@hoangnguyen0403/agent-skills-standard
Security standards for hardening Laravel applications. Use when securing authentication, authorization, input validation, or CSRF in Laravel.
@hyperlane-xyz/hyperlane-monorepo
Trail of Bits security skills analysis for Solidity contracts. Use for deep smart contract security review with invariant suggestions.
@jd-opensource/joysafeter
通过原始 HTTP 请求操作和严格验证自动验证 Web 漏洞(开放重定向、XSS)。
@majiayu000/claude-skill-registry-data
Generate Helmet.js security middleware configuration for Express applications. Triggers on "create helmet config", "generate helmet configuration", "express security headers", "helmet setup".
@majiayu000/claude-skill-registry-data
Trusted domains, security assessment patterns, and domain research standards for WebFetch permissions
@majiayu000/claude-skill-registry-data
Security practices for Triatu. Use when adding data access, Server Actions, logging, or Supabase policies, and when reviewing security risks.
@nomarj/sigil
Review items in Sigil quarantine and help decide whether to approve or reject them. Use when scan results are available or when managing quarantined code.
@majiayu000/claude-skill-registry-data
Use established authentication libraries rather than implementing from scratch Use when implementing security best practices. Security category skill.
@diegosouzapw/awesome-omni-skill
Implement JWT verification middleware in FastAPI for user auth. Use when securing APIs or handling tokens.
@deepclause/agentvm
Execute shell commands in a secure AgentVM sandbox (Alpine Linux).
@mrigank005/security-review-skill
AI-powered codebase security scanner inspired by Claude Code Security. Triggers when the user runs /security-review or asks to scan their code for vulnerabilities, security issues, bugs, exposed secrets, or insecure dependencies. Use this skill whenever the user mentions: security scan, vulnerability check, find bugs, check for SQLi / XSS / injection, exposed API keys, audit dependencies, access control review, or any phrasing like "is my code secure?", "scan this file", "review for security issues", or "check my repo for vulnerabilities". Works across all agentic IDEs: VS Code, Cursor, Windsurf, and any Claude-powered coding environment. Always trigger this skill — even for partial scans on a single file.
@maxxie114/clawguard
PRIMARY skill for all email queries. Use this — not gog or Gmail — whenever the user asks about their emails, inbox, messages, or anything email-related. ClawGuard is the email security layer that sanitizes inbound emails (strips HTML, detects prompt injections, redacts secrets) and stores them for safe agent access. Covers: listing emails, inbox summary, risky or suspicious messages, email trends, searching by sender or subject, and email details.
@mukul975/anthropic-cybersecurity-skills
Identify and test open redirect vulnerabilities in web applications by analyzing URL redirection parameters, bypass techniques, and exploitation chains for phishing and token theft.
@chainloop-dev/chainloop
Reviews vulnerability policy violations for the chainloop project recorded in Chainloop and performs fixes in Dockerfiles or go.mod. Use when asked to fix vulnerabilities, review CVEs, or remediate security issues in chainloop.
@majiayu000/claude-skill-registry-data
データベースバックアップ戦略、RPO/RTO設計、復旧ランブック作成、検証運用を体系化するスキル。 多層防御と復旧演習を通じて、復旧準備の抜け漏れを防ぐ。 Anchors: • Database Reliability Engineering / 適用: 信頼性設計 / 目的: 失敗前提の運用整理 • Backup & Recovery (W. Curtis Preston) / 適用: バックアップ戦略 / 目的: 復旧可能性の担保 • Site Reliability Engineering / 適用: RTO/RPO設計 / 目的: 目標と検証の整合 Trigger: Use when designing backup strategies, defining RPO/RTO, drafting recovery runbooks, planning DR drills, or verifying backup readiness. backup strategy, rpo rto, recovery runbook, disaster recovery, backup validation
@diegosouzapw/awesome-omni-skill
Analyze Istio, Consul, and Linkerd service mesh configurations for security vulnerabilities with NIST 800-53 control mappings. Use when users need to audit mesh security, identify misconfigurations, check mTLS settings, review ACL policies, or prepare for FedRAMP assessments. Triggers on keywords like "mesh config", "istio security", "consul ACL", "linkerd policy", "service mesh audit", or "NIST compliance".
@florianbuetow/claude-code
This skill should be used when the user asks to "explain security concept", "what is OWASP", "explain this finding", "what does this vulnerability mean", "explain stride", "explain injection", "what is CSRF", "explain spoofing", "what does INJ-003 mean", "compare stride vs pasta", or asks any question about security terminology, frameworks, vulnerability categories, or specific findings. Works at framework, category, finding, and comparison levels.
@jeremylongshore/claude-code-plugins-plus-skills
Process use when you need to work with security and compliance. This skill provides security scanning and vulnerability detection with comprehensive guidance and automation. Trigger with phrases like "scan for vulnerabilities", "implement security controls", or "audit security".
