Use this skill when you need to remediate CWE-601 (URL Redirection to Untrusted Site (Open Redirect)) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing url redirection to untrusted site (open redirect) issues.

DevelopersCoffee0

调试

Red Team Analyst

Analyze AI Red Teaming Agent scorecards from scripts/foundry_redteam.py. Parses ASR (Attack Success Rate) by risk category and attack strategy, compares against prior runs, and maps findings to concrete remediation (RAI policy tweaks in infra/guardrails.bicep, PII blocklist additions, agent instruction hardening in config.json, or new evaluators in scripts/foundry_evals.py). Read-only — recommends fixes, never applies them. WHEN: "red team results", "redteam scorecard", "ASR", "attack success rate", "redteam failures", "which attacks got through", user pastes scorecard JSON/output, after Step 8 of Deploy.ps1 -Workload foundry.

chashea0

安全

Asf

Enterprise Agent Security Framework — Credential scanning, fake agent detection, egress controls, trust scoring, and compliance automation for AI agent deployments. Version 1.1 includes security hardening, improved YARA scanning, and enhanced neuro-symbolic verification.

jeffvsutherland0

安全

Api Security Auditor

API Security auditing mastery. Rate limiting architecture, API key management, payload validation, IDOR (Insecure Direct Object Reference) prevention, mass assignment flaws, GraphQL security, and server-side mitigations. Use when building external APIs, B2B services, or reviewing endpoint security.

JenilRevaliya0

项目管理

Red Team Tactics

Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.

JenilRevaliya0

安全

Healthcheck

Performs security hardening and risk-tolerance configuration for claw-python deployments. Use when: running a security audit, hardening firewall or SSH settings, or checking for available updates. NOT for: application-level debugging or runtime monitoring.

Disesfgewu0

系统管理

Careful

Safety guardrails for destructive commands. Warns before rm -rf, DROP TABLE, force-push, git reset --hard, kubectl delete, and similar destructive operations. User can override each warning. Use when touching prod, debugging live systems, or working in a shared environment. Use when asked to "be careful", "safety mode", "prod mode", or "careful mode". (gstack)

JeremiahEllington0

测试

Evaluator Interpreter

Interpret output from the security red team evaluators in scripts/foundry_evals.py (trust boundaries, red team resilience, prompt vulnerability). Parses eval run JSON, flags regressions vs. prior runs, and recommends whether a config change shipped a real improvement or a regression. WHEN: "eval results", "evaluator output", "did the eval pass", "trust boundary score", "compare evals", user pastes JSON from foundry_evals.py, after Step 7 of Deploy.ps1 -Workload foundry.

chashea0

安全

Rails Security

Use when implementing authentication, authorization, or hardening a Rails application against vulnerabilities. Also applies before deployment to verify security posture, or when reviewing code for mass assignment, XSS, SQL injection, or CSRF risks. Covers strong parameters, Devise, Pundit, security scanning, and deployment checklists.

chaserx0

智能合约

Fofum Solidity Audit

Comprehensive Solidity smart contract security audit skill. Activates when auditing, reviewing, or assessing EVM smart contracts for vulnerabilities. Covers reentrancy, access control, oracle manipulation, flash loans, MEV, weird tokens, and protocol-specific risks. Includes 100+ item checklist, severity rubric, and real exploit examples.

DeFiFoFum0

Previous 1…1075 1076 1077…1087 Next

Cwe 93 Crlf Injection

Use this skill when you need to remediate CWE-93 (CRLF Injection) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing crlf injection issues.

DevelopersCoffee0

安全

Cwe 90 Ldap Injection

Use this skill when you need to remediate CWE-90 (LDAP Injection) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing ldap injection issues.

DevelopersCoffee0

代码质量

Cwe 917 Expression Language Injection

Use this skill when you need to remediate CWE-917 (Expression Language Injection) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing expression language injection issues.

