>_
đź”’

Security

2492 skills in Testing & Security > Security

setting-up-gitignore

This skill should be used when users need to create or update a .gitignore file for their project. It provides comprehensive security-focused patterns and automatically detects the tech stack to include appropriate language-specific exclusions. Use when users ask to "set up gitignore", "create a secure gitignore", "add gitignore protection", or similar requests.

nickpending/momentum
7
0
Mis Ă  jour 5d ago

security-guardian

Expert en sécurité applicative pour détecter les vulnérabilités, auditer le code, et guider les bonnes pratiques de sécurité. OWASP Top 10, authentification, autorisation, cryptographie, gestion de secrets. Utiliser pour audits sécurité, reviews de code sensible, conception de features sécurisées, ou résolution de failles.

Bikach/skills-claude-code
7
0
Mis Ă  jour 5d ago

azure-basics

Azure cloud services, resource management, and Azure CLI patterns. Use when working with Azure resources, resource groups, ARM templates, az commands (az vm, az network, az storage, az aks), Azure naming conventions, RBAC policies, networking (VNet, NSG, Application Gateway), or implementing Azure best practices for resource organization, cost management, and security.

jonhill90/vibes
7
1
Mis Ă  jour 5d ago

repomix

Repository packaging for AI/LLM analysis. Capabilities: pack repos into single files, generate AI-friendly context, codebase snapshots, security audit prep, filter/exclude patterns, token counting, multiple output formats. Actions: pack, generate, export, analyze repositories for LLMs. Keywords: Repomix, repository packaging, LLM context, AI analysis, codebase snapshot, Claude context, ChatGPT context, Gemini context, code packaging, token count, file filtering, security audit, third-party library analysis, context window, single file output. Use when: packaging codebases for AI, generating LLM context, creating codebase snapshots, analyzing third-party libraries, preparing security audits, feeding repos to Claude/ChatGPT/Gemini.

samhvw8/dotfiles
7
2
Mis Ă  jour 5d ago

backend-development

Production backend systems development. Stack: Node.js/TypeScript, Python, Go, Rust | NestJS, FastAPI, Django, Express | PostgreSQL, MongoDB, Redis. Capabilities: REST/GraphQL/gRPC APIs, OAuth 2.1/JWT auth, OWASP security, microservices, caching, load balancing, Docker/K8s deployment. Actions: design, build, implement, secure, optimize, deploy, test APIs and services. Keywords: API design, REST, GraphQL, gRPC, authentication, OAuth, JWT, RBAC, database, PostgreSQL, MongoDB, Redis, caching, microservices, Docker, Kubernetes, CI/CD, OWASP, security, performance, scalability, NestJS, FastAPI, Express, middleware, rate limiting. Use when: designing APIs, implementing auth/authz, optimizing queries, building microservices, securing endpoints, deploying containers, setting up CI/CD.

samhvw8/dotfiles
7
2
Mis Ă  jour 5d ago

tzurot-security

Security best practices for Tzurot v3 - Secret management, AI-specific security (prompt injection, PII scrubbing), Economic DoS prevention, Discord permission verification, microservices security, and supply chain integrity. Use when handling secrets, user input, or security-critical code.

lbds137/tzurot
7
1
Mis Ă  jour 5d ago

security-reviewer

Marketplace

Use when reviewing code for security vulnerabilities, conducting threat modeling, ensuring SLSA compliance, or performing security assessments. Invoked for security analysis, vulnerability detection, and compliance verification.

jpoley/flowspec
7
0
Mis Ă  jour 5d ago

better-auth

TypeScript authentication framework (framework-agnostic). Features: email/password, OAuth (Google, GitHub, Discord), 2FA (TOTP, SMS), passkeys/WebAuthn, session management, RBAC, rate limiting, database adapters. Actions: implement, configure, secure authentication systems. Keywords: Better Auth, authentication, authorization, OAuth, email/password, 2FA, MFA, TOTP, passkeys, WebAuthn, session management, RBAC, rate limiting, database adapter, TypeScript auth, social login, Google auth, GitHub auth, Discord auth, email verification, password reset. Use when: implementing TypeScript auth, adding OAuth providers, setting up 2FA/MFA, managing sessions, configuring RBAC, building secure auth systems.

samhvw8/dotfiles
7
2
Mis Ă  jour 5d ago

infra-engineer

Comprehensive infrastructure engineering covering DevOps, cloud platforms, FinOps, and DevSecOps. Platforms: AWS (EC2, Lambda, S3, ECS, EKS, RDS, CloudFormation), Azure basics, Cloudflare (Workers, R2, D1, Pages), GCP (GKE, Cloud Run, Cloud Storage), Docker, Kubernetes. Capabilities: CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins), GitOps, infrastructure as code (Terraform, CloudFormation), container orchestration, cost optimization, security scanning, vulnerability management, secrets management, compliance (SOC2, HIPAA). Actions: deploy, configure, manage, scale, monitor, secure, optimize cloud infrastructure. Keywords: AWS, EC2, Lambda, S3, ECS, EKS, RDS, CloudFormation, Azure, Kubernetes, k8s, Docker, Terraform, CI/CD, GitHub Actions, GitLab CI, Jenkins, ArgoCD, Flux, cost optimization, FinOps, reserved instances, spot instances, security scanning, SAST, DAST, vulnerability management, secrets management, Vault, compliance, monitoring, observability. Use when: deploying to AWS/Azure/GCP/Cloudflare, setting up CI/CD pipelines, implementing GitOps workflows, managing Kubernetes clusters, optimizing cloud costs, implementing security best practices, managing infrastructure as code, container orchestration, compliance requirements, cost analysis and optimization.

