Browse Skills
9063 skills found
dependency-security-scanning.md
2
1
export
dependency-security-scanning
2
from
"daishiman/AIWorkflowOrchestrator"
from
"daishiman/AIWorkflowOrchestrator"
3
依存関係の脆弱性スキャン、CVE評価、レポート作成を体系化するスキル。SCAの運用と修正計画の整理を支援する。Anchors:• OWASP Dependency-Check / 適用: 依存スキャン / 目的: 検出の標準化• CVSS v3.1 Specification / 適用: 重大度評価 / 目的: 優先度の整合性• Web Application Security / 適用: 脅威評価 / 目的: リスク判定の一貫性Trigger:Use when scanning dependencies for vulnerabilities, evaluating CVE reports, producing audit reports, or planning remediation.dependency scan, CVE, CVSS, SCA, supply chain security, audit report
2026-01-05
github-actions-security.md
2
1
export
github-actions-security
2
from
"daishiman/AIWorkflowOrchestrator"
from
"daishiman/AIWorkflowOrchestrator"
3
GitHub Actionsワークフローのセキュリティ強化スキル。Repository/Environment Secretsの安全管理、ログマスキング、品質ゲート統合、CI/CDパイプラインの脅威対策を行う。Anchors:• OWASP Top 10 CI/CD Security Risks / 適用: リスク評価・脅威特定 / 目的: 業界標準に基づくリスク優先度決定• GitHub Actions Security Hardening Guide / 適用: ワークフロー実装 / 目的: 公式ベストプラクティス準拠• Threat Modeling (Adam Shostack) / 適用: STRIDE脅威分析 / 目的: 体系的なセキュリティ設計Trigger:Use when securing GitHub Actions workflows, configuring Environment/Repository Secrets, implementing log masking, adding quality gates to CI/CD pipelines, or performing threat modeling on workflows.github actions security, secrets management, log masking, quality gate, CI/CD security, threat modeling
2026-01-05
feature-flags.md
2
1
export
feature-flags
2
from
"cosmix/claude-code-setup"
from
"cosmix/claude-code-setup"
3
Feature flag patterns for controlled rollouts, A/B testing, and kill switches. Use when implementing feature toggles, gradual rollouts, canary releases, percentage-based features, user targeting, or emergency kill switches.
2026-01-05
claude-code-memory.md
2
1
export
claude-code-memory
2
from
"AugurProject/augur-reboot-website"
from
"AugurProject/augur-reboot-website"
3
Maintain Claude Code memory hygiene by auditing, organizing, updating, and optimizing memory files in `.claude/memory/`. Use when users request memory cleanup, organization, updates, or want to reduce context pollution. Handles stale content, redundancy, conflicts, and file organization issues.
2026-01-05
compliance-validation.md
2
1
export
compliance-validation
2
from
"Euda1mon1a/Autonomous-Assignment-Program-Manager"
from
"Euda1mon1a/Autonomous-Assignment-Program-Manager"
3
ACGME & institutional rule checking with systematic audit workflows, historical analysis, and violation remediation. Use for compliance audits, violation investigation, and regulatory reporting.
2026-01-05
database-engineering.md
2
1
export
database-engineering
2
from
"warpcode/dotfiles"
from
"warpcode/dotfiles"
3
Domain specialist for data persistence, database design, query optimization, and data modeling. Scope: SQL injection prevention, indexing strategies, normalization, migrations, scaling, backup/recovery, ORM patterns, N+1 query detection, query optimization, relationship mapping. Excludes: API design, business logic, infrastructure, frontend, security beyond database. Triggers: "database", "SQL", "query", "index", "schema", "migration", "sharding", "replication", "backup", "N+1", "ORM", "Eloquent", "Django", "query optimization", "slow query", "relationship", "foreign key", "join".
2026-01-05
secops-engineering.md
2
1
export
secops-engineering
2
from
"warpcode/dotfiles"
from
"warpcode/dotfiles"
3
Domain specialist for security operations, vulnerability management, compliance, and secure coding practices. Scope: OWASP Top 10, authentication (OAuth2, JWT, SAML, OIDC), input validation (SQLi, XSS, CSRF), secrets management, security headers, file upload security, vulnerability scanning, compliance (SOC2, GDPR, PCI-DSS). Excludes: code-level design patterns, infrastructure security, database design, performance optimization. Triggers: "security", "OWASP", "authentication", "authorization", "OAuth", "JWT", "SAML", "OIDC", "SQL injection", "XSS", "CSRF", "input validation", "secrets management", "vulnerability scan", "compliance", "SOC2", "GDPR", "security headers".
2026-01-05
security-pr-checklist-skill.md
2
1
export
security-pr-checklist-skill
2
from
"patricio0312rev/skillset"
from
"patricio0312rev/skillset"
3
Creates repeatable security review checklist for PRs with required checks, common pitfalls, and automated gating. Use for "security review", "PR checklist", "code review", or "security gates".
