security
32
security-audit
Security best practices including CSP, XSS prevention, input validation, and secrets management. Use when reviewing security or hardening applications.
lovedragonball
testing-security
sorting
stars
current ordering strategy
query
all entries
refine the visible subset
security
31
oauth2-authentication
Comprehensive OAuth2 authentication skill covering authorization flows, token management, PKCE, OpenID Connect, and security best practices for modern authentication systems
manutej
testing-security
security
31
fix-code-vulnerability
Guidance for identifying and fixing security vulnerabilities in code. This skill should be used when tasks involve fixing CWE-classified vulnerabilities, addressing security flaws, patching injection vulnerabilities, or responding to security-related test failures.
letta-ai
testing-security
security
31
openssl-selfsigned-cert
Guides the creation of self-signed SSL/TLS certificates using OpenSSL, including key generation, certificate creation, combined PEM files, and verification scripts. This skill should be used when tasks involve generating self-signed certificates, creating SSL certificate infrastructure, or writing certificate verification scripts.
letta-ai
testing-security
security
31
fix-code-vulnerability
Guidance for identifying and fixing security vulnerabilities in code. This skill should be used when asked to fix security issues, address CVEs or CWEs, remediate vulnerabilities like injection attacks (SQL, command, CRLF, XSS), or when working with failing security-related tests.
letta-ai
testing-security
security
31
openssl-selfsigned-cert
This skill provides guidance for generating self-signed SSL/TLS certificates using OpenSSL. Use this skill when tasks involve creating private keys, self-signed certificates, certificate signing requests (CSRs), or combined PEM files. It covers verification strategies and common pitfalls in certificate generation workflows.
letta-ai
testing-security
security
29
enforce-business-rules
Validates code against the project's critical business logic (Multi-tenancy, RBAC, IDOR, SaaS Limits).
iurygdeoliveira
testing-security
security
27
security-audit-and-vulnerability-scanning
Comprehensive security audit workflow including dependency scanning, unsafe code detection, and secret management. Use when scanning for vulnerabilities or before production deployment.
ShunsukeHayashi
testing-security
security
27
security-compliance
Implement security scanning, vulnerability detection, and compliance checks. Use when working with security audits, dependency vulnerabilities, secret detection, CodeQL scanning, SAST/DAST tools, or security best practices. Handles threat modeling and security hardening.
RicherTunes
testing-security
security
27
security-patterns
brainbaseのセキュリティパターン(XSS Prevention、CSRF Protection、Input Validation)への準拠をチェックし、脆弱性を検出して修正提案する3 Phase Orchestrator Skill。
Unson-LLC
testing-security
security
26
rate-limiting
API rate limiting with token bucket, sliding window, and Redis distributed patterns. Use when implementing rate limits, throttling requests, handling 429 Too Many Requests, protecting against API abuse, or configuring SlowAPI with Redis.
yonatangross
testing-security
security
26
auth-patterns
Authentication and authorization patterns. Use when implementing login flows, JWT tokens, session management, password security, OAuth 2.1, Passkeys/WebAuthn, or role-based access control.
yonatangross
testing-security
security
26
input-validation
Input validation and sanitization patterns. Use when validating user input, preventing injection attacks, implementing allowlists, or sanitizing HTML/SQL/command inputs.
yonatangross
testing-security
security
26
api-authentication
API authentication patterns including JWT, OAuth 2.0, API keys, and session-based auth. Covers token generation, validation, refresh strategies, security best practices, and when to use each pattern. Use when implementing API authentication, choosing auth strategy, securing endpoints, or debugging auth issues. Prevents common vulnerabilities like token theft, replay attacks, and insecure storage.
applied-artificial-intelligence
testing-security
security
26
owasp-top-10
OWASP Top 10 security vulnerabilities and mitigations. Use when conducting security audits, implementing security controls, or reviewing code for common vulnerabilities.
yonatangross
testing-security
security
26
error-handling-rfc9457
RFC 9457 Problem Details for standardized HTTP API error responses. Use when implementing problem details format, structured API errors, error registries, or migrating from RFC 7807.
yonatangross
testing-security
security
25
mobile-auth
Better Auth integration with Expo/React Native. Use when working on mobile authentication, session management, or debugging auth issues in the mobile app. Triggers on "mobile auth", "expo auth", "better-auth expo", "session provider", "SecureStore", or when editing apps/frontend/mobile auth files.
Nikola-Milovic
testing-security
security
25
secrets-scanner
Scan codebase for secrets, API keys, credentials, and PII. Detect hardcoded sensitive data. Use when auditing for secrets, checking for exposed keys, reviewing security, or scanning for PII.
jamesjlundin
testing-security
security
24
penetration-tester
Expert penetration tester specializing in ethical hacking, vulnerability assessment, and security testing. Masters offensive security techniques, exploit development, and comprehensive security assessments with focus on identifying and validating security weaknesses.
zenobi-us
testing-security
security
24
software-security-appsec
Modern application security patterns aligned with OWASP Top 10 (2021) and OWASP Top 10:2025 Release Candidate, OWASP API Security Top 10 (2023), NIST SSDF, zero trust, supply chain security, authentication, authorization, input validation, and cryptography.
vasilyu1983
testing-security
security
23
permissions
Use when implementing authorization, access control, RBAC, role-based permissions, guards, policies, row-level security, guest access, or protecting API endpoints. Covers Guard system, roles, permissions, policies, and data filtering.
cameronapak
testing-security
security
23
security
Security Engineer and application security expert. Performs threat modeling, security architecture review, penetration testing, vulnerability assessment, and security compliance. Handles OWASP Top 10, authentication security, authorization, encryption, secrets management, HTTPS/TLS, CORS, CSRF, XSS, SQL injection prevention, secure coding practices, security audits, and compliance (GDPR, HIPAA, PCI-DSS, SOC 2). Activates for security, security review, threat model, vulnerability, penetration testing, pen test, OWASP, authentication security, authorization, encryption, secrets, HTTPS, TLS, SSL, CORS, CSRF, XSS, SQL injection, secure coding, security audit, compliance, GDPR, HIPAA, PCI-DSS, SOC 2, security architecture, secrets management, rate limiting, brute force protection, session security, token security, JWT security, is this secure, security check, review security, find vulnerabilities, security scan, security test, hack proof, prevent hacking, protect from attacks, DDoS protection, bot protection, WAF,
anton-abyzov
testing-security
security
23
security-scan
Scan code for OWASP vulnerabilities and security issues. Use for security-sensitive implementations.
vneseyoungster
testing-security
security
23
auth
Use when implementing authentication in Bknd, configuring auth strategies (password, OAuth, email OTP), managing sessions with JWT/cookies, creating users, and protecting endpoints. Covers auth module configuration, user management, and security best practices.
cameronapak
testing-security