>_
🔒

Security

2492 skills in Testing & Security > Security

setting-up-gitignore

This skill should be used when users need to create or update a .gitignore file for their project. It provides comprehensive security-focused patterns and automatically detects the tech stack to include appropriate language-specific exclusions. Use when users ask to "set up gitignore", "create a secure gitignore", "add gitignore protection", or similar requests.

nickpending/momentum
7
0
Aktualisiert 1w ago

security-guardian

Expert en sécurité applicative pour détecter les vulnérabilités, auditer le code, et guider les bonnes pratiques de sécurité. OWASP Top 10, authentification, autorisation, cryptographie, gestion de secrets. Utiliser pour audits sécurité, reviews de code sensible, conception de features sécurisées, ou résolution de failles.

Bikach/skills-claude-code
7
0
Aktualisiert 1w ago

azure-basics

Azure cloud services, resource management, and Azure CLI patterns. Use when working with Azure resources, resource groups, ARM templates, az commands (az vm, az network, az storage, az aks), Azure naming conventions, RBAC policies, networking (VNet, NSG, Application Gateway), or implementing Azure best practices for resource organization, cost management, and security.

jonhill90/vibes
7
1
Aktualisiert 1w ago

repomix

Repository packaging for AI/LLM analysis. Capabilities: pack repos into single files, generate AI-friendly context, codebase snapshots, security audit prep, filter/exclude patterns, token counting, multiple output formats. Actions: pack, generate, export, analyze repositories for LLMs. Keywords: Repomix, repository packaging, LLM context, AI analysis, codebase snapshot, Claude context, ChatGPT context, Gemini context, code packaging, token count, file filtering, security audit, third-party library analysis, context window, single file output. Use when: packaging codebases for AI, generating LLM context, creating codebase snapshots, analyzing third-party libraries, preparing security audits, feeding repos to Claude/ChatGPT/Gemini.

samhvw8/dotfiles
7
2
Aktualisiert 1w ago

backend-development

Production backend systems development. Stack: Node.js/TypeScript, Python, Go, Rust | NestJS, FastAPI, Django, Express | PostgreSQL, MongoDB, Redis. Capabilities: REST/GraphQL/gRPC APIs, OAuth 2.1/JWT auth, OWASP security, microservices, caching, load balancing, Docker/K8s deployment. Actions: design, build, implement, secure, optimize, deploy, test APIs and services. Keywords: API design, REST, GraphQL, gRPC, authentication, OAuth, JWT, RBAC, database, PostgreSQL, MongoDB, Redis, caching, microservices, Docker, Kubernetes, CI/CD, OWASP, security, performance, scalability, NestJS, FastAPI, Express, middleware, rate limiting. Use when: designing APIs, implementing auth/authz, optimizing queries, building microservices, securing endpoints, deploying containers, setting up CI/CD.

samhvw8/dotfiles
7
2
Aktualisiert 1w ago

tzurot-security

Security best practices for Tzurot v3 - Secret management, AI-specific security (prompt injection, PII scrubbing), Economic DoS prevention, Discord permission verification, microservices security, and supply chain integrity. Use when handling secrets, user input, or security-critical code.

lbds137/tzurot
7
1
Aktualisiert 1w ago

security-reviewer

Marketplace

Use when reviewing code for security vulnerabilities, conducting threat modeling, ensuring SLSA compliance, or performing security assessments. Invoked for security analysis, vulnerability detection, and compliance verification.

jpoley/flowspec
7
0
Aktualisiert 1w ago

better-auth

TypeScript authentication framework (framework-agnostic). Features: email/password, OAuth (Google, GitHub, Discord), 2FA (TOTP, SMS), passkeys/WebAuthn, session management, RBAC, rate limiting, database adapters. Actions: implement, configure, secure authentication systems. Keywords: Better Auth, authentication, authorization, OAuth, email/password, 2FA, MFA, TOTP, passkeys, WebAuthn, session management, RBAC, rate limiting, database adapter, TypeScript auth, social login, Google auth, GitHub auth, Discord auth, email verification, password reset. Use when: implementing TypeScript auth, adding OAuth providers, setting up 2FA/MFA, managing sessions, configuring RBAC, building secure auth systems.

samhvw8/dotfiles
7
2
Aktualisiert 1w ago

infra-engineer

Comprehensive infrastructure engineering covering DevOps, cloud platforms, FinOps, and DevSecOps. Platforms: AWS (EC2, Lambda, S3, ECS, EKS, RDS, CloudFormation), Azure basics, Cloudflare (Workers, R2, D1, Pages), GCP (GKE, Cloud Run, Cloud Storage), Docker, Kubernetes. Capabilities: CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins), GitOps, infrastructure as code (Terraform, CloudFormation), container orchestration, cost optimization, security scanning, vulnerability management, secrets management, compliance (SOC2, HIPAA). Actions: deploy, configure, manage, scale, monitor, secure, optimize cloud infrastructure. Keywords: AWS, EC2, Lambda, S3, ECS, EKS, RDS, CloudFormation, Azure, Kubernetes, k8s, Docker, Terraform, CI/CD, GitHub Actions, GitLab CI, Jenkins, ArgoCD, Flux, cost optimization, FinOps, reserved instances, spot instances, security scanning, SAST, DAST, vulnerability management, secrets management, Vault, compliance, monitoring, observability. Use when: deploying to AWS/Azure/GCP/Cloudflare, s

samhvw8/dotfiles
7
2
Aktualisiert 1w ago

research

Technical research methodology with YAGNI/KISS/DRY principles. Phases: scope definition, information gathering, analysis, synthesis, recommendation. Capabilities: technology evaluation, architecture analysis, best practices research, trade-off assessment, solution design. Actions: research, analyze, evaluate, compare, recommend technical solutions. Keywords: research, technology evaluation, best practices, architecture analysis, trade-offs, scalability, security, maintainability, YAGNI, KISS, DRY, technical analysis, solution design, competitive analysis, feasibility study. Use when: researching technologies, evaluating architectures, analyzing best practices, comparing solutions, assessing technical trade-offs, planning scalable/secure systems.

