>_
🔒

Security

2492 skills in Testing & Security > Security

doppler-secret-validation

Marketplace

Validate and test secrets stored in Doppler. Add API tokens/credentials to Doppler, verify storage and retrieval, test authentication with target services. Use when user mentions "add to Doppler", "store secret", "validate token", or provides API tokens needing secure storage.

terrylica/cc-skills
4
0
Actualizado 4d ago

claude-hook-authoring

Marketplace

Creates event hooks for Claude Code automation with proper configuration, matchers, input/output handling, and security best practices. Covers all 9 hook types (PreToolUse, PostToolUse, UserPromptSubmit, Notification, Stop, SubagentStop, PreCompact, SessionStart, SessionEnd). Use when building automation, creating hooks, setting up event handlers, or when users mention hooks, automation, event handlers, or tool interception.

outfitter-dev/agents
4
0
Actualizado 4d ago

api-spectral

Marketplace

API specification linting and security validation using Stoplight's Spectral with support for OpenAPI, AsyncAPI, and Arazzo specifications. Validates API definitions against security best practices, OWASP API Security Top 10, and custom organizational standards. Use when: (1) Validating OpenAPI/AsyncAPI specifications for security issues and design flaws, (2) Enforcing API design standards and governance policies across API portfolios, (3) Creating custom security rules for API specifications in CI/CD pipelines, (4) Detecting authentication, authorization, and data exposure issues in API definitions, (5) Ensuring API specifications comply with organizational security standards and regulatory requirements.

AgentSecOps/SecOpsAgentKit
4
0
Actualizado 4d ago

sca-blackduck

Marketplace

Software Composition Analysis (SCA) using Synopsys Black Duck for identifying open source vulnerabilities, license compliance risks, and supply chain security threats with CVE, CWE, and OWASP framework mapping. Use when: (1) Scanning dependencies for known vulnerabilities and security risks, (2) Analyzing open source license compliance and legal risks, (3) Identifying outdated or unmaintained dependencies, (4) Integrating SCA into CI/CD pipelines for continuous dependency monitoring, (5) Providing remediation guidance for vulnerable dependencies with CVE and CWE mappings, (6) Assessing supply chain security risks and third-party component threats.

AgentSecOps/SecOpsAgentKit
4
0
Actualizado 4d ago

using-web-backend

Marketplace

Use when building web APIs, backend services, or encountering FastAPI/Django/Express/GraphQL questions, microservices architecture, authentication, or message queues - routes to 11 specialist skills rather than giving surface-level generic advice

tachyon-beep/skillpacks
4
1
Actualizado 4d ago

security-engineering

Marketplace

Security auditing and vulnerability detection using OWASP patterns, CWE analysis, and threat modeling. Use when auditing code for security issues, reviewing authentication/authorization, evaluating input validation, analyzing cryptographic usage, reviewing dependency security, or when security-audit, vulnerability-scan, OWASP, threat-model, or --security are mentioned.

outfitter-dev/agents
4
0
Actualizado 4d ago

phoenix-ecto

Critical Ecto and Phoenix guidelines that prevent common bugs and security issues. Use when writing Elixir code that involves Ecto schemas, changesets, queries, associations, or seeds.exs files. Prevents subtle mistakes with field access, validation options, and mass assignment vulnerabilities.

forest/dotfiles
4
0
Actualizado 4d ago

k8s-security-policies

Marketplace

本番グレードのセキュリティのためのNetworkPolicy、PodSecurityPolicy、RBACを含むKubernetesセキュリティポリシーの実装。Kubernetesクラスタのセキュリティ確保、ネットワーク分離の実装、Podセキュリティ標準の強制に使用します。

amurata/cc-tools
3
1
Actualizado 4d ago

saas-compliance-frameworks

Marketplace

Security and compliance requirements for SaaS applications. Covers SOC 2, GDPR, HIPAA, and common compliance patterns with implementation guidance.