2026-01-05
healthsim.md
2
1
export
healthsim
2
from
"mark64oswald/healthsim-skills"
from
"mark64oswald/healthsim-skills"
3
HealthSim generates realistic synthetic healthcare data for testing EMR systems, claims processing, pharmacy benefits, and analytics. Use for ANY request involving: (1) synthetic patients, clinical data, or medical records, (2) healthcare claims, billing, or adjudication, (3) pharmacy prescriptions, formularies, or drug utilization, (4) HL7v2, FHIR, X12, or NCPDP formatted output, (5) healthcare testing scenarios or sample data generation.
2026-01-05
compliance-auditor.md
2
1
export
compliance-auditor
2
from
"Dexploarer/hyper-forge"
from
"Dexploarer/hyper-forge"
3
Automated compliance auditing for SOC2, HIPAA, GDPR, and PCI-DSS. Activates for compliance checks, security audits, regulatory requirements, and compliance automation.
2026-01-05
scanning-for-vulnerabilities.md
2
1
export
scanning-for-vulnerabilities
2
from
"jeremylongshore/claude-code-plugins-nixtla"
from
"jeremylongshore/claude-code-plugins-nixtla"
3
This skill enables comprehensive vulnerability scanning using the vulnerability-scanner plugin. It identifies security vulnerabilities in code, dependencies, and configurations, including CVE detection. Use this skill when the user asks to scan for vulnerabilities, security issues, or CVEs in their project. Trigger phrases include "scan for vulnerabilities", "find security issues", "check for CVEs", "/scan", or "/vuln". The plugin performs static analysis, dependency checking, and configuration analysis to provide a detailed vulnerability report.
2026-01-05
managing-database-recovery.md
2
1
export
managing-database-recovery
2
from
"jeremylongshore/claude-code-plugins-nixtla"
from
"jeremylongshore/claude-code-plugins-nixtla"
3
This skill manages database recovery operations using the database-recovery-manager plugin. It enables disaster recovery, point-in-time recovery (PITR), and automated failover strategies for production database systems. Use this skill when the user requests help with "database recovery", "disaster recovery", "point-in-time recovery", "PITR", "backup validation", "recovery testing", or "multi-region failover" for databases. It automates backup verification and recovery testing.
2026-01-05
performing-penetration-testing.md
2
1
export
performing-penetration-testing
2
from
"jeremylongshore/claude-code-plugins-nixtla"
from
"jeremylongshore/claude-code-plugins-nixtla"
3
This skill enables automated penetration testing of web applications. It uses the penetration-tester plugin to identify vulnerabilities, including OWASP Top 10 threats, and suggests exploitation techniques. Use this skill when the user requests a "penetration test", "pentest", "vulnerability assessment", or asks to "exploit" a web application. It provides comprehensive reporting on identified security flaws.
2026-01-05
security-reporting.md
2
1
export
security-reporting
2
from
"daishiman/AIWorkflowOrchestrator"
from
"daishiman/AIWorkflowOrchestrator"
3
セキュリティ診断レポートの作成と脆弱性報告の文書化を支援するスキル。脅威分析、脆弱性評価、リスク採点、レポート生成の一連のプロセスを体系化し、専門的で実用性の高いセキュリティドキュメントを作成する。Anchors:• OWASP Top 10 (2021) / 適用: 脆弱性分類・評価基準 / 目的: 業界標準への準拠• CVSS v3.1 (FIRST) / 適用: リスクスコア計算 / 目的: 定量的脆弱性評価• Web Application Security (Andrew Hoffman) / 適用: 脅威モデリング / 目的: 体系的分析手法• CWE Top 25 / 適用: 脆弱性分類 / 目的: 共通語彙での報告Trigger:Use when creating security audit reports, vulnerability assessments, penetration test documentation, or risk analysis documents.security report, vulnerability report, security audit, penetration test report, risk assessment, 脆弱性レポート, セキュリティ監査
2026-01-05
validating-cors-policies.md
2
1
export
validating-cors-policies
2
from
"jeremylongshore/claude-code-plugins-nixtla"
from
"jeremylongshore/claude-code-plugins-nixtla"
3
This skill enables Claude to validate Cross-Origin Resource Sharing (CORS) policies. It uses the cors-policy-validator plugin to analyze CORS configurations and identify potential security vulnerabilities. Use this skill when the user requests to "validate CORS policy", "check CORS configuration", "analyze CORS headers", or asks about "CORS security". It helps ensure that CORS policies are correctly implemented, preventing unauthorized cross-origin requests and protecting sensitive data.
2026-01-05
e2e-test-builder.md
2
1
export
e2e-test-builder
2
from
"patricio0312rev/skillset"
from
"patricio0312rev/skillset"
3
Builds end-to-end browser tests for critical user flows using Playwright or Cypress. Includes selector strategies, test data management, page objects, and visual regression testing. Use for "E2E testing", "browser tests", "Playwright", or "Cypress tests".