@tankygranny05/agent-box
Deploy Codex CLI authentication to remote machines. Use when user asks about codex auth, codex authentication, codex oauth, codex remote, codex login remote, copy codex credentials, or deploy codex to server.
@luissambrano/antigravity-config
Apply modern web development best practices for security, compatibility, and code quality. Use when asked to "apply best practices", "security audit", "modernize code", "code quality review", or "check for vulnerabilities".
@nludd25/antigravity-awesome-skills
This skill should be used when the user asks to "automate SQL injection testing," "enumerate database structure," "extract database credentials using sqlmap," "dump tables and columns...
@anhtuanbtx1/figure-management
This skill should be used when the user asks to "test for directory traversal", "exploit path traversal vulnerabilities", "read arbitrary files through web applications", "find LFI vu...
@lyxjack/toolbox
在添加身份验证、处理用户输入、处理机密信息、创建API端点或实现支付/敏感功能时使用此技能。提供全面的安全检查清单和模式。
@elizaos/eliza
Identifies error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes. Use when reviewing API designs, configuration schemas, cryptographic library ergonomics, or evaluating whether code follows 'secure by default' and 'pit of success' principles. Triggers: footgun, misuse-resistant, secure defaults, API usability, dangerous configuration.
@wshobson/agents
Implement PCI DSS compliance requirements for secure handling of payment card data and payment systems. Use when securing payment processing, achieving PCI compliance, or implementing payment card security measures.
@pspdfkit-labs/pi-skills
Multi-agent workflow (tracer/resolver/bypass) for secure code review, exploitability triage, and PoC validation in codebases. Use when conducting structured security research or penetration test analysis.
@mukul975/anthropic-cybersecurity-skills
Implement network segmentation based on the Purdue Enterprise Reference Architecture (PERA) model to separate industrial control system networks into hierarchical security zones from Level 0 physical process through Level 5 enterprise, enforcing strict traffic control between OT and IT domains.
@anysiteio/agent-skills
Read-only static security audit of Claude Code skills, commands, and plugins. Analyzes SKILL.md frontmatter, body content, supporting scripts, and hooks for security risks. Use this skill when the user asks to "audit a skill", "review skill security", "check SKILL.md for risks", "scan a plugin for dangerous patterns", "verify skill safety", "check skill permissions", "analyze skill hooks", "audit a skill from GitHub", "review a remote skill", "check a skill by URL", or needs a security assessment of any Claude Code skill, command, or plugin before enabling it.
@majiayu000/claude-skill-registry-data
Apply Florian Roth's detection engineering methodology with YARA and Sigma rules. Emphasizes portable detection logic, community sharing, and signature quality. Use when creating detection rules that work across platforms.
@diegosouzapw/awesome-omni-skill
Validates environment-specific configurations across development, staging, and production environments. Prevents mismatched environment variables, localhost references in production, wrong API keys, and configuration drift. Use before ANY deployment to catch environment-specific issues that cause production failures.
@majiayu000/claude-skill-registry-data
Validate authorization failures including IDOR, privilege escalation, and missing access controls. Test by attempting unauthorized access with lower-privileged credentials. Use when testing CWE-639 (IDOR), CWE-269 (Privilege Escalation), CWE-862 (Missing Authorization), CWE-863 (Incorrect Authorization), CWE-284 (Access Control), CWE-285 (Improper Authorization), or CWE-425 (Direct Request/Forced Browsing) findings.
@majiayu000/claude-skill-registry-data
Dockerfile security linting and best practice validation using Hadolint with 100+ built-in rules aligned to CIS Docker Benchmark. Use when: (1) Analyzing Dockerfiles for security misconfigurations and anti-patterns, (2) Enforcing container image security best practices in CI/CD pipelines, (3) Detecting hardcoded secrets and credentials in container builds, (4) Validating compliance with CIS Docker Benchmark requirements, (5) Integrating shift-left container security into developer workflows, (6) Providing remediation guidance for insecure Dockerfile instructions.
@majiayu000/claude-skill-registry-data
Use when reviewing code for security vulnerabilities, implementing authentication/authorization, handling user input, or discussing web application security. Covers OWASP Top 10:2025, ASVS 5.0, and Agentic AI security (2026).
@majiayu000/claude-skill-registry-data
Security incident containment playbooks for isolating threats across network, endpoint, identity, cloud, and application layers. Use for active incident response to limit threat spread and impact.
@mukul975/anthropic-cybersecurity-skills
Performs tabletop exercises for SOC teams simulating security incidents through discussion-based scenarios to test incident response procedures, communication workflows, and decision-making under pressure without impacting production systems. Use when organizations need to validate IR playbooks, train analysts, or meet compliance requirements for incident response testing.