melodic-software/claude-code-plugins
3
0
Actualizado 4d ago

javascript

Write modern JavaScript/ES6+ code following best practices for performance, security, and maintainability. Use when writing JS code, fixing bugs, or implementing frontend functionality.

vapvarun/claude-backup
3
0
Actualizado 4d ago

gemini-sandbox-configuration

Marketplace

Central authority for Gemini CLI sandboxing and isolation. Covers Docker, Podman, macOS Seatbelt profiles, and security boundaries. Use when enabling sandboxing, choosing sandbox methods, configuring Seatbelt profiles, or troubleshooting sandbox issues. Delegates 100% to gemini-cli-docs for official documentation.

melodic-software/claude-code-plugins
3
0
Actualizado 4d ago

sandbox-configuration

Marketplace

Central authority for Claude Code sandboxing and isolation. Covers sandboxed bash tool, /sandbox command, filesystem isolation (blocked access, custom paths), network isolation (domain restrictions, proxy support), OS-level enforcement (bubblewrap on Linux, Seatbelt on macOS), sandbox configuration options, escape hatches (dangerouslyDisableSandbox, allowUnsandboxedCommands), and sandbox security limitations. Assists with configuring sandbox settings, understanding isolation mechanisms, and troubleshooting sandbox issues. Delegates 100% to docs-management skill for official documentation.

melodic-software/claude-code-plugins
3
0
Actualizado 4d ago

hooks-builder

Marketplace

Create event-driven hooks for Claude Code automation. Use when the user wants to create hooks, automate tool validation, add pre/post processing, enforce security policies, or configure settings.json hooks. Triggers: create hook, build hook, PreToolUse, PostToolUse, event automation, tool validation, security hook

mike-coulbourn/claude-vibes
3
0
Actualizado 4d ago

auth-implementation-patterns

Marketplace

JWT、OAuth2、セッション管理、RBACを含む認証・認可パターンをマスターし、安全でスケーラブルなアクセス制御システムを構築。認証システムの実装、APIの保護、セキュリティ問題のデバッグ時に使用。

amurata/cc-tools
3
1
Actualizado 4d ago

security-scanner

Comprehensive security scanning for SAST, secrets, OWASP vulnerabilities, container and IaC security

benreceveur/claude-workflow-engine
3
1
Actualizado 4d ago

appsec-expert

Elite Application Security engineer specializing in secure SDLC, OWASP Top 10 2025, SAST/DAST/SCA integration, threat modeling (STRIDE), and vulnerability remediation. Expert in security testing, cryptography, authentication patterns, and DevSecOps automation. Use when securing applications, implementing security controls, or conducting security assessments.

martinholovsky/claude-skills-generator
3
0
Actualizado 4d ago

linux-at-spi2

Expert in AT-SPI2 (Assistive Technology Service Provider Interface) for Linux desktop automation. Specializes in accessible automation of GTK/Qt applications via D-Bus accessibility interface. HIGH-RISK skill requiring security controls for system-wide access.

martinholovsky/claude-skills-generator
3
0
Actualizado 4d ago

solidity-security

Marketplace

一般的な脆弱性を防ぎ、セキュアなSolidityパターンを実装するためのスマートコントラクトセキュリティのベストプラクティスをマスターします。スマートコントラクトを書く時、既存コントラクトを監査する時、またはブロックチェーンアプリケーションのセキュリティ対策を実装する時に使用してください。

amurata/cc-tools
3
1
Actualizado 4d ago

code-review

Perform thorough code reviews focusing on security, performance, best practices, and maintainability. Use when reviewing PRs, checking code quality, or auditing existing code.

vapvarun/claude-backup
3
0
Actualizado 4d ago

ruff

This skill should be used when users need to lint, format, or validate Python code using the Ruff command-line tool. Use this skill for tasks involving Python code quality checks, automatic code formatting, enforcing style rules (PEP 8), identifying bugs and security issues, or modernizing Python code. This skill should be invoked PROACTIVELY whenever Python code is written or modified to ensure code quality.

PovertyAction/ipa-stata-template
3
2
Actualizado 4d ago