2026-01-05
testing-conventions.md
2
1
export
testing-conventions
2
from
"benaor/claude-config"
from
"benaor/claude-config"
3
Testing conventions for React Native with TypeScript. Use this skill when writing tests, reviewing test code, or setting up test infrastructure. Covers unit tests, integration tests, component tests, test doubles (dummy, stub, spy, mock), builder pattern for fixtures, and the testing pyramid.
2026-01-05
snapshot-test-refactorer.md
2
1
export
snapshot-test-refactorer
2
from
"patricio0312rev/skillset"
from
"patricio0312rev/skillset"
3
Refactors brittle snapshot tests into resilient, focused assertions. Provides strategies for reducing snapshot size, extracting meaningful assertions, and maintaining snapshots. Use for "snapshot testing", "snapshot refactoring", "brittle tests", or "assertion improvement".
2026-01-05
go-installer-dev.md
2
1
export
go-installer-dev
2
from
"MrPointer/dotfiles"
from
"MrPointer/dotfiles"
3
Go development guide for the dotfiles-installer project. Use when writing Go code, adding features, fixing bugs, creating tests, working with package managers (brew, apt, dnf), implementing interfaces, using the commander/logger/filesystem utilities, handling privilege escalation, or understanding the codebase architecture. Covers coding patterns, testing conventions, interface design, error handling, and project structure.
2026-01-05
implementing-database-audit-logging.md
2
1
export
implementing-database-audit-logging
2
from
"jeremylongshore/claude-code-plugins-nixtla"
from
"jeremylongshore/claude-code-plugins-nixtla"
3
This skill helps implement database audit logging for tracking changes and ensuring compliance. It is triggered when the user requests to "implement database audit logging", "add audit trails", "track database changes", or mentions "audit_log" in relation to a database. The skill provides options for trigger-based auditing, application-level logging, Change Data Capture (CDC), and parsing database logs. It generates a basic audit table schema and guides the user through selecting the appropriate auditing strategy.
2026-01-05
appconfig-system.md
2
1
export
appconfig-system
2
from
"lsst-sqre/squareone"
from
"lsst-sqre/squareone"
3
Expert guidance for working with the AppConfig runtime configuration system in squareone. Use this skill when implementing configuration loading, working with YAML config files, setting up new pages that need configuration, troubleshooting config hydration issues, or migrating from next/config patterns. Covers server-side loadAppConfig(), client-side useAppConfig(), MDX content loading, Sentry configuration injection, and Kubernetes ConfigMap patterns.
2026-01-05
http-best-practices.md
2
1
export
http-best-practices
2
from
"daishiman/AIWorkflowOrchestrator"
from
"daishiman/AIWorkflowOrchestrator"
3
HTTPプロトコルの仕様に基づき、RESTful APIおよびWebサービス実装における通信設計を提供。ステータスコード、ヘッダー、キャッシュ、冪等性設計を網羅。Anchors:• HTTP/2 in Action (Barry Pollard) / 適用: プロトコル仕様・パフォーマンス / 目的: 効率的なHTTP通信• RESTful Web Services (Richardson, Ruby) / 適用: REST設計原則 / 目的: 一貫したAPI設計• Web API Design (Brian Mulloy) / 適用: 実践的なAPI設計パターン / 目的: 使いやすいAPITrigger:Use when designing REST APIs, implementing HTTP clients, configuring cache strategies, setting security headers, or ensuring idempotency.http, rest api, status codes, cache-control, cors, idempotency, headers, http/2, keep-alive
2026-01-05
validating-csrf-protection.md
2
1
export
validating-csrf-protection
2
from
"jeremylongshore/claude-code-plugins-nixtla"
from
"jeremylongshore/claude-code-plugins-nixtla"
3
This skill helps to identify Cross-Site Request Forgery (CSRF) vulnerabilities in web applications. It validates the implementation of CSRF protection mechanisms, such as synchronizer tokens, double-submit cookies, SameSite attributes, and origin validation. Use this skill when you need to analyze your application's security posture against CSRF attacks or when asked to "validate csrf", "check for csrf vulnerabilities", or "test csrf protection".
2026-01-05
llm-evaluation.md
2
1
export
llm-evaluation
2
from
"phrazzld/claude-config"
from
"phrazzld/claude-config"
3
LLM prompt testing, evaluation, and CI/CD quality gates using Promptfoo.Invoke when:- Setting up prompt evaluation or regression testing- Integrating LLM testing into CI/CD pipelines- Configuring security testing (red teaming, jailbreaks)- Comparing prompt or model performance- Building evaluation suites for RAG, factuality, or safetyKeywords: promptfoo, llm evaluation, prompt testing, red team, CI/CD, regression testing
2026-01-05