skills.homes logoskills.homescapability registry
home/categories/security
category focus

Security

Encryption, auth, and vulnerability scanning.

2506 스킬all categories
sorting
stars
current ordering strategy
query
all entries
refine the visible subset
security
5

security-checklist

Comprehensive security checklist covering OWASP Top 10, SQL injection, XSS, CSRF, authentication, authorization, secrets management, input validation, and security headers. Use when scanning for vulnerabilities, reviewing security, implementing authentication/authorization, or handling sensitive data.

webdevtodayjason
webdevtodayjason
testing-security
open
security
5

session-init

Create protocol-compliant JSON session logs with verification-based enforcement. Autonomous operation with auto-incremented session numbers and objective derivation from git state. Use when starting any new session.

rjmurillo
rjmurillo
testing-security
open
security
5

openssl

Generate secure random strings, passwords, and cryptographic tokens using OpenSSL. Use when creating passwords, API keys, secrets, or any secure random data.

clawdbot
clawdbot
testing-security
open
security
5

mcp-setup

Use when setting up MCP servers for the first time or verifying MCP configuration. Ensures token-efficient and context-graph MCP servers are properly installed and configured with API keys.

ingpoc
ingpoc
testing-security
open
security
5

code-security

Security guidelines for writing secure code. Use when writing code, reviewing code for vulnerabilities, or asking about secure coding practices like "check for SQL injection" or "review security".

semgrep
semgrep
testing-security
open
security
5

security-essentials

Security best practices, OWASP compliance, authentication patterns, and vulnerability prevention

Primadetaautomation
Primadetaautomation
testing-security
open
security
5

postgres-rls

MANDATORY when touching auth tables, tenant isolation, RLS policies, or multi-tenant database code - enforces Row Level Security best practices and catches common bypass vulnerabilities

troykelly
troykelly
testing-security
open
security
5

arch-security-review

Use when reviewing code for security vulnerabilities, implementing authorization, or ensuring data protection.

CongDon1207
CongDon1207
testing-security
open
security
5

api-credentials-hygiene

Audits and hardens API credential handling (env vars, separation, rotation plan, least privilege, auditability). Use when integrating services or preparing production deployments where secrets must be managed safely.

clawdbot
clawdbot
testing-security
open
security
5

security-review

MANDATORY for security-sensitive code changes - OWASP-based security review with dedicated checklist, required before PR for auth, input handling, API, database, or credential code

troykelly
troykelly
testing-security
open
security
5

pentest

Execute comprehensive penetration testing engagements following industry-standard methodologies including reconnaissance, vulnerability analysis, exploitation, privilege escalation, and professional reporting.

transilienceai
transilienceai
testing-security
open
security
4

permission-patterns

Rules for evaluating, classifying, and deduplicating AI tool permissions

JacobPEvans
JacobPEvans
testing-security
open
security
4

swagger-ui

Swagger UI を用いた OpenAPI ドキュメントの公開・統合を支援するスキル。静的HTML/React/Next.js/サーバー埋め込みの構成を整理し、安全なAPI Explorerを構築する。 Anchors: • OpenAPI Specification / 適用: API仕様互換 / 目的: 定義の一貫性確保 • Swagger UI Documentation / 適用: UI構成 / 目的: 設定項目の正確な適用 • OWASP ASVS / 適用: 公開・認証設計 / 目的: セキュリティ要件の確認 Trigger: Use when embedding or publishing Swagger UI, configuring OpenAPI docs, or securing API explorer access. swagger ui, openapi docs, api explorer, swagger config, authentication

daishiman
daishiman
testing-security
open
security
4

rate-limiting

API rate limiting and quota management implementation. Use when implementing request throttling, API quotas, backpressure handling, or protection against abuse. Keywords: rate limiting, throttling, token bucket, sliding window, leaky bucket, quota, Redis, backpressure, API limits, DDoS protection.

cosmix
cosmix
testing-security
open
security
4

secrets-management-gha

GitHub Actionsワークフローでの安全な秘密情報管理を実現する。 リポジトリ/環境/組織/Dependabotの4種類のシークレット使い分け、OIDCによるクラウド認証、ローテーション、監査を包括的に提供する。 Anchors: • Web Application Security (Andrew Hoffman) / 適用: 脅威モデリング・セキュア設計 / 目的: シークレット管理戦略の基盤 • GitHub Actions Secrets API / 適用: シークレット設定・アクセス制御 / 目的: 各タイプの正確な使い分け • OpenID Connect (OIDC) Specification / 適用: クラウドプロバイダー認証 / 目的: 長期認証情報の排除 Trigger: Use when configuring GitHub Actions secrets, implementing cloud OIDC authentication, rotating secrets, or auditing secret access patterns. GitHub secrets, OIDC, secret rotation, environment secrets, organization secrets, cloud authentication

daishiman
daishiman
testing-security
open
security
4

cryptographic-practices

暗号化・ハッシュ・CSPRNG・鍵管理の実装を安全に進めるためのスキル。 要件整理から設計、実装、監査までの一連フローを提供する。 Anchors: • Applied Cryptography / 適用: アルゴリズム選定と強度判断 / 目的: 標準準拠の基礎固め • Web Application Security / 適用: 脅威モデリング / 目的: 実装リスクの明確化 • NIST SP 800-57 / 適用: 鍵管理 / 目的: ライフサイクル設計 Trigger: Use when implementing cryptographic functions, selecting algorithms, generating secure random values, managing encryption keys, or auditing crypto implementations. cryptographic practices, crypto implementation, key management, csprng, algorithm selection

daishiman
daishiman
testing-security
open
security
4

auditing-context

Auto-load active audit context when working with audited code. Use when user is working on code that has an active audit session, discussing audit findings, or making changes related to a runtime audit. Silently loads audit session data to inform responses.

schuettc
schuettc
testing-security
open
security
4

auth

Authentication patterns - sign-in, SSO, passkeys, sessions. Use when implementing auth flows.

SylphxAI
SylphxAI
testing-security
open
security
4

agentuity-cli-auth-org-select

Set the default organization for all commands. Requires authentication. Use for managing authentication credentials

agentuity
agentuity
testing-security
open
security
4

code-static-analysis-security

静的解析によるセキュリティ脆弱性検出を整理し、SAST運用と検出ルールの設計を支援するスキル。 SQLインジェクション、XSS、コマンドインジェクションなどの検出と改善方針を扱う。 Anchors: • Web Application Security (Andrew Hoffman) / 適用: 脅威分析と検出観点 / 目的: 脆弱性検出の精度向上 • OWASP ASVS / 適用: 検出基準の整理 / 目的: セキュリティ要件の明文化 • Secure by Design (OWASP) / 適用: 改善方針 / 目的: 安全な設計判断 Trigger: Use when running SAST, defining detection rules, auditing injection vulnerabilities, or documenting static analysis findings. static analysis, SAST, SQL injection, XSS, command injection, security review

daishiman
daishiman
testing-security
open
security
4

account-security

Account security - MFA, sessions, recovery. Use when protecting user accounts.

SylphxAI
SylphxAI
testing-security
open
Previous
Page 67 / 105
Next