skills.homes logoskills.homescapability registry
home/categories/security
category focus

Security

Encryption, auth, and vulnerability scanning.

2506 مهارةall categories
sorting
stars
current ordering strategy
query
all entries
refine the visible subset
security
1.7K

oauth

Implements OAuth 2.0/2.1 authorization flows in Fastify applications — configures authorization code with PKCE, client credentials, device flow, refresh token rotation, JWT validation, and token introspection/revocation endpoints. Use when setting up authentication, authorization, login flows, access tokens, API security, or securing Fastify routes with OAuth; also applies when troubleshooting token validation errors, mismatched redirect URIs, CSRF issues, scope problems, or RFC 6749/6750/7636/8252/8628 compliance questions.

mcollina
mcollina
testing-security
open
security
1.6K

agent-job-secrets

List and retrieve agent secrets. Plain secrets are also available as env vars. OAuth credentials are auto-refreshed on every get call.

stephengpope
stephengpope
testing-security
open
security
1.6K

django-add-form

Steps for creating or modifying Django forms and adding validation

fossasia
fossasia
testing-security
open
security
1.5K

vulnerability-scanner

Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.

vudovn
vudovn
testing-security
open
security
1.5K

msal-auth-code-flow

Authorization Code Flow for web applications using MSAL.NET confidential client to sign in users and access APIs on their behalf

AzureAD
AzureAD
testing-security
open
security
1.5K

msal-client-credentials

Client Credentials Flow for service-to-service (daemon) authentication in MSAL.NET without user involvement

AzureAD
AzureAD
testing-security
open
security
1.5K

msal-obo-flow

On-Behalf-Of (OBO) Flow for web APIs to call downstream APIs while preserving user identity in MSAL.NET

AzureAD
AzureAD
testing-security
open
security
1.4K

e2e-current-pr

Generate and execute PR-aware OTA E2E scenarios for `examples/v0.81.0` by diffing the checked-out branch against its PR base branch or default branch, inferring the affected runtime, rollout, and recovery surfaces, and then running the scenario through `../e2e`. Use when the caller wants current-branch OTA validation without hand-writing the scenario.

gronxb
gronxb
testing-security
open
security
1.4K

e2e

Run end-to-end OTA verification for `examples/v0.81.0` with `agent-device`. Use when validating iOS or Android release builds, deploying OTA bundles with `pnpm hot-updater deploy`, checking stable update application, reproducing rollback after a crash bundle, or reading bundle-store metadata and crash history for the v0.81.0 example app.

gronxb
gronxb
testing-security
open
security
1.4K

e2e

执行 E2E 测试用例。 根据测试用例的验证类型(ui/api/database)选择正确的工具执行验证。

AgentsMesh
AgentsMesh
testing-security
open
security
1.3K

security-reviewer

Security review wrapper for vibe review flow. Detects OWASP-style risks, secret leaks, auth flaws, and unsafe input handling.

foryourhealth111-pixel
foryourhealth111-pixel
testing-security
open
security
1.3K

security-patterns

Implements authentication, authorization, encryption, secrets management, and security hardening patterns. Use when designing auth flows, managing secrets, configuring CORS, implementing rate limiting, or when asked about JWT, OAuth, password hashing, API keys, RBAC, or security best practices.

CloudAI-X
CloudAI-X
testing-security
open
security
1.3K

ctf-crypto

Provides cryptography attack techniques for CTF challenges. Use when attacking encryption, hashing, signatures, ZKP, PRNG, or mathematical crypto problems involving RSA, AES, ECC, lattices, LWE, CVP, number theory, Coppersmith, Pollard, Wiener, padding oracle, GCM, key derivation, or stream/block cipher weaknesses.

ljagiello
ljagiello
testing-security
open
security
1.3K

ctf-web

Provides web exploitation techniques for CTF challenges. Use when the target is primarily an HTTP application, API, browser client, template engine, identity flow, or smart-contract frontend/backend surface, including XSS, SQLi, SSTI, SSRF, XXE, JWT, auth bypass, file upload, request smuggling, OAuth/OIDC, SAML, prototype pollution, and similar web bugs. Do not use it for native binary memory corruption, reverse engineering of standalone executables, disk or memory forensics, or pure cryptanalysis unless the web flaw is still the main path to the flag.

ljagiello
ljagiello
testing-security
open
security
1.3K

atmos-auth

Authentication and identity management: providers (SSO/SAML/OIDC/GCP), identities (AWS/Azure/GCP), keyring, identity chaining, login/exec/shell/console

cloudposse
cloudposse
testing-security
open
security
1.3K

audit

Autonomous mobile security audit aligned with OWASP MASTG v2. Performs checklist-driven analysis across MASVS categories: storage, crypto, network, platform, code, resilience, privacy. Exports structured markdown report with MASTG test references.

ChiChou
ChiChou
testing-security
open
security
1.2K

1password

Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.

steipete
steipete
testing-security
open
security
1.2K

validate-interface

Validate Controllers and DTOs against requirements (read-only)

wrtnlabs
wrtnlabs
testing-security
open
security
1.2K

validate-provider

Validate Providers against interfaces (read-only)

wrtnlabs
wrtnlabs
testing-security
open
security
1.2K

authentication-patterns

Authentication and authorization patterns including OAuth2, JWT, RBAC, session management, and PKCE flows

rohitg00
rohitg00
testing-security
open
security
1.2K

security-hardening

Application security covering input validation, auth, headers, secrets management, and dependency auditing

rohitg00
rohitg00
testing-security
open
security
1.2K

security-review

在添加身份验证、处理用户输入、使用机密信息、创建 API 端点或实现支付/敏感功能时使用此技能。提供全面的安全清单和模式。

cfrs2005
cfrs2005
testing-security
open
security
1.1K

auth

Activate when code touches token management, credential resolution, git auth flows, GITHUB_APM_PAT, ADO_APM_PAT, AuthResolver, HostInfo, AuthContext, or any remote host authentication — even if 'auth' isn't mentioned explicitly.

microsoft
microsoft
testing-security
open
security
1.1K

golang-security

Security best practices and vulnerability prevention for Golang. Covers injection (SQL, command, XSS), cryptography, filesystem safety, network security, cookies, secrets management, memory safety, and logging. Apply when writing, reviewing, or auditing Go code for security, or when working on any risky code involving crypto, I/O, secrets management, user input handling, or authentication. Includes configuration of security tools.

samber
samber
testing-security
open
Previous
Page 41 / 105
Next