信息安全分析师

SAST Triage Skill

This skill should be used when the user wants to triage SAST scan results, analyze security findings as true or false positives, review AppScan or Semgrep output, assess whether a vulnerability finding is exploitable, or classify code scanning alerts. Triggers on phrases like "triage these findings", "is this a false positive", "review my SAST results", "analyze this security scan", "which findings should I fix", or when the user pastes raw SAST tool outputs

devenk20

Git 工作流

Security Ownership Map

Analyze git repositories to build a security ownership topology (people-to-file), compute bus factor and sensitive-code ownership, and export CSV/JSON for graph databases and visualization. Trigger only when the user explicitly wants a security-oriented ownership or bus-factor analysis grounded in git history (for example: orphaned sensitive code, security maintainers, CODEOWNERS reality checks for risk, sensitive hotspots, or ownership clusters). Do not trigger for general maintainer lists or non-security ownership questions.

jaypatrick0

知识库

Audit

Performs a comprehensive health check of an Obsidian wiki — checking broken links, orphan pages, uncompiled sources, stale articles, missing backlinks, sparse articles, and cross-article contradictions. This skill should be used when the user asks to "audit my vault", "check wiki health", "find broken links", "review knowledge base", "lint my wiki", or "validate wiki indexes". Backed by lint.py. Read-only on wiki files; writes report to output/.

jbactad0

Trivy Security Scanner — AI Agent Skill

Security scanning skill that runs Trivy to detect vulnerabilities, leaked secrets, misconfigurations, and licence risks in the local codebase and container images. Use this skill when the developer asks to scan for security issues, check dependencies for CVEs, detect secrets or API keys, scan Docker/container images, audit Dockerfiles or Kubernetes manifests, or when they mention "trivy", "vulnerability", "CVE", "secret scan", "security scan", "container scan", or "shift-left security". Also trigger when the developer is about to commit code and wants a pre-commit check, or asks "is this safe to commit/push/deploy". This skill provides detailed, user-friendly vulnerability reports with interactive fix suggestions and seeks explicit user permission before applying any changes.

chaubes0

自动化工具

Auditing Dependencies

Auditing and updating npm dependencies to prevent security vulnerabilities in TypeScript projects

djankies0

Broken Authentication Testing

This skill should be used when the user asks to "test for broken authentication vulnerabilities", "assess session management security", "perform credential stuffing tests", "evaluate password policies", "test for session fixation", or "identify authentication bypass flaws". It provides comprehensive techniques for identifying authentication and session management weaknesses in web applications.

Api Fuzzing For Bug Bounty

This skill should be used when the user asks to "test API security", "fuzz APIs", "find IDOR vulnerabilities", "test REST API", "test GraphQL", "API penetration testing", "bug bounty API testing", or needs guidance on API security assessment techniques.

Aws Penetration Testing

This skill should be used when the user asks to "pentest AWS", "test AWS security", "enumerate IAM", "exploit cloud infrastructure", "AWS privilege escalation", "S3 bucket testing", "metadata SSRF", "Lambda exploitation", or needs guidance on Amazon Web Services security assessment.

File Path Traversal Testing

This skill should be used when the user asks to "test for directory traversal", "exploit path traversal vulnerabilities", "read arbitrary files through web applications", "find LFI vulnerabilities", or "access files outside web root". It provides comprehensive file path traversal attack and testing methodologies.

Previous 1…1073 1074 1075…1087 Next

Aws Penetration Testing

This skill should be used when the user asks to "pentest AWS", "test AWS security", "enumerate IAM", "exploit cloud infrastructure", "AWS privilege escalation", "S3 bucket testing...

Cloud Penetration Testing

This skill should be used when the user asks to "perform cloud penetration testing", "assess Azure or AWS or GCP security", "enumerate cloud resources", "exploit cloud misconfiguratio...

Codebase Cleanup Deps Audit

You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues,...

Dependency Management Deps Audit

销售与营销

Gdpr Data Handling

Implement GDPR-compliant data handling with consent management, data subject rights, and privacy by design. Use when building systems that process EU personal data, implementing privacy controls, o...

Threat Mitigation Mapping

Map identified threats to appropriate security controls and mitigations. Use when prioritizing security investments, creating remediation plans, or validating control effectiveness.

容器

K8s Security Policies

Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security. Use when securing Kubernetes clusters, implementing network isolation, or ...

Security Scanning Security Dependencies

You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across ecosystems to identify vulnerabilities, ass...

销售与营销

Security Requirement Extraction

Derive security requirements from threat models and business context. Use when translating threats into actionable requirements, creating security user stories, or building security test cases.

Vulnerability Scanner

Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.

Vulnerability Scanner

Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.

Dast Automation

Automated Dynamic Application Security Testing (DAST) using Playwright MCP for browser-based security scanning. Performs blackbox/greybox security testing on single or multiple domains with intelligent crawling, vulnerability detection, and comprehensive reporting. Use when: "scan this domain for vulnerabilities", "run DAST on these URLs", "perform security testing", or "automated penetration test".

devkeni0

Inet Web

Webstandaarden getest door internet.nl: HTTPS, TLS 1.2/1.3, HSTS, DNSSEC voor websites, IPv6 dual-stack, RPKI route origin validation, security headers (CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy), security.txt (RFC 9116). Triggers: web test, HTTPS, TLS, HSTS, DNSSEC website, security headers, security.txt, IPv6, RPKI, webstandaarden, website testen, Content-Security-Policy

developer-overheid-nl0

Auth System

Build secure authentication systems with signup, signin, password hashing, JWT tokens, and Better Auth integration.

devhasnainraza0

Vulnerability Scanner

Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.

devhysterical0

项目管理

Red Team Tactics

Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.

devhysterical0

App Security

Application security scanning including SAST, DAST, dependency vulnerability scanning, secrets detection, and secure coding practices for applications. Use when scanning application code, detecting vulnerabilities in dependencies, finding secrets in code, or implementing application security controls.

devendrapratapsingh0

Cwe 22 Path Traversal

Use this skill when you need to remediate CWE-22 (Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing improper limitation of a pathname to a restricted directory (path traversal) issues.

DevelopersCoffee0