samhvw8/dotfiles
7
2
Aktualisiert 1w ago

shopify

Shopify platform development. Stack: Shopify CLI, GraphQL/REST APIs, Polaris UI, Liquid templating. Capabilities: app development (OAuth), checkout UI extensions, admin UI extensions, POS extensions, theme development, webhooks, billing API, product/order/customer management. Actions: build, extend, customize, integrate Shopify apps/themes. Keywords: Shopify, Shopify CLI, GraphQL Admin API, REST API, Polaris, Liquid, checkout extension, admin extension, POS extension, theme, webhook, billing API, OAuth, app bridge, metafields, product, order, customer, storefront, hydrogen, oxygen. Use when: building Shopify apps, customizing checkout, creating admin interfaces, developing themes, integrating payments, managing store data via APIs, extending Shopify functionality.

samhvw8/dotfiles
7
2
Aktualisiert 1w ago

core

Marketplace

PAI (Personal AI Infrastructure) - Your AI system core. AUTO-LOADS at session start. USE WHEN any session begins OR user asks about PAI identity, response format, stack preferences, security protocols, or delegation patterns.

jeffh/claude-plugins
6
0
Aktualisiert 1w ago

moai-security

Marketplace

Auth0 security specialist covering attack protection, multi-factor authentication, token security, sender constraining, and compliance. Use when implementing Auth0 security features, configuring attack defenses, setting up MFA, or meeting regulatory requirements.

modu-ai/claude-plugins
6
1
Aktualisiert 1w ago

vscode-webview-expert

This skill provides expert-level guidance for implementing VS Code WebView features. Use when creating WebView panels, implementing secure CSP policies, handling Extension-WebView communication, managing WebView state persistence, optimizing WebView performance, or debugging WebView rendering issues. Covers security best practices, message protocols, and VS Code-specific WebView patterns.

s-hiraoku/vscode-sidebar-terminal
6
4
Aktualisiert 1w ago

git-security-checks

Marketplace

Pre-commit security validation and secret detection. Runs detect-secrets scanand audit workflow, validates secrets baseline, and integrates with pre-commithooks to prevent credential leaks.Use when user mentions scanning for secrets, detect-secrets, secret detection,credential scanning, pre-commit security, or .secrets.baseline.

laurigates/dotfiles
6
0
Aktualisiert 1w ago

jira-integration

Agent Skill: Comprehensive Jira integration through lightweight Python scripts. AUTOMATICALLY TRIGGER when user mentions Jira URLs like 'https://jira.*/browse/*', 'https://*.atlassian.net/browse/*', or issue keys like 'PROJ-123'. Use when searching issues (JQL), getting/updating issue details, creating issues, transitioning status, adding comments, logging worklogs, managing sprints and boards, creating issue links, or formatting Jira wiki markup. If authentication fails, offer to configure credentials interactively. Supports both Jira Cloud and Server/Data Center with automatic authentication detection. By Netresearch.

netresearch/jira-skillPython
6
2
Aktualisiert 1w ago

backend-queries

Write secure, performant database queries using parameterized statements, proper indexing, and query optimization techniques. Use this skill when writing SQL queries, ORM query methods, or database access code. When implementing data fetching logic that retrieves or updates database records. When optimizing queries to prevent N+1 problems through eager loading or joins. When using WHERE clauses, JOIN operations, or ORDER BY statements. When implementing transactions for related database operations. When working with query builder methods, raw SQL, or ORM query interfaces. When setting query timeouts or implementing query result caching.

coreyja/coreyja.com
6
1
Aktualisiert 1w ago

npm-publish

This skill should be used when the user wants to publish a package to npm, bump a version, release a new version, or mentions "npm publish", "bun publish", "version bump", or "release". Handles changelog updates, git push, and npm publishing with OTP authentication.

b-open-io/prompts
6
2
Aktualisiert 1w ago

check-secrets

Scan the codebase for potential secret leaks including API keys, tokens, passwords, hardcoded project IDs, and sensitive identifiers. Use when the user says "check for secrets", "scan for leaks", "security check", or before committing sensitive changes.

nozomi-koborinai/koborin-ai
6
0
Aktualisiert 1w ago

global-validation

Implement secure, comprehensive input validation on both client and server sides using allowlists, type checking, and sanitization to prevent injection attacks. Use this skill when handling user input from forms, API requests, or any external data source. When implementing form validation logic with field-specific error messages. When validating data types, formats, ranges, and required fields. When sanitizing input to prevent SQL injection, XSS, or command injection. When validating business rules like sufficient balance or valid date ranges. When implementing both client-side validation for user experience and mandatory server-side validation for security.

coreyja/coreyja.com
6
1
Aktualisiert 1w ago