Penetration Testing

Run comprehensive security vulnerability scans when reviewing code. Automatically uses basic mode (fast, high/medium severity only) for first reviews, advanced mode (comprehensive, all severities) for iterations. Detects SQL injection, XSS, hardcoded secrets, insecure dependencies. Use before approving any code changes or pull requests.

CI/CDパイプラインに統合するセキュリティスキャンの設計と実装を支援するスキル。依存関係の脆弱性検出、コンテナイメージスキャン、SBOM生成、シークレット検出を対象とする。Anchors:• OWASP Dependency-Check / 適用: 脆弱性検出とリスク評価 / 目的: 既知の脆弱性の特定• CIS Docker Benchmark / 適用: コンテナセキュリティ / 目的: コンテナイメージの安全性確保• NIST SBOM Guidelines / 適用: ソフトウェア部品表 / 目的: サプライチェーンの透明性Trigger:Use when setting up security scanning in CI/CD, detecting vulnerabilities in dependencies, scanning container images, generating SBOM, or detecting secrets in code.security scan, vulnerability, trivy, dependabot, npm audit, container scan, SBOM, secret detection

This skill enables Claude to perform automated fuzz testing on APIs to discover vulnerabilities, crashes, and unexpected behavior. It leverages malformed inputs, boundary values, and random payloads to generate comprehensive fuzz test suites. Use this skill when you need to identify potential SQL injection, XSS, command injection vulnerabilities, input validation failures, and edge cases in APIs. Trigger this skill by requesting fuzz testing, vulnerability scanning, or security analysis of an API. The skill is invoked using the `/fuzz-api` command.

ユーザー入力のサニタイズとセキュリティ対策を専門とするスキル。XSS、SQLインジェクション、コマンドインジェクションなどの攻撃を防止。Anchors:• OWASP Top 10 / 適用: インジェクション対策 / 目的: 主要脆弱性の予防• Web Application Hacker's Handbook / 適用: 入力検証 / 目的: 攻撃ベクトル理解Trigger:Use when handling user input, building database queries, processing file uploads, or generating dynamic HTML content.XSS, SQL injection, command injection, sanitization, validation, escape

Generate Angular components, services, modules, and directives. Implement dependency injection, lifecycle hooks, data binding, and build production-ready Angular architectures.

Scans project dependencies for known vulnerabilities, outdated packages, and license compliance issues. Trigger keywords: dependency, vulnerability, CVE, npm audit, outdated, license, supply chain, SBOM.

Implements content safety filters with PII redaction, policy constraints, prompt injection detection, and safe refusal templates. Use when adding "content moderation", "safety filters", "PII protection", or "guardrails".

This skill enables Claude to detect SQL injection vulnerabilities in code. It uses the sql-injection-detector plugin to analyze codebases, identify potential SQL injection flaws, and provide remediation guidance. Use this skill when the user asks to find SQL injection vulnerabilities, scan for SQL injection, or check code for SQL injection risks. The skill is triggered by phrases like "detect SQL injection", "scan for SQLi", or "check for SQL injection vulnerabilities".

Comprehensive knowledge about vulnerability exploitation and initial access. Provides expertise on finding and adapting exploits, adapting proof-of-concepts, gaining shells, and capturing user flags. Covers reverse shells, file uploads, SQL injection, and RCE vulnerabilities.

This skill enables automated penetration testing of web applications. It uses the penetration-tester plugin to identify vulnerabilities, including OWASP Top 10 threats, and suggests exploitation techniques. Use this skill when the user requests a "penetration test", "pentest", "vulnerability assessment", or asks to "exploit" a web application. It provides comprehensive reporting on identified security flaws.

Comprehensive knowledge about network reconnaissance and service enumeration. Provides methodologies for port scanning, service fingerprinting, web directory discovery, and vulnerability identification. Includes best practices for structured data collection.

This skill enables Claude to automatically scan source code for potential input validation vulnerabilities. It identifies areas where user-supplied data is not properly sanitized or validated before being used in operations, which could lead to security exploits like SQL injection, cross-site scripting (XSS), or command injection. Use this skill when the user asks to "scan for input validation issues", "check input sanitization", "find potential XSS vulnerabilities", or similar requests related to securing user input. It is particularly useful during code reviews, security audits, and when hardening applications against common web vulnerabilities. The skill leverages the input-validation-scanner plugin to perform the analysis.

静的解析によるセキュリティ脆弱性検出を整理し、SAST運用と検出ルールの設計を支援するスキル。SQLインジェクション、XSS、コマンドインジェクションなどの検出と改善方針を扱う。Anchors:• Web Application Security (Andrew Hoffman) / 適用: 脅威分析と検出観点 / 目的: 脆弱性検出の精度向上• OWASP ASVS / 適用: 検出基準の整理 / 目的: セキュリティ要件の明文化• Secure by Design (OWASP) / 適用: 改善方針 / 目的: 安全な設計判断Trigger:Use when running SAST, defining detection rules, auditing injection vulnerabilities, or documenting static analysis findings.static analysis, SAST, SQL injection, XSS, command injection, security review

This skill enables Claude to automatically scan for XSS (Cross-Site Scripting) vulnerabilities in code. It is triggered when the user requests to "scan for XSS vulnerabilities", "check for XSS", or uses the command "/xss". The skill identifies reflected, stored, and DOM-based XSS vulnerabilities. It analyzes HTML, JavaScript, CSS, and URL contexts to detect potential exploits and suggests safe proof-of-concept payloads. This skill is best used during code review, security audits, and before deploying web applications to production.

This skill enables Claude to perform automated fuzz testing on APIs to discover vulnerabilities, crashes, and unexpected behavior. It leverages malformed inputs, boundary values, and random payloads to generate comprehensive fuzz test suites. Use this skill when you need to identify potential SQL injection, XSS, command injection vulnerabilities, input validation failures, and edge cases in APIs. Trigger this skill by requesting fuzz testing, vulnerability scanning, or security analysis of an API. The skill is invoked using the `/fuzz-api` command.

This skill enables Claude to detect SQL injection vulnerabilities in code. It uses the sql-injection-detector plugin to analyze codebases, identify potential SQL injection flaws, and provide remediation guidance. Use this skill when the user asks to find SQL injection vulnerabilities, scan for SQL injection, or check code for SQL injection risks. The skill is triggered by phrases like "detect SQL injection", "scan for SQLi", or "check for SQL injection vulnerabilities".

Master NestJS framework with modules, controllers, services, dependency injection, guards, interceptors, and microservices patterns for enterprise applications.

Application security testing coordinator for common vulnerability patterns including XSS, injection flaws, and client-side security issues. Orchestrates specialized testing agents to identify and validate common application security weaknesses.

Generates FastAPI endpoints with proper Pydantic models, dependency injection, async handlers, and OpenAPI documentation. Use when building Python REST APIs.

This skill should be used for Java/Spring patterns, dependency injection, streams, Optional, Kotlin, Spring Boot, Maven, Gradle, JVM backend