Browse Skills
9063 skills found
security-testing-patterns.md
4
1
export
security-testing-patterns
2
from
"NickCrew/claude-cortex"
from
"NickCrew/claude-cortex"
3
Security testing patterns including SAST, DAST, penetration testing, and vulnerability assessment techniques. Use when implementing security testing pipelines, conducting security audits, or validating application security controls.
2026-01-05
policy-opa.md
4
1
export
policy-opa
2
from
"AgentSecOps/SecOpsAgentKit"
from
"AgentSecOps/SecOpsAgentKit"
3
Policy-as-code enforcement and compliance validation using Open Policy Agent (OPA). Use when: (1) Enforcing security and compliance policies across infrastructure and applications, (2) Validating Kubernetes admission control policies, (3) Implementing policy-as-code for compliance frameworks (SOC2, PCI-DSS, GDPR, HIPAA), (4) Testing and evaluating OPA Rego policies, (5) Integrating policy checks into CI/CD pipelines, (6) Auditing configuration drift against organizational security standards, (7) Implementing least-privilege access controls.
2026-01-05
tech-details.md
4
1
export
tech-details
2
from
"adeonir/golden-anniversary"
from
"adeonir/golden-anniversary"
3
Database schema (users, messages, photos tables), environment variables, ImageKit storage structure, authentication flow, and service integrations. Use when working on database operations, API logic, authentication, or infrastructure.
2026-01-05
clickhouse-cloud-management.md
4
1
export
clickhouse-cloud-management
2
from
"terrylica/cc-skills"
from
"terrylica/cc-skills"
3
This skill should be used when the user asks to "create ClickHouse user", "manage ClickHouse permissions", "test ClickHouse connection", "troubleshoot ClickHouse Cloud", or mentions ClickHouse Cloud credentials, API keys, or SQL user management.
2026-01-05
dast-ffuf.md
4
1
export
dast-ffuf
2
from
"AgentSecOps/SecOpsAgentKit"
from
"AgentSecOps/SecOpsAgentKit"
3
Fast web fuzzer for DAST testing with directory enumeration, parameter fuzzing, and virtual host discovery. Written in Go for high-performance HTTP fuzzing with extensive filtering capabilities. Supports multiple fuzzing modes (clusterbomb, pitchfork, sniper) and recursive scanning. Use when: (1) Discovering hidden directories, files, and endpoints on web applications, (2) Fuzzing GET and POST parameters to identify injection vulnerabilities, (3) Enumerating virtual hosts and subdomains, (4) Testing authentication endpoints with credential fuzzing, (5) Finding backup files and sensitive data exposures, (6) Performing comprehensive web application reconnaissance.
2026-01-05
doppler-secret-validation.md
4
1
export
doppler-secret-validation
2
from
"terrylica/cc-skills"
from
"terrylica/cc-skills"
3
Validate and test secrets stored in Doppler. Add API tokens/credentials to Doppler, verify storage and retrieval, test authentication with target services. Use when user mentions "add to Doppler", "store secret", "validate token", or provides API tokens needing secure storage.
2026-01-05
nuxt-v4.md
4
1
export
nuxt-v4
2
from
"ChrisTowles/blog"
from
"ChrisTowles/blog"
3
Production-ready Nuxt 4 framework development with SSR, composables,data fetching, server routes, and Cloudflare deployment.Use when: building Nuxt 4 applications, implementing SSR patterns,creating composables, server routes, middleware, data fetching,state management, debugging hydration issues, deploying to Cloudflare,optimizing performance, or setting up testing with Vitest.Keywords: Nuxt 4, Nuxt v4, SSR, universal rendering, Nitro, Vue 3,useState, useFetch, useAsyncData, $fetch, composables, auto-imports,middleware, server routes, API routes, hydration, file-based routing,app directory, SEO, meta tags, useHead, useSeoMeta, transitions,error handling, runtime config, Cloudflare Pages, Cloudflare Workers,NuxtHub, Workers Assets, D1, KV, R2, Durable Objects, Vitest, testing,performance optimization, lazy loading, code splitting, prerendering,layers, modules, plugins, Vite, TypeScript, hydration mismatch,shallow reactivity, reactive keys, singleton pattern, defineNuxtConfig,defineEventHandle
2026-01-05
hammer-changelog-generator.md
4
1
export
hammer-changelog-generator
2
from
"Ronin15/SDL3_HammerEngine_Template"
from
"Ronin15/SDL3_HammerEngine_Template"
3
Generates comprehensive, professionally-formatted changelogs for SDL3 HammerEngine from git history. Analyzes code changes, runs tests, includes architect review, and produces detailed documentation following World Update format. Use when documenting updates, preparing releases, or creating detailed change reports.
