home/categories/testing-security

domain cluster

Testing & Security

QA, penetration testing, and code quality.

9326 اسکلزall categories

sorting

stars

current ordering strategy

query

all entries

refine the visible subset

code-quality

creating-claude-rules

Use when creating or fixing .claude/rules/ files - provides correct paths frontmatter (not globs), glob patterns, and avoids Cursor-specific fields like alwaysApply

aiskillstore

testing-security

open

code-quality

line-limit

Enforce file line count limits (200 recommended, 300 max) for CODE IMPLEMENTATION files only. Use this when reviewing code, creating files, or when files exceed line limits and need modularization.

aiskillstore

testing-security

open

code-quality

This skill should be used when verifying documentation claims against codebase reality. Triggers on "audit docs", "verify documentation", "check docs", "docs accurate", "documentation drift", "before release", "after refactor", "docs don't match". Uses two-pass extraction with pattern expansion for comprehensive detection.

aiskillstore

testing-security

open

code-quality

dead-code-detector

Identify unused code, imports, variables, and functions for safe removal.

aiskillstore

testing-security

open

code-quality

code-conventions

Guide for code conventions and formatting

aiskillstore

testing-security

open

code-quality

html-structure-validate

Validate HTML5 structure and basic syntax. BLOCKING quality gate - stops pipeline if validation fails. Ensures deterministic output quality.

aiskillstore

testing-security

open

code-quality

configuration-validator

Validates environment variables, config files, and ensures all required settings are documented. Use when working with .env files, configs, or deployment settings.

aiskillstore

testing-security

open

security

global-validation

Implement comprehensive server-side validation with allowlists, type checking, input sanitization, and consistent error messages, while using client-side validation for user experience. Use this skill when validating user input, form data, API requests, implementing security checks, preventing injection attacks, checking data types/formats/ranges, or providing validation feedback. Apply when working with form validation, API endpoint validation, input sanitization, business rule enforcement, or any code that accepts and validates external data to ensure security, data integrity, and proper user feedback across all entry points.

aiskillstore

testing-security

open

security

api-spectral

API specification linting and security validation using Stoplight's Spectral with support for OpenAPI, AsyncAPI, and Arazzo specifications. Validates API definitions against security best practices, OWASP API Security Top 10, and custom organizational standards. Use when: (1) Validating OpenAPI/AsyncAPI specifications for security issues and design flaws, (2) Enforcing API design standards and governance policies across API portfolios, (3) Creating custom security rules for API specifications in CI/CD pipelines, (4) Detecting authentication, authorization, and data exposure issues in API definitions, (5) Ensuring API specifications comply with organizational security standards and regulatory requirements.

aiskillstore

testing-security

open

security

epistemic-checkpoint

Force verification before answering questions involving versions, dates, status, or "current" state. Prevents hallucinations at the REASONING level by checking assertions.yaml and WebSearch before forming beliefs. Triggers on software versions, release status, dates, and package versions.

aiskillstore

testing-security

open

security

dast-zap

Dynamic application security testing (DAST) using OWASP ZAP (Zed Attack Proxy) with passive and active scanning, API testing, and OWASP Top 10 vulnerability detection. Use when: (1) Performing runtime security testing of web applications and APIs, (2) Detecting vulnerabilities like XSS, SQL injection, and authentication flaws in deployed applications, (3) Automating security scans in CI/CD pipelines with Docker containers, (4) Conducting authenticated testing with session management, (5) Generating security reports with OWASP and CWE mappings for compliance.

aiskillstore

testing-security

open

security

security-audit

Security review or audit of code, architecture, or infrastructure - Threat modeling sessions - Reviewing PRs for security implications

aiskillstore

testing-security

open

security

1password-credential-lookup

This skill should be used when agents need to log into websites, retrieve passwords, or access credentials. CRITICAL - always use find_credential with the website URL, never guess item names.

aiskillstore

testing-security

open

security

auth-integration

Use when implementing authentication - login/signup forms, session management, protected routes, or role-based access control. NOT when non-auth UI, plain data fetching, or unrelated backend logic. Triggers: "login page", "signup form", "auth setup", "protected route", "role-based access", "Better Auth", "NextAuth".

aiskillstore

testing-security

open

security

security-engineering

Security architecture and implementation patterns. Use when designing security controls, implementing authentication/authorization, conducting threat modeling, or ensuring compliance with security frameworks.

aiskillstore

testing-security

open

security

security-checklist

Use this skill when implementing security measures or conducting security audits. Provides OWASP Top 10 mitigations, authentication patterns, input validation strategies, and compliance guidelines. Ensures applications are secure against common vulnerabilities.

aiskillstore

testing-security

open

security

vibe-security

Security intelligence for code analysis. Detects SQL injection, XSS, CSRF, authentication issues, crypto failures, and more. Actions: scan, analyze, fix, audit, check, review, secure, validate, sanitize, protