정보 보안 분석가

Harness Safety Guard

§10.2 安全ガードの詳細パターンリストと判定フロー。危険操作の正規表現一覧、Azure 固有の破壊的コマンド一覧（本リポジトリ特化）、ホワイトリスト例、停止レベル別の判定フローを提供する。

dahatake0

프로젝트 관리

Security Review Ops

Security triage and remediation prioritization workflows.

fcistud0

스마트 컨트랙트

Tool Use Safety Audit

Audit tool-use safety risks and define robust execution guardrails.

fcistud0

게임 개발

Game Hacking Techniques

Guide for game hacking techniques and cheat development. Use this skill when researching memory manipulation, code injection, ESP/aimbot development, overlay rendering, or game exploitation methodologies.

FCheatDev0

금융 및 투자

Dependency Risk Audit

Audit dependencies for security, maintenance risk, and upgrade strategy.

fcistud0

스마트 컨트랙트

007

Security audit, hardening, threat modeling (STRIDE/PASTA), Red/Blue Team, OWASP checks, code review, incident response, and infrastructure security for any project.

fbgouveia0

컨테이너

K8s Security Policies

Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security. Use when securing Kubernetes clusters, implementing network isolation, or enforcing pod security standards.

fazedordecodigo0

Skill: Security Audit

This skill should be used when the user asks to "audit security", "review security config", "check security chains", "validate @PreAuthorize", "audit tenant context", "verify RLS setup", "security review", or "check filter pipeline order". Audits that an existing Spring Security implementation follows the patterns defined in the security skill. For implementing security from scratch, use the security skill instead.

Faus5350

디버깅

Security Review

Perform Security Review for Endpoint

daithien20040

Create Vuln Login

Creates the intentionally vulnerable Login module (SQL Injection / OWASP A03) for the CTF security lab. Use when asked to scaffold the login controller, login route, or login view. Produces: LoginController using raw DB::select() with direct string concatenation (no prepared statements), GET+POST /login routes, and a Tailwind login blade. Marks the vulnerable line with // [VULNERABLE HERE]. Do NOT use for production code.

Fatt10

Create Vulnerable Document Download Module (Path Traversal)

Creates the intentionally vulnerable Document Download module (Path Traversal / OWASP A01) for the CTF security lab. Use when asked to scaffold the download controller, download route, or document download page. Produces: DownloadController that concatenates a raw ?file= query parameter onto storage_path("documents") with NO sanitization, GET /download route, and a Tailwind download blade. Marks the vulnerable line with // [VULNERABLE HERE]. Do NOT use for production code.

Fatt10

Create Vuln Grades

Creates the intentionally vulnerable View Grades module (IDOR / OWASP A01) for the CTF security lab. Use when asked to scaffold the grades controller, grades route, or grades view. Produces: GradeController using Grade::find($id) with NO ownership check (no Auth::id() comparison, no Policies, no Gates), GET /student/grades/{id} route, and a Tailwind grades blade. Marks the vulnerable line with // [VULNERABLE HERE]. Do NOT use for production code.

Fatt10

스마트 컨트랙트

DoS & Griefing Analysis

Detects Denial of Service and griefing vulnerabilities in smart contracts. Covers unbounded loop DoS, block gas limit exhaustion, external call failure DoS, insufficient gas griefing (63/64 rule), storage bloat attacks, timestamp griefing, self-destruct force-feeding, and push vs pull payment pattern analysis. Use when auditing contracts with batch operations, loops over user data, reward distribution, dividend systems, or any logic that depends on address(this).balance or iterates over growing collections.

dajneem230

코드 품질

Security & Reliability Review

Automated security and reliability review for Booking OS code changes. Triggers after ANY code modification — new features, bugfixes, refactors, schema changes, controller edits, service updates, or queue/job changes. Checks for multi-tenancy violations, missing transaction wrappers, auth guard gaps, webhook verification, AI safety, race conditions, and cascading data integrity issues. Also triggers when user says 'review this', 'is this safe', 'check for bugs', 'security check', or 'audit this change'. If code was written or modified, this skill should run before considering the work complete. This is separate from the self-review-loop (which checks general correctness) — this skill checks for production safety patterns specific to this multi-tenant SaaS codebase.

Farzin-habibp0ur0

LLM & AI

Red Team Skill

Invokes Red Team with ATT&CK/ATLAS technique IDs; generates structured output; saves to proof-of-work. Use when the user says Red Team, attack simulation, ATT&CK technique, ATLAS technique, or requests Red Team exercises.

