SECURITY.

security-audit

diegosouzapw/awesome-omni-skills

Security Auditing Workflow Bundle workflow skill. Use this skill when the user needs Comprehensive security auditing workflow covering web application testing, API security, penetration testing, vulnerability scanning, and security hardening and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

security-audit-v2

diegosouzapw/awesome-omni-skills

Security Auditing Workflow Bundle workflow skill. Use this skill when the user needs Comprehensive security auditing workflow covering web application testing, API security, penetration testing, vulnerability scanning, and security hardening and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

memstack-security-dependency-audit

cwinvestments/memstack

Use this skill when the user says 'dependency audit', 'npm audit', 'pip audit', 'cargo audit', 'security vulnerabilities', 'outdated packages', 'supply chain', or needs to scan project dependencies for vulnerabilities, abandoned packages, and upgrade risks. Do NOT use for application-level security or secrets scanning.

security-audit

aAAaqwq/AGI-Super-Team

Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.

laravel-security-audit

diegosouzapw/awesome-omni-skills

Laravel Security Audit workflow skill. Use this skill when the user needs Security auditor for Laravel applications. Analyzes code for vulnerabilities, misconfigurations, and insecure practices using OWASP standards and Laravel security best practices and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

laravel-security-audit-v2

diegosouzapw/awesome-omni-skills

Laravel Security Audit workflow skill. Use this skill when the user needs Security auditor for Laravel applications. Analyzes code for vulnerabilities, misconfigurations, and insecure practices using OWASP standards and Laravel security best practices and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

memstack-security-api-audit

cwinvestments/memstack

Use this skill when the user says 'audit API', 'check API security', 'API routes security', 'endpoint audit', 'check my routes', or needs to verify API route protection. Reviews API endpoints for authentication, authorization, and input validation gaps. Do NOT use for frontend security headers or dependency scanning.

security-audit

TerminalSkills/skills

>-

common-security-audit

HoangNguyen0403/agent-skills-standard

Probe for hardcoded secrets, injection surfaces, unguarded routes, business logic flaws, and platform-specific weaknesses across backend (Node, Go, Java, Python, Rust), frontend (React, Angular, Vue), and mobile (iOS, Android, Flutter) codebases. Use when performing security audits, vulnerability scans, secrets detection, or penetration testing.

memstack-security-owasp-top10

cwinvestments/memstack

Use this skill when the user says 'OWASP audit', 'OWASP top 10', 'security audit', 'vulnerability assessment', 'full security check', or needs a comprehensive web application security review against OWASP Top 10 categories. Do NOT use for dependency audits or secret scanning alone.

nemoclaw-maintainer-security-code-review

NVIDIA/skills

Performs a comprehensive security review of code changes in a GitHub PR or issue. Checks out the branch, analyzes changed files against a 9-category security checklist, and produces PASS/WARNING/FAIL verdicts. Use when reviewing pull requests for security vulnerabilities, hardcoded secrets, injection flaws, auth bypasses, or insecure configurations. Trigger keywords - security review, code review, appsec, vulnerability assessment, security audit, review PR security.

senior-secops

alirezarezvani/claude-skills

Senior SecOps engineer skill for application security, vulnerability management, compliance verification, and secure development practices. Runs SAST/DAST scans, generates CVE remediation plans, checks dependency vulnerabilities, creates security policies, enforces secure coding patterns, and automates compliance checks against SOC2, PCI-DSS, HIPAA, and GDPR. Use when conducting a security review or audit, responding to a CVE or security incident, hardening infrastructure, implementing authentication or secrets management, running penetration test prep, checking OWASP Top 10 exposure, or enforcing security controls in CI/CD pipelines.

dependency-audit

mohitagw15856/pm-claude-skills

Conduct a dependency audit for a project — checking for security vulnerabilities, license compliance issues, outdated packages, and transitive dependency risk. Use when asked to audit dependencies, review package security, check license compliance, assess dependency health, or produce a vulnerability report. Produces a vulnerability findings table, license compliance matrix, update priority matrix, dependency health score, and 30-day remediation plan.

security-engineering

elophanto/EloPhanto

Expert application security engineer specializing in threat modeling, vulnerability assessment, secure code review, and security architecture design. Adapted from msitarzewski/agency-agents.

ghost-scan-code

aAAaqwq/AGI-Super-Team

Ghost Security - SAST code scanner. Finds security vulnerabilities in source code by planning and executing targeted scans for issues like SQL injection, XSS, BOLA, BFLA, SSRF, and other OWASP categories. Supports applications (backend, frontend, mobile) and libraries (prototype pollution, unsafe deserialization, ReDoS, path traversal, zip slip). Use when the user asks for a code security audit, SAST scan, vulnerability scan of source code, or wants to find security flaws in a codebase or library.