samhvw8/dotfiles
7
2
Mis Ă  jour 5d ago

research

Technical research methodology with YAGNI/KISS/DRY principles. Phases: scope definition, information gathering, analysis, synthesis, recommendation. Capabilities: technology evaluation, architecture analysis, best practices research, trade-off assessment, solution design. Actions: research, analyze, evaluate, compare, recommend technical solutions. Keywords: research, technology evaluation, best practices, architecture analysis, trade-offs, scalability, security, maintainability, YAGNI, KISS, DRY, technical analysis, solution design, competitive analysis, feasibility study. Use when: researching technologies, evaluating architectures, analyzing best practices, comparing solutions, assessing technical trade-offs, planning scalable/secure systems.

samhvw8/dotfiles
7
2
Mis Ă  jour 5d ago

shopify

Shopify platform development. Stack: Shopify CLI, GraphQL/REST APIs, Polaris UI, Liquid templating. Capabilities: app development (OAuth), checkout UI extensions, admin UI extensions, POS extensions, theme development, webhooks, billing API, product/order/customer management. Actions: build, extend, customize, integrate Shopify apps/themes. Keywords: Shopify, Shopify CLI, GraphQL Admin API, REST API, Polaris, Liquid, checkout extension, admin extension, POS extension, theme, webhook, billing API, OAuth, app bridge, metafields, product, order, customer, storefront, hydrogen, oxygen. Use when: building Shopify apps, customizing checkout, creating admin interfaces, developing themes, integrating payments, managing store data via APIs, extending Shopify functionality.

samhvw8/dotfiles
7
2
Mis Ă  jour 5d ago

CORE

Marketplace

PAI (Personal AI Infrastructure) - Your AI system core. AUTO-LOADS at session start. USE WHEN any session begins OR user asks about PAI identity, response format, stack preferences, security protocols, or delegation patterns.

jeffh/claude-plugins
6
0
Mis Ă  jour 5d ago

moai-security

Marketplace

Auth0 security specialist covering attack protection, multi-factor authentication, token security, sender constraining, and compliance. Use when implementing Auth0 security features, configuring attack defenses, setting up MFA, or meeting regulatory requirements.

modu-ai/claude-plugins
6
1
Mis Ă  jour 5d ago

vscode-webview-expert

This skill provides expert-level guidance for implementing VS Code WebView features. Use when creating WebView panels, implementing secure CSP policies, handling Extension-WebView communication, managing WebView state persistence, optimizing WebView performance, or debugging WebView rendering issues. Covers security best practices, message protocols, and VS Code-specific WebView patterns.

s-hiraoku/vscode-sidebar-terminal
6
4
Mis Ă  jour 5d ago

git-security-checks

Marketplace

Pre-commit security validation and secret detection. Runs detect-secrets scanand audit workflow, validates secrets baseline, and integrates with pre-commithooks to prevent credential leaks.Use when user mentions scanning for secrets, detect-secrets, secret detection,credential scanning, pre-commit security, or .secrets.baseline.

laurigates/dotfiles
6
0
Mis Ă  jour 5d ago

jira-integration

Agent Skill: Comprehensive Jira integration through lightweight Python scripts. AUTOMATICALLY TRIGGER when user mentions Jira URLs like 'https://jira.*/browse/*', 'https://*.atlassian.net/browse/*', or issue keys like 'PROJ-123'. Use when searching issues (JQL), getting/updating issue details, creating issues, transitioning status, adding comments, logging worklogs, managing sprints and boards, creating issue links, or formatting Jira wiki markup. If authentication fails, offer to configure credentials interactively. Supports both Jira Cloud and Server/Data Center with automatic authentication detection. By Netresearch.

netresearch/jira-skill•Python
6
2
Mis Ă  jour 5d ago

Backend Queries

Write secure, performant database queries using parameterized statements, proper indexing, and query optimization techniques. Use this skill when writing SQL queries, ORM query methods, or database access code. When implementing data fetching logic that retrieves or updates database records. When optimizing queries to prevent N+1 problems through eager loading or joins. When using WHERE clauses, JOIN operations, or ORDER BY statements. When implementing transactions for related database operations. When working with query builder methods, raw SQL, or ORM query interfaces. When setting query timeouts or implementing query result caching.

coreyja/coreyja.com
6
1
Mis Ă  jour 5d ago

npm-publish

This skill should be used when the user wants to publish a package to npm, bump a version, release a new version, or mentions "npm publish", "bun publish", "version bump", or "release". Handles changelog updates, git push, and npm publishing with OTP authentication.

b-open-io/prompts
6
2
Mis Ă  jour 5d ago

check-secrets

Scan the codebase for potential secret leaks including API keys, tokens, passwords, hardcoded project IDs, and sensitive identifiers. Use when the user says "check for secrets", "scan for leaks", "security check", or before committing sensitive changes.

nozomi-koborinai/koborin-ai
6
0
Mis Ă  jour 5d ago

Global Validation

Implement secure, comprehensive input validation on both client and server sides using allowlists, type checking, and sanitization to prevent injection attacks. Use this skill when handling user input from forms, API requests, or any external data source. When implementing form validation logic with field-specific error messages. When validating data types, formats, ranges, and required fields. When sanitizing input to prevent SQL injection, XSS, or command injection. When validating business rules like sufficient balance or valid date ranges. When implementing both client-side validation for user experience and mandatory server-side validation for security.

coreyja/coreyja.com
6
1
Mis Ă  jour 5d ago