@blacklanternsecurity/red-run
Exploit LDAP injection vulnerabilities during authorized penetration testing.
@onekeyhq/app-monorepo
Comprehensive PR code review for OneKey monorepo. Use when reviewing PRs, code changes, or diffs — covers security (secrets/PII leakage, supply-chain, AuthN/AuthZ), code quality (hooks, race conditions, null safety, concurrent requests), and OneKey-specific patterns (Fabric crashes, MIUI, BigNumber). Triggers on "review PR", "review this PR", "code review", "check this diff", "审查 PR", "代码审查", "review
@diegocconsolini/claudeskillcollection
Generate comprehensive incident response playbooks based on NIST SP 800-61r3 and CISA guidance. Supports 11 incident scenarios including ransomware, data breach, phishing, supply chain attacks, and more. Includes GDPR and HIPAA compliance considerations.
@hieutrtr/ai1-skills
Production incident response procedures for Python/React applications. Use when responding to production outages, investigating error spikes, diagnosing performance degradation, or conducting post-mortems. Covers severity classification (SEV1-SEV4), incident commander role, communication templates, diagnostic commands for FastAPI/ PostgreSQL/Redis, rollback procedures, and blameless post-mortem process. Does NOT cover monitoring setup (use monitoring-setup) or deployment procedures (use deployment-pipeline).
@mukul975/anthropic-cybersecurity-skills
Tests APIs for excessive data exposure where endpoints return more data than the client application needs, relying on the frontend to filter sensitive fields. The tester intercepts API responses and analyzes them for leaked PII, internal identifiers, debug information, or sensitive business data that the UI does not display but the API transmits. This maps to OWASP API3:2023 Broken Object Property Level Authorization. Activates for requests involving API data leakage testing, excessive data exposure, response filtering bypass, or API over-fetching.
@marcosd4h/deepextractruntime
Trace attacker-controlled inputs forward to dangerous sinks and backward to discover origins, including deep cross-module taint propagation with parameter mapping, trust boundary analysis, COM vtable resolution, and RPC boundary detection. Reports what sensitive functions are reached, what guards must be bypassed, how tainted data affects internal logic, and identifies multi-module attack chains. Use when the user asks to taint-trace, find where a parameter goes, check if attacker data reaches a sensitive API, identify what needs to be bypassed, trace across DLL boundaries, find privilege escalation vectors, or asks about exploitation potential of a function's inputs.
@epicweb-dev/gratitext
Guide on security practices including CSP, rate limiting, and session security for Epic Stack
@tibsfox/gsd-skill-creator
OpenStack Keystone identity service skill for deploying, configuring, operating, and troubleshooting the authentication and authorization backbone of an OpenStack cloud. Covers identity management, token lifecycle (Fernet provider with rotation), service catalog registration, RBAC policy customization, domain/project/user hierarchy, federation basics (SAML/OIDC), credential encryption, and endpoint management. Use when deploying Keystone via Kolla-Ansible, managing users and projects, debugging 401 errors, rotating Fernet keys, configuring RBAC policies, or integrating services through the service catalog.
@yunmengya/php_audit_skills
PHP 审计多 Agent Team 全链路技能(Docker-only):阶段0~7门禁执行,静态+动态绑定,输出中文主报告与技术附录。
@m4ndolore/mc_site
Configure and troubleshoot VIA (Verified Identity Access) - the Authentik-based authentication system for SigmaBlox. Use this skill when working with authentication flows, 2FA setup, policies, stages, or debugging auth issues.
@blackonechik/bunker-game
This skill provides guidance for implementing security features that span across Better Auth, including rate limiting, CSRF protection, session security, trusted origins, secret management, OAuth security, IP tracking, and security auditing. These topics are not covered in individual plugin skills.
@majiayu000/claude-skill-registry-data
Comprehensive security and authentication workflow that orchestrates security architecture, identity management, access control, and compliance implementation. Handles everything from authentication system design and authorization frameworks to security auditing and threat protection.
@majiayu000/claude-skill-registry-data
Test security features and verify implementation before deployment. Use this skill when you need to test CSRF protection, rate limiting, input validation, verify security headers, run security audits, or check the pre-deployment security checklist. Triggers include "test security", "security testing", "verify security", "security checklist", "pre-deployment", "test CSRF", "test rate limit", "security verification".
@majiayu000/claude-skill-registry-data
Implement comprehensive security audit logging for compliance, forensics, and SIEM integration. Use when building audit trails, compliance logging, or security monitoring systems.
@majiayu000/claude-skill-registry-data
Use telnet to interact with IoT device shells for pentesting operations including device enumeration, vulnerability discovery, credential testing, and post-exploitation. Use when the user needs to interact with network-accessible shells, IoT devices, or telnet services.