codebase-cleanup-deps-audit

diegosouzapw/awesome-omni-skills

Dependency Audit and Security Analysis workflow skill. Use this skill when the user needs You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

dependency-management-deps-audit

diegosouzapw/awesome-omni-skills

Dependency Audit and Security Analysis workflow skill. Use this skill when the user needs You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

solidity-security

wshobson/agents

Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.

security-pen-testing

alirezarezvani/claude-skills

Use when the user asks to perform security audits, penetration testing, vulnerability scanning, OWASP Top 10 checks, or offensive security assessments. Covers static analysis, dependency scanning, secret detection, API security testing, and pen test report generation.

codebase-cleanup-deps-audit-v2

diegosouzapw/awesome-omni-skills

Dependency Audit and Security Analysis workflow skill. Use this skill when the user needs You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

dependency-management-deps-audit-v2

diegosouzapw/awesome-omni-skills

Dependency Audit and Security Analysis workflow skill. Use this skill when the user needs You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

scv-scan

trailofbits/skills-curated

"Audits Solidity codebases for smart contract vulnerabilities using a four-phase workflow (cheatsheet loading, codebase sweep, deep validation, reporting) covering 36 vulnerability classes. Use when auditing Solidity contracts for security issues, performing smart contract vulnerability scans, or reviewing Solidity code for common exploit patterns."

security-review

github/awesome-copilot

'AI-powered codebase security scanner that reasons about code like a security researcher — tracing data flows, understanding component interactions, and catching vulnerabilities that pattern-matching tools miss. Use this skill when asked to scan code for security vulnerabilities, find bugs, check for SQL injection, XSS, command injection, exposed API keys, hardcoded secrets, insecure dependencies, access control issues, or any request like "is my code secure?", "review for security issues", "audit this codebase", or "check for vulnerabilities". Covers injection flaws, authentication and access control bugs, secrets exposure, weak cryptography, insecure dependencies, and business logic issues across JavaScript, TypeScript, Python, Java, PHP, Go, Ruby, and Rust.'

firebase-apk-scanner

trailofbits/skills

Scans Android APKs for Firebase security misconfigurations including open databases, storage buckets, authentication issues, and exposed cloud functions. Use when analyzing APK files for Firebase vulnerabilities, performing mobile app security audits, or testing Firebase endpoint security. For authorized security research only.

golang-security

samber/cc-skills-golang

"Security best practices and vulnerability prevention for Golang. Covers injection (SQL, command, XSS), cryptography, filesystem safety, network security, cookies, secrets management, memory safety, and logging. Apply when writing, reviewing, or auditing Go code for security, or when working on any risky code involving crypto, I/O, secrets management, user input handling, or authentication. Includes configuration of security tools."

ai-security

arcasilesgroup/ai-engineering

Runs security gates: SAST with OWASP/CWE mapping, dependency vulnerability scans, secret detection, SBOM generation for compliance, pre-release security verdict. Trigger for 'is this secure', 'audit dependencies', 'check for secrets', 'security report', 'is this package safe', 'compliance review'. Not for governance process; use /ai-governance instead. Not for runtime payload inspection; use prompt-injection-guard hook instead.

agentic-actions-auditor

trailofbits/skills

Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations including Claude Code Action, Gemini CLI, OpenAI Codex, and GitHub AI Inference. Detects attack vectors where attacker-controlled input reaches AI agents running in CI/CD pipelines, including env var intermediary patterns, direct expression injection, dangerous sandbox configurations, and wildcard user allowlists. Use when reviewing workflow files that invoke AI coding agents, auditing CI/CD pipeline security for prompt injection risks, or evaluating agentic action configurations.

dependency-auditor

OneWave-AI/claude-skills

Audit npm dependencies for security vulnerabilities, outdated packages, and unused dependencies. Use when checking for security issues, updating packages, or cleaning up dependencies.

specialist-security-reviewer

HoangNguyen0403/agent-skills-standard

High-density security audit persona. Enforces OWASP Top 10, Vibe Security, project standards, and strict tool budgets (<= 8 calls).

dependency-auditor

alirezarezvani/claude-code-tresor

Check dependencies for known vulnerabilities using npm audit, pip-audit, etc. Use when package.json or requirements.txt changes, or before deployments. Alerts on vulnerable dependencies. Triggers on dependency file changes, deployment prep, security mentions.

ssh-penetration-testing

elizaOS/eliza

This skill should be used when the user asks to "pentest SSH services", "enumerate SSH configurations", "brute force SSH credentials", "exploit SSH vulnerabilities", "perform SSH tunneling", or "audit SSH security". It provides comprehensive SSH penetration testing methodologies and techniques.

