabilities - User mentions "snyk fix", "security fix", or "remediate vulnerabilities" - User wants to fix a specific CVE, Snyk ID, or vulnerability type (XSS, SQL injection, path traversal, etc.) - User wants to upgrade a vulnerable dependency - User asks to "fix all" vulnerabilities or "fix all high/critical" issues (batch mode)
Run Semgrep SAST scans on code. Supports 30+ languages with OWASP, security, and custom rulesets. Parses results and provides remediation guidance.
Builds a structured vulnerability scanning workflow using tools like Nessus, Qualys, and OpenVAS to discover, prioritize, and track remediation of security vulnerabilities across infrastructure. Use when SOC teams need to establish recurring vulnerability assessment processes, integrate scan results with SIEM alerting, and build remediation tracking dashboards.
Check compliance with OWASP Top 10 security risks and best practices. Use when performing comprehensive security audits. Trigger with 'check OWASP compliance', 'audit web security', or 'validate OWASP'.
Security incident remediation playbooks for removing threats, restoring systems, and recovering from incidents. Use for post-containment cleanup, system recovery, and returning to normal operations.
Generate security fixes from detect-dev findings with regression tests. Use when remediating security vulnerabilities.
Precision project estimator that turns security audits and code assessments into professional proposals with scope, timeline, pricing, and deliverables. The Osprey accounts for what others overlook. Use when quoting remediation work, estimating project scope, or producing client-ready proposals.