security
70
security-react
React Security. Use when reviewing security, implementing auth, or hardening code.
TheBeardedBearSAS
testing-security
sorting
stars
current ordering strategy
query
all entries
refine the visible subset
security
60
aws-sdk-java-v2-secrets-manager
AWS Secrets Manager patterns using AWS SDK for Java 2.x. Use when storing/retrieving secrets (passwords, API keys, tokens), rotating secrets automatically, managing database credentials, or integrating secret management into Spring Boot applications.
giuseppe-trisciuoglio
testing-security
security
60
spring-boot-security-jwt
JWT authentication and authorization patterns for Spring Boot 3.5.x covering token generation with JJWT, Bearer/cookie authentication, database/OAuth2 integration, and RBAC/permission-based access control using Spring Security 6.x.
giuseppe-trisciuoglio
testing-security
security
60
unit-test-security-authorization
Unit tests for Spring Security with @PreAuthorize, @Secured, @RolesAllowed. Test role-based access control and authorization policies. Use when validating security configurations and access control logic.
giuseppe-trisciuoglio
testing-security
security
59
gitlab-ci-variables-secrets
Use when configuring GitLab CI/CD variables, managing secrets, or integrating with external secret providers. Covers secure credential handling.
TheBushidoCollective
testing-security
security
59
fnox-security-best-practices
Use when implementing secure secrets management with Fnox. Covers encryption, key management, access control, and security hardening.
TheBushidoCollective
testing-security
security
59
sip-authentication-security
Use when implementing SIP authentication, security mechanisms, and encryption. Use when securing SIP servers, clients, or proxies.
TheBushidoCollective
testing-security
security
59
php-security-patterns
Use when essential PHP security patterns including input validation, SQL injection prevention, XSS protection, CSRF tokens, password hashing, secure session management, and defense-in-depth strategies for building secure PHP applications.
TheBushidoCollective
testing-security
security
59
fnox-providers
Use when configuring Fnox providers for encryption and secret storage. Covers age encryption, cloud providers (AWS, Azure, GCP), and password managers.
TheBushidoCollective
testing-security
security
58
ops-security-audit
Structured workflow for infrastructure security audits including compliance validation, vulnerability assessment, and security posture review.
LerianStudio
testing-security
security
55
sentinel-ai-security
AI Security Platform with 97 detection engines for protecting LLMs, AI agents, and multimodal systems. Detects prompt injection, jailbreaks, DAN attacks, and more. Includes Strike red team platform with 39,000+ attack payloads. Uses advanced mathematics including Topological Data Analysis, Sheaf Theory, and Hyperbolic Geometry. Production-ready with <10ms latency.
DmitrL-dev
testing-security
security
55
discover-cryptography
Automatically discover cryptography skills when working with encryption, TLS, certificates, PKI, and security
rand
testing-security
security
51
plutonium-portal
Plutonium portals - web interfaces with authentication, entity scoping, and routes
radioactive-labs
testing-security
security
51
plutonium-rodauth
Plutonium Rodauth integration - authentication setup, account types, and configuration
radioactive-labs
testing-security
security
51
dojo-world
Manage world permissions, namespaces, resource registration, and access control. Use when configuring world ownership, setting up authorization policies, or managing resource permissions.
dojoengine
testing-security
security
49
owasp-security
Implement secure coding practices following OWASP Top 10. Use when preventing security vulnerabilities, implementing authentication, securing APIs, or conducting security reviews. Triggers on OWASP, security, XSS, SQL injection, CSRF, authentication security, secure coding, vulnerability.
hoodini
testing-security
security
49
security-auditor
Continuous security vulnerability scanning for OWASP Top 10, common vulnerabilities, and insecure patterns. Use when reviewing code, before deployments, or on file changes. Scans for SQL injection, XSS, secrets exposure, auth issues. Triggers on file changes, security mentions, deployment prep.
jason0x43
testing-security
security
48
openlark-validation-style
OpenLark Rust SDK 的 feature-crate 参数校验规范(必填校验)。当需要统一/评审 `validate()` 写法,或用户询问 `openlark_core::validate_required`(函数)与 `openlark_core::validate_required!`(宏)的区别、是否需要宏、空白字符串处理等问题时使用。
foxzool
testing-security
security
46
security-ai-keys
Review AI API key leakage patterns and redaction strategies. Use for identifying exposed keys for OpenAI, Anthropic, Gemini, and 10+ other providers. Use proactively when code integrates AI providers or when environment variables/keys are present. Examples: - user: "Check for leaked OpenAI keys" → scan for `sk-` patterns and client-side exposure - user: "Is my Gemini integration secure?" → audit vertex AI config and key redaction - user: "Review AI provider logging" → ensure secrets are redacted from logs - user: "Scan for Anthropic secrets" → check for `ant-` keys in code and configs - user: "Audit Vertex AI integration" → verify proper IAM roles and service account usage
IgorWarzocha
testing-security
security
46
security-convex
Review Convex security audit patterns for authentication and authorization. Use for auditing query/mutation auth, row-level security, and validators. Use proactively when reviewing Convex apps (convex/ directory present). Examples: - user: "Audit these Convex mutations" → check for missing ctx.auth and input validators - user: "Check for IDOR in Convex queries" → verify ownership checks on document access - user: "Review Convex HTTP actions" → check for signature verification on webhooks - user: "Secure these Convex queries" → implement custom functions for enforced auth - user: "Check for data leaks in subscriptions" → verify filtered result sets
IgorWarzocha
testing-security
security
46
convex-auth
Implement Convex authentication and authorization patterns with OIDC providers or Convex Auth. Use for auth provider setup, ctx.auth usage, user identity handling, and auth-aware schema patterns. Use proactively when users mention auth, JWT, Clerk/Auth0/WorkOS, or Convex Auth. Examples: - user: "Add auth to Convex" → choose provider and outline setup - user: "Get current user" → use ctx.auth.getUserIdentity and checks - user: "Service-to-service access" → use shared secret pattern
IgorWarzocha
testing-security
security
46
security-fastapi
Review FastAPI security audit patterns for dependencies and middleware. Use for auditing auth dependencies, CORS configuration, and TrustedHost middleware. Use proactively when reviewing FastAPI apps. Examples: - user: "Audit FastAPI route security" → check for Depends() and Security() usage - user: "Check FastAPI CORS setup" → verify origins when allow_credentials=True - user: "Review FastAPI middleware" → check TrustedHost and HTTPSRedirect config - user: "Secure FastAPI API keys" → move from query params to header schemes - user: "Scan for FastAPI footguns" → check starlette integration and dependency order
IgorWarzocha
testing-security
security
46
security-django
Review Django security audit patterns for settings and middleware. Use for auditing SECRET_KEY, DEBUG, CSRF, and auth decorators. Use proactively when reviewing Django apps (settings.py or manage.py present). Examples: - user: "Audit my Django settings.py" → check SECRET_KEY, DEBUG, and ALLOWED_HOSTS - user: "Check Django views for auth" → verify @login_required and permission classes - user: "Review Django CSRF config" → check middleware and @csrf_exempt usage - user: "Scan for SQL injection in Django" → find raw SQL usage instead of ORM - user: "Audit Django REST framework config" → check default permissions and auth
IgorWarzocha
testing-security
security
44
ln-773-cors-configurator
Configures CORS policy for development and production
levnikolaevich
testing-security