nvd-cve

automateyournetwork/netclaw

Search the National Vulnerability Database for CVEs - find vulnerabilities by keyword or ID, get CVSS scores, weaknesses, affected configurations, and remediation references. Use when looking up a CVE, scanning for vulnerabilities, running a security audit, or checking if a software version has known exploits.

performing-ssrf-vulnerability-exploitation

mukul975/Anthropic-Cybersecurity-Skills

>-

variant-analysis

trailofbits/skills

Find similar vulnerabilities and bugs across codebases using pattern-based analysis. Use when hunting bug variants, building CodeQL/Semgrep queries, analyzing security vulnerabilities, or performing systematic code audits after finding an initial issue.

variant-analysis

diegosouzapw/awesome-omni-skills

Variant Analysis workflow skill. Use this skill when the user needs Find similar vulnerabilities and bugs across codebases using pattern-based analysis. Use when hunting bug variants, building CodeQL/Semgrep queries, analyzing security vulnerabilities, or performing systematic code audits after finding an initial issue and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

variant-analysis-v2

diegosouzapw/awesome-omni-skills

Variant Analysis workflow skill. Use this skill when the user needs Find similar vulnerabilities and bugs across codebases using pattern-based analysis. Use when hunting bug variants, building CodeQL/Semgrep queries, analyzing security vulnerabilities, or performing systematic code audits after finding an initial issue and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

Vuln Scanner

aaronjmars/aeon

Audit trending repos for real security vulnerabilities and disclose responsibly via PVR or dependency PRs

find-bugs

elizaOS/eliza

Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit code on the current branch.

code-review-pro

OneWave-AI/claude-skills

Comprehensive code review covering security vulnerabilities, performance bottlenecks, best practices, and refactoring opportunities. Use when user requests code review, security audit, or performance analysis.

best-practices

tech-leads-club/agent-skills

Apply modern web development best practices for security, compatibility, and code quality. Use when asked to "apply best practices", "security audit", "modernize code", "code quality review", or "check for vulnerabilities". Do NOT use for accessibility (use web-accessibility), SEO (use seo), performance (use core-web-vitals), or comprehensive multi-area audits (use web-quality-audit).

performing-zero-day-vulnerability-discovery

xalgord/xalgorix

Systematic methodology for discovering novel vulnerabilities through manual code auditing, fuzzing, reverse engineering, and creative attack chaining during authorized security assessments.

securing-container-registry-with-harbor

xalgord/xalgorix

Harbor is an open-source container registry that provides security features including vulnerability scanning

implementing-api-security-testing-with-42crunch

xalgord/xalgorix

Implement comprehensive API security testing using the 42Crunch platform to perform static audit and dynamic

securing-container-registry-with-harbor

mukul975/Anthropic-Cybersecurity-Skills

Harbor is an open-source container registry that provides security features including vulnerability scanning (integrated Trivy), image signing (Notary/Cosign), RBAC, content trust policies, replicatio

securing-container-registry-images

xalgord/xalgorix

'Securing container registry images by implementing vulnerability scanning with Trivy and Grype, enforcing image

security-threat-model

lyndonkl/claude

Systematically identifies vulnerabilities, threats, and mitigations for systems handling sensitive data using STRIDE methodology, trust boundary mapping, and defense-in-depth principles. Use when designing or reviewing systems with PII/PHI/financial/auth data, building security-sensitive features (auth, payments, file uploads, APIs), preparing for audits or compliance (PCI, HIPAA, SOC 2), investigating incidents, or integrating third-party services. Use when user mentions threat model, STRIDE, trust boundaries, attack surface, or security review.

find-bugs-v2

diegosouzapw/awesome-omni-skills

Find Bugs workflow skill. Use this skill when the user needs Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit code on the current branch and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

find-bugs

diegosouzapw/awesome-omni-skills

Find Bugs workflow skill. Use this skill when the user needs Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit code on the current branch and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

performing-ssrf-vulnerability-exploitation

xalgord/xalgorix

Test for Server-Side Request Forgery vulnerabilities by probing cloud metadata endpoints, internal network services,

best-practices

diegosouzapw/awesome-omni-skills

Best practices workflow skill. Use this skill when the user needs Apply modern web development best practices for security, compatibility, and code quality. Use when asked to \"apply best practices\", \"security audit\", \"modernize code\", \"code quality review\", or \"check for vulnerabilities\". Do NOT use for accessibility (use web-accessibility), SEO (use seo), performance (use core-web-vitals), or comprehensive multi-area audits (use web-quality-audit) and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.