DevelopersCoffee0

安全

Cwe 798 Hardcoded Credentials

Use this skill when you need to remediate CWE-798 (Hardcoded Credentials) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing hardcoded credentials issues.

DevelopersCoffee0

安全

Cwe 732 Improper File Permissions

Use this skill when you need to remediate CWE-732 (Improper File Permissions) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing improper file permissions issues.

DevelopersCoffee0

调试

Cwe 89 Sql Injection

Use this skill when you need to remediate CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing improper neutralization of special elements used in an sql command issues.

DevelopersCoffee0

安全

Cwe 613 Insufficient Session Expiration

Use this skill when you need to remediate CWE-613 (Insufficient Session Expiration) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing insufficient session expiration issues.

DevelopersCoffee0

安全

Cwe 522 Insufficiently Protected Credentials

Use this skill when you need to remediate CWE-522 (Insufficiently Protected Credentials) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing insufficiently protected credentials issues.

DevelopersCoffee0

调试

Cwe 693 Missing Security Headers

Use this skill when you need to remediate CWE-693 (Missing Security Headers (Clickjacking)) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing missing security headers (clickjacking) issues.

DevelopersCoffee0

调试

Cwe 776 Xml Entity Expansion

Use this skill when you need to remediate CWE-776 (XML Entity Expansion (Billion Laughs)) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing xml entity expansion (billion laughs) issues.

DevelopersCoffee0

安全

Cwe 501 Trust Boundary Violation

Use this skill when you need to remediate CWE-501 (Trust Boundary Violation) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing trust boundary violation issues.

DevelopersCoffee0

安全

Cwe 259 Hardcoded Password

Use this skill when you need to remediate CWE-259 (Hardcoded Password) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing hardcoded password issues.

DevelopersCoffee0

代码质量

Cwe 367 Race Condition Toctou

Use this skill when you need to remediate CWE-367 (Race Condition (TOCTOU)) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing race condition (toctou) issues.

DevelopersCoffee0

域名与 DNS 工具

OSINT Skill v3.0 — Orchestrated Intelligence

OSINT (Open Source Intelligence) research tool — gathers publicly available information about domains, IPs, email addresses, usernames, and people. Use when: (1) asked to research a company, domain, or website, (2) looking up information about a person or online identity, (3) checking a username across platforms, (4) investigating an email address or IP, (5) performing reconnaissance for sysadmin/security purposes, (6) building a threat intelligence report, (7) any 'find what you can about X' request.

jeanclaudevermeer0

安全

Cwe 643 Xpath Injection

Use this skill when you need to remediate CWE-643 (XPath Injection) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing xpath injection issues.

DevelopersCoffee0

安全

Security Posture Analysis Skill

Performs comprehensive security posture analysis of web applications. Audits authentication, authorization, secrets management, input validation, dependency vulnerabilities, CORS, CSRF, XSS, SQL injection, SSRF, and infrastructure configuration. Maps findings to OWASP Top 10 (2021) categories with severity ratings and actionable remediation steps. Use when asked to "analyze security", "audit security", "check security posture", "find vulnerabilities", or "security review".

jeansfeir070

安全

Tenant Isolation Validation

Validate tenant isolation and RLS safety checks. Use when the user mentions tenant isolation, RLS validation, or multi-tenant access checks.

Jeduardo6220

安全

Security Hardening

Application security practices — input sanitization, CORS, CSP, dependency auditing, and common vulnerability prevention.

Jeet15110

智能合约

Security Hardening

Apply practical security hardening for this Node.js API, container, and deployment assets. Use when changing dependencies, runtime configuration, Docker/Helm manifests, or when preparing production releases.

jeevan-spark-org0

代码质量

Cwe 606 Unchecked Loop Condition

Use this skill when you need to remediate CWE-606 (Unchecked Input for Loop Condition) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing unchecked input for loop condition issues.

DevelopersCoffee0