skills.homes logoskills.homescapability registry
home/categories/security
category focus

Security

Encryption, auth, and vulnerability scanning.

2506 स्किल्सall categories
sorting
stars
current ordering strategy
query
all entries
refine the visible subset
security
3.9K

ciso-assistant-bootstrap

Bootstrap CISO Assistant for new users by guiding them through initial setup. Use when: (1) User wants to set up CISO Assistant from scratch (2) User mentions "bootstrap", "initial setup", "getting started", or "onboarding" with CISO Assistant (3) User needs help creating their organizational structure, loading frameworks, or configuring risk assessments Covers: domains/folders, perimeters, industry-based framework selection, assets, risk assessment type (qualitative vs quantitative), third-party entities and solutions, and compliance vs risk focus.

intuitem
intuitem
testing-security
open
security
3.9K

sqlmap-database-penetration-testing

This skill should be used when the user asks to "automate SQL injection testing," "enumerate database structure," "extract database credentials using sqlmap," "dump tables and columns from a vulnerable database," or "perform automated database penetration testing." It provides comprehensive guidance for using SQLMap to detect and exploit SQL injection vulnerabilities.

zebbern
zebbern
testing-security
open
security
3.9K

cloud-penetration-testing

This skill should be used when the user asks to "perform cloud penetration testing", "assess Azure or AWS or GCP security", "enumerate cloud resources", "exploit cloud misconfigurations", "test O365 security", "extract secrets from cloud environments", or "audit cloud infrastructure". It provides comprehensive techniques for security assessment across major cloud platforms.

zebbern
zebbern
testing-security
open
security
3.9K

aws-penetration-testing

This skill should be used when the user asks to "pentest AWS", "test AWS security", "enumerate IAM", "exploit cloud infrastructure", "AWS privilege escalation", "S3 bucket testing", "metadata SSRF", "Lambda exploitation", or needs guidance on Amazon Web Services security assessment.

zebbern
zebbern
testing-security
open
security
3.9K

top-100-web-vulnerabilities-reference

This skill should be used when the user asks to "identify web application vulnerabilities", "explain common security flaws", "understand vulnerability categories", "learn about injection attacks", "review access control weaknesses", "analyze API security issues", "assess security misconfigurations", "understand client-side vulnerabilities", "examine mobile and IoT security flaws", or "reference the OWASP-aligned vulnerability taxonomy". Use this skill to provide comprehensive vulnerability definitions, root causes, impacts, and mitigation strategies across all major web security categories.

zebbern
zebbern
testing-security
open
security
3.9K

broken-authentication-testing

This skill should be used when the user asks to "test for broken authentication vulnerabilities", "assess session management security", "perform credential stuffing tests", "evaluate password policies", "test for session fixation", or "identify authentication bypass flaws". It provides comprehensive techniques for identifying authentication and session management weaknesses in web applications.

zebbern
zebbern
testing-security
open
security
3.9K

api-fuzzing-for-bug-bounty

This skill should be used when the user asks to "test API security", "fuzz APIs", "find IDOR vulnerabilities", "test REST API", "test GraphQL", "API penetration testing", "bug bounty API testing", or needs guidance on API security assessment techniques.

zebbern
zebbern
testing-security
open
security
3.9K

active-directory-attacks

This skill should be used when the user asks to "attack Active Directory", "exploit AD", "Kerberoasting", "DCSync", "pass-the-hash", "BloodHound enumeration", "Golden Ticket", "Silver Ticket", "AS-REP roasting", "NTLM relay", or needs guidance on Windows domain penetration testing.

zebbern
zebbern
testing-security
open
security
3.9K

smtp-penetration-testing

This skill should be used when the user asks to "perform SMTP penetration testing", "enumerate email users", "test for open mail relays", "grab SMTP banners", "brute force email credentials", or "assess mail server security". It provides comprehensive techniques for testing SMTP server security.

zebbern
zebbern
testing-security
open
security
3.9K

security-scanning-tools

This skill should be used when the user asks to "perform vulnerability scanning", "scan networks for open ports", "assess web application security", "scan wireless networks", "detect malware", "check cloud security", or "evaluate system compliance". It provides comprehensive guidance on security scanning tools and methodologies.