2026-01-05
writing-tests.md
4
1
export
writing-tests
2
from
"jasonkuhrt/kit"
from
"jasonkuhrt/kit"
3
Writes tests following project conventions. Handles test file organization, runtime vs type tests, table-driven tests with Test module, and type assertions with Assert API.
2026-01-05
using-skillpack-maintenance.md
4
1
export
using-skillpack-maintenance
2
from
"tachyon-beep/skillpacks"
from
"tachyon-beep/skillpacks"
3
Use when maintaining or enhancing existing skill packs in the skillpacks repository - systematic pack refresh through domain analysis, structure review, RED-GREEN-REFACTOR gauntlet testing, and automated quality improvements
2026-01-05
security-workflow.md
4
1
export
security-workflow
2
from
"jpoley/jp-spec-kit"
from
"jpoley/jp-spec-kit"
3
Use when creating backlog tasks from security findings, integrating security scans into workflow states, or managing security remediation tracking. Invoked for security workflow integration and task automation.
2026-01-05
claude-hook-authoring.md
4
1
export
claude-hook-authoring
2
from
"outfitter-dev/agents"
from
"outfitter-dev/agents"
3
Creates event hooks for Claude Code automation with proper configuration, matchers, input/output handling, and security best practices. Covers all 9 hook types (PreToolUse, PostToolUse, UserPromptSubmit, Notification, Stop, SubagentStop, PreCompact, SessionStart, SessionEnd). Use when building automation, creating hooks, setting up event handlers, or when users mention hooks, automation, event handlers, or tool interception.
2026-01-05
api-spectral.md
4
1
export
api-spectral
2
from
"AgentSecOps/SecOpsAgentKit"
from
"AgentSecOps/SecOpsAgentKit"
3
API specification linting and security validation using Stoplight's Spectral with support for OpenAPI, AsyncAPI, and Arazzo specifications. Validates API definitions against security best practices, OWASP API Security Top 10, and custom organizational standards. Use when: (1) Validating OpenAPI/AsyncAPI specifications for security issues and design flaws, (2) Enforcing API design standards and governance policies across API portfolios, (3) Creating custom security rules for API specifications in CI/CD pipelines, (4) Detecting authentication, authorization, and data exposure issues in API definitions, (5) Ensuring API specifications comply with organizational security standards and regulatory requirements.
2026-01-05
test-analyzer.md
4
1
export
test-analyzer
2
from
"viamin/aidp"
from
"viamin/aidp"
3
Expert in test suite analysis, coverage assessment, and test quality evaluation
2026-01-05
sast-bandit.md
4
1
export
sast-bandit
2
from
"AgentSecOps/SecOpsAgentKit"
from
"AgentSecOps/SecOpsAgentKit"
3
Python security vulnerability detection using Bandit SAST with CWE and OWASP mapping. Use when: (1) Scanning Python code for security vulnerabilities and anti-patterns, (2) Identifying hardcoded secrets, SQL injection, command injection, and insecure APIs, (3) Generating security reports with severity classifications for CI/CD pipelines, (4) Providing remediation guidance with security framework references, (5) Enforcing Python security best practices in development workflows.
2026-01-05
wow-applying-maker-checker-fixer.md
4
1
export
wow-applying-maker-checker-fixer
2
from
"wahidyankf/open-sharia-enterprise"
from
"wahidyankf/open-sharia-enterprise"
3
Three-stage content quality workflow pattern (Maker creates, Checker validates, Fixer remediates). Use when working with content quality workflows, validation processes, audit reports, or implementing maker/checker/fixer agent roles.