건강 및 피트니스

Purple Orchestrator Skill

Runs full Purple flow: scope → Red attack → Blue check → fix → re-test. Use when the user says Purple Team, Purple exercise, run Purple, or requests Red+Blue coordinated exercise.

아키텍처 패턴

Attack Library Skill

Maintains reusable attack playbooks with ATT&CK/ATLAS technique mappings. Use when creating playbooks, attack library, export flow, rules backdoor, prompt injection playbook, or maintaining security exercise templates.

데이터 분석

Coverage Report Skill

Produces ATT&CK/ATLAS heat map from past exercises. Use when the user asks for coverage report, heat map, technique coverage, or security exercise summary.

디버깅

Blue Team Skill

Invokes Blue Team with technique IDs; maps detections to ATT&CK/ATLAS; proposes mitigations. Use when the user says Blue Team, defenders, detection mapping, ATT&CK mitigation, or requests Blue Team review.

Security Expert Skill

Automatiza la detección de vulnerabilidades comunes en aplicaciones Android siguiendo OWASP MASVS.

FarbalEduardo0

Skill Auditor

The definitive security scanner for OpenClaw skills. 18 security checks including prompt injection detection, download-and-execute, privilege escalation, credential harvesting, supply chain attacks, crypto drains, and more. 5-dimension trust scoring with trend tracking.

fanzam0501-pixel0

Vuln Analysis Expert

WooYun漏洞分析专家系统。基于88,636个真实漏洞案例提炼的元思考方法论、测试流程、利用技巧、绕过方法。覆盖SQL注入、XSS、命令执行、逻辑漏洞、文件上传、未授权访问等主要漏洞类型。当用户进行漏洞挖掘、渗透测试、安全审计、代码审计时触发。

fantay03120

Isms Audit Expert

信息安全管理体系 (ISMS) 审计专家，用于 ISO 27001 合规性验证、安全控制评估和认证支持。当用户提到 ISO 27001、ISMS 审计、附录 A 控制、适用性声明 (SOA)、差距分析、不符合项管理、内部审计、监督审核或安全认证准备时使用。帮助审查控制措施实施证据、记录审计发现、将不符合项分类、生成基于风险的审计计划、将控制映射到附录 A 要求、准备第一阶段和第二阶段审计文档，并支持纠正措施工作流。

Senior Secops

用于应用安全、漏洞管理、合规验证和安全开发实践的高级 SecOps 工程师技能。运行 SAST/DAST 扫描，生成 CVE 修复计划，检查依赖漏洞，创建安全策略，强制执行安全编码模式，并自动化针对 SOC2、PCI-DSS、HIPAA 和 GDPR 的合规性检查。适用于进行安全审查或审计、响应 CVE 或安全事件、加固基础设施、实现身份验证或密钥管理、进行渗透测试准备、检查 OWASP Top 10 暴露情况或在 CI/CD 流水线中实施安全控制。

Information Security Manager Iso27001

针对医疗科技（HealthTech）和医疗器械技术（MedTech）公司的 ISO 27001 ISMS 实施和网络安全治理。用于 ISMS 设计、安全风险评估、控制措施实施、ISO 27001 认证、安全审计、事件响应以及合规性验证。涵盖 ISO 27001、ISO 27002、医疗保健安全和医疗器械网络安全。

코드 품질

Skill Security Auditor

在安装前对 AI 智能体技能进行安全审计和漏洞扫描。使用场景：(1) 评估来自不可信来源的技能，(2) 审计技能目录或 git 仓库 URL 中的恶意代码，(3) 为 Claude Code 插件、OpenClaw 技能或 Codex 技能设置安装前安全准入，(4) 扫描 Python 脚本中的危险模式，如 os.system、eval、subprocess、网络数据外泄，(5) 检测 SKILL.md 文件中的提示词注入，(6) 检查依赖供应链风险，(7) 验证文件系统访问是否保持在技能边界内。触发词："审计此技能"、"这个技能安全吗"、"扫描技能安全性"、"安装前检查技能"、"技能安全检查"、"技能漏洞扫描"。

Ciso Advisor

为成长型公司提供安全领导力。以美元量化风险，制定合规路线图（SOC 2/ISO 27001/HIPAA/GDPR），规划安全架构策略，领导事件响应，以及进行董事会级别的安全报告。适用于构建安全计划、论证安全预算、选择合规框架、管理事件、评估供应商风险，或当用户提到 CISO、安全策略、合规路线图、零信任或董事会安全报告时。