zebbern
zebbern
testing-security
open
security
3.9K

ssh-penetration-testing

This skill should be used when the user asks to "pentest SSH services", "enumerate SSH configurations", "brute force SSH credentials", "exploit SSH vulnerabilities", "perform SSH tunneling", or "audit SSH security". It provides comprehensive SSH penetration testing methodologies and techniques.

zebbern
zebbern
testing-security
open
security
3.7K

openclaw-vsr-bridge

Install vLLM Semantic Router in agent-safe mode, import supported OpenClaw model providers into canonical VSR config, and rewrite OpenClaw to target VSR.

vllm-project
vllm-project
testing-security
open
security
3.7K

harness-contract-change

Modifies the repository's agent contract including AGENTS.md, docs index, manifests, validation scripts, and contributor-facing harness wrappers. Use when updating agent documentation, changing repo manifests, editing validation scripts, modifying CI/workflow classification, or updating contributor-facing guides like README.md, CONTRIBUTING.md, or the PR template.

vllm-project
vllm-project
testing-security
open
security
3.7K

security

Security audit workflow - vulnerability scan → verification

parcadei
parcadei
testing-security
open
security
3.4K

owasp-asi

OWASP Top 10 for Agentic Applications 2026 (ASI) classification framework. Use for mapping security findings to standardized risk categories.

Tencent
Tencent
testing-security
open
security
3.4K

edgeone-clawscan

The first security skill to install after setting up OpenClaw — powered by Tencent Zhuque Lab. Works like an antivirus for your AI environment: audits installed skills, scans skills before installation, and performs a full OpenClaw security health check to prevent data leaks and privacy risks. Backed by Tencent Zhuque Lab A.I.G (AI-Infra-Guard). Use when the user asks to start a security health check or security scan for the current OpenClaw environment, such as `开始安全体检`, `做一次安全体检`, `开始安全扫描`, `全面安全检查`, or `检查 OpenClaw 安全`; also use when the user asks to audit a specific skill before installation, review installed skills for supply chain risk, or investigate whether a skill is safe. Do not trigger for general OpenClaw usage, project debugging, environment setup, or normal development requests. Optional cloud mode: set AIG_CLOUD_LOOKUP=off for zero outbound HTTPS; when enabled, only skill_name, source label, and OpenClaw version are sent to A.I.G (never skill bodies, chats, or workspace files).

Tencent
Tencent
testing-security
open
security
3.4K

edgeone-skill-scanner

Scan any agent skill for security risks before you install or use it. Powered by Tencent Zhuque Lab A.I.G (AI-Infra-Guard). 100% local static analysis — no file contents or credentials leave your device. Compatible with CodeBuddy, Cursor, Windsurf, Claude Code, OpenClaw and more. Triggers on: `这个 skill 安全吗`, `skill 安全扫描`, `检查 skill 安全`, `audit skill`, `scan skill`, `check skill safety`, `analyze skill`, `inspect skill`, `verify skill`, `skill security`, `skill supply chain`. Do NOT trigger for general agent usage, full system health checks, project debugging, or normal development.

Tencent
Tencent
testing-security
open
security
3.4K

auth-and-authorization-patterns

Use this skill when implementing authentication (login, token issuance) or authorization (access control, permissions). Apply whenever the task involves login flows, JWT, OAuth2, session management, or RBAC.

aiming-lab
aiming-lab
testing-security
open
security
3.4K

input-validation-and-sanitization

Use this skill when implementing any endpoint, form handler, CLI tool, or function that accepts external input. Validate and sanitize all untrusted data before processing — never assume input is safe.

aiming-lab
aiming-lab
testing-security
open
security
3.4K

secrets-management

Use this skill when handling API keys, passwords, tokens, private keys, or any sensitive credential. Never hardcode secrets in source code — apply this whenever the word "key", "token", "password", or "secret" appears in the task.

aiming-lab
aiming-lab
testing-security
open
security
3.4K

secure-code-review

Use this skill when reviewing or writing code that handles user input, authentication, file I/O, network requests, or database queries. Always check for common security vulnerabilities before considering the code complete.

aiming-lab
aiming-lab
testing-security
open
Previous
Page 28 / 105
Next