2026-01-05
cicd-pipeline-architecture.md
4
1
export
cicd-pipeline-architecture
2
from
"tachyon-beep/skillpacks"
from
"tachyon-beep/skillpacks"
3
Use when setting up CI/CD pipelines, experiencing deployment failures, slow feedback loops, or production incidents after deployment - provides deployment strategies, test gates, rollback mechanisms, and environment promotion patterns to prevent downtime and enable safe continuous delivery
2026-01-05
sca-blackduck.md
4
1
export
sca-blackduck
2
from
"AgentSecOps/SecOpsAgentKit"
from
"AgentSecOps/SecOpsAgentKit"
3
Software Composition Analysis (SCA) using Synopsys Black Duck for identifying open source vulnerabilities, license compliance risks, and supply chain security threats with CVE, CWE, and OWASP framework mapping. Use when: (1) Scanning dependencies for known vulnerabilities and security risks, (2) Analyzing open source license compliance and legal risks, (3) Identifying outdated or unmaintained dependencies, (4) Integrating SCA into CI/CD pipelines for continuous dependency monitoring, (5) Providing remediation guidance for vulnerable dependencies with CVE and CWE mappings, (6) Assessing supply chain security risks and third-party component threats.
2026-01-05
using-web-backend.md
4
1
export
using-web-backend
2
from
"tachyon-beep/skillpacks"
from
"tachyon-beep/skillpacks"
3
Use when building web APIs, backend services, or encountering FastAPI/Django/Express/GraphQL questions, microservices architecture, authentication, or message queues - routes to 11 specialist skills rather than giving surface-level generic advice
2026-01-05
temporary-license-expert.md
4
1
export
temporary-license-expert
2
from
"reggiechan74/vp-real-estate"
from
"reggiechan74/vp-real-estate"
3
Expert in temporary license agreements for very short-term occupancy (1 day to 3 months) that avoid creating landlord-tenant relationships. Use when drafting licenses for film shoots, pop-up retail, event space, interim occupancy during renovations, meeting room bookings, or testing space before committing to a lease. Also use when analyzing whether arrangement is truly a license vs lease, structuring revocable occupancy rights, or evaluating holdover and termination provisions. Key terms include license vs lease, temporary occupancy, short-term license, no landlord-tenant relationship, revocable, non-exclusive, film production license, pop-up retail, interim occupancy, no statutory protections
2026-01-05
using-quality-engineering.md
4
1
export
using-quality-engineering
2
from
"tachyon-beep/skillpacks"
from
"tachyon-beep/skillpacks"
3
Use when user asks about E2E testing, performance testing, chaos engineering, test automation, flaky tests, test data management, or quality practices - routes to specialist reference sheets with deep expertise instead of providing general guidance
2026-01-05
security-engineering.md
4
1
export
security-engineering
2
from
"outfitter-dev/agents"
from
"outfitter-dev/agents"
3
Security auditing and vulnerability detection using OWASP patterns, CWE analysis, and threat modeling. Use when auditing code for security issues, reviewing authentication/authorization, evaluating input validation, analyzing cryptographic usage, reviewing dependency security, or when security-audit, vulnerability-scan, OWASP, threat-model, or --security are mentioned.
2026-01-05
phoenix-ecto.md
4
1
export
phoenix-ecto
2
from
"forest/dotfiles"
from
"forest/dotfiles"
3
Critical Ecto and Phoenix guidelines that prevent common bugs and security issues. Use when writing Elixir code that involves Ecto schemas, changesets, queries, associations, or seeds.exs files. Prevents subtle mistakes with field access, validation options, and mass assignment vulnerabilities.
2026-01-05
hammer-benchmark-regression.md
4
1
export
hammer-benchmark-regression
2
from
"Ronin15/SDL3_HammerEngine_Template"
from
"Ronin15/SDL3_HammerEngine_Template"
3
Runs performance benchmarks for SDL3 HammerEngine and detects regressions by comparing metrics against baseline. Use when testing performance-sensitive changes to AI, collision, pathfinding, particle systems, or before merging features to ensure no performance degradation.
2026-01-05