skills.homes logoskills.homescapability registry
home/categories/security
category focus

Security

Encryption, auth, and vulnerability scanning.

2506 스킬all categories
sorting
stars
current ordering strategy
query
all entries
refine the visible subset
security
411

security

OWASP security patterns, secrets management, security testing

alinaqi
alinaqi
testing-security
open
security
411

credentials

Centralized API key management from Access.txt

alinaqi
alinaqi
testing-security
open
security
305

http-mcp-headers

HTTP MCP Header Secret Support - Implementation Summary

githubnext
githubnext
testing-security
open
security
303

security-auditing

Comprehensive security vulnerability assessment and configuration review. Use when analyzing code for security flaws, reviewing dependencies for CVEs, auditing access controls, detecting secrets exposure, or validating compliance with security frameworks.

khaneliman
khaneliman
testing-security
open
security
300

ssrf

服务端请求伪造漏洞检测与利用。当目标存在 URL 参数、远程文件加载、Webhook、PDF 生成、URL 预览功能时使用。

yhy0
yhy0
testing-security
open
security
300

auth-bypass

认证绕过漏洞检测与利用。当目标存在登录功能、权限控制、JWT/Session 认证时使用。包括 IDOR、越权访问等。

yhy0
yhy0
testing-security
open
security
240

openssl-selfsigned-cert

This skill provides guidance for generating self-signed SSL/TLS certificates using OpenSSL. Use this skill when tasks involve creating private keys, self-signed certificates, certificate signing requests (CSRs), or combined PEM files. It covers verification strategies and common pitfalls in certificate generation workflows.

benchflow-ai
benchflow-ai
testing-security
open
security
240

ssl-certs

Manage SSL/TLS certificates and diagnose certificate issues. Use when the user says "cert expiring", "SSL error", "certificate problem", "renew certificate", "check certificate", "HTTPS not working", or asks about TLS/SSL.

benchflow-ai
benchflow-ai
testing-security
open
security
240

openssl

Expert guidance for OpenSSL operations including certificate generation, key management, CSR creation, certificate verification, encryption, and PKI operations. Use this when working with SSL/TLS certificates, cryptographic keys, or PKI infrastructure.

benchflow-ai
benchflow-ai
testing-security
open
security
240

local-ssl

Enable HTTPS for local development with trusted SSL certificates. Use when developers need to test SSL/TLS features, work with third-party APIs requiring HTTPS, or simulate production environments. Supports mkcert, OpenSSL, and automatic certificate trust configuration for macOS, Linux, and Windows.

benchflow-ai
benchflow-ai
testing-security
open
security
234

agentic-security-threat-modeling

Identify agentic AI security threats based on OWASP Top 10 for Agentic Applications 2026. Use when analyzing AI agents, LLM-powered applications, chatbots, auto-reply systems, tool-using AI, browser automation, sandbox execution, or any application that uses AI/LLM APIs (Anthropic, OpenAI, Claude, GPT) to process user input and take actions.

anshumanbh
anshumanbh
testing-security
open
security
234

authorization-testing

Validate authorization failures including IDOR, privilege escalation, and missing access controls. Test by attempting unauthorized access with lower-privileged credentials. Use when testing CWE-639 (IDOR), CWE-269 (Privilege Escalation), CWE-862 (Missing Authorization), CWE-863 (Incorrect Authorization), CWE-284 (Access Control), CWE-285 (Improper Authorization), or CWE-425 (Direct Request/Forced Browsing) findings.

anshumanbh
anshumanbh
testing-security
open
security
234

injection-testing

Validate injection vulnerabilities including SQL, NoSQL, OS Command, LDAP, XPath, SSTI, and XSS. Test by sending crafted payloads to user-controlled input fields and observing application behavior. Use when testing CWE-89 (SQL Injection), CWE-78 (OS Command Injection), CWE-79 (XSS), CWE-90 (LDAP Injection), CWE-917 (Expression Language Injection), CWE-94 (Code Injection), CWE-643 (XPath Injection), or related injection findings.

anshumanbh
anshumanbh
testing-security
open
security
178

gsd-plan-checker

Validates plans before execution to catch issues early

toonight
toonight
testing-security
open
security
166

azure-auth

Microsoft Entra ID (Azure AD) authentication for React SPAs with MSAL.js and Cloudflare Workers JWT validation using jose library. Full-stack pattern with Authorization Code Flow + PKCE. Use when: implementing Microsoft SSO, troubleshooting AADSTS50058 loops, AADSTS700084 refresh token errors, React Router redirects, or validating Entra ID tokens in Workers.

jezweb
jezweb
testing-security
open
security
166

oauth-integrations

Implement OAuth 2.0 authentication with GitHub and Microsoft Entra (Azure AD) in Cloudflare Workers and other edge environments. Covers provider-specific quirks, required headers, scope requirements, and token handling without MSAL. Use when: implementing GitHub OAuth, Microsoft/Azure AD authentication, handling OAuth callbacks, or troubleshooting 403 errors in OAuth flows.

jezweb
jezweb
testing-security
open
security
166

mcp-oauth-cloudflare

Add OAuth authentication to MCP servers on Cloudflare Workers. Uses @cloudflare/workers-oauth-provider with Google OAuth for Claude.ai-compatible authentication. Use when building MCP servers that need user authentication, implementing Dynamic Client Registration (DCR) for Claude.ai, or replacing static auth tokens with OAuth flows. Prevents CSRF vulnerabilities, state validation errors, and OAuth misconfiguration.

jezweb
jezweb
testing-security
open
security
165

convex-security-check

Quick security audit checklist covering authentication, function exposure, argument validation, row-level access control, and environment variable handling

waynesutton
waynesutton
testing-security
open
security
160

coding-conventions

Apply consistent security, performance, and accessibility standards across all recommendations. Use when reviewing code, designing features, or validating implementations. Cross-cutting skill for all agents.

rsmdt
rsmdt
testing-security
open
security
160

security-assessment

Vulnerability review, OWASP patterns, secure coding practices, and threat modeling approaches. Use when reviewing code security, designing secure systems, performing threat analysis, or validating security implementations.

rsmdt
rsmdt
testing-security
open
security
154

security-patterns

Security vulnerability detection patterns including OWASP Top 10, language-specific vulnerabilities, and remediation guidance. Load when reviewing code for security issues, conducting audits, or implementing authentication/authorization.

groupzer0
groupzer0
testing-security
open
security
134

security

Protect your SaaS app from common vulnerabilities. Use when building auth, handling user data, or deploying features. Covers authentication, data protection, API security, and OWASP Top 10 for non-technical founders using AI tools.

whawkinsiv
whawkinsiv
testing-security
open
security
124

security-testing

Test for security vulnerabilities using OWASP principles. Use when conducting security audits, testing auth, or implementing security practices.

proffesor-for-testing
proffesor-for-testing
testing-security
open
Previous
Page 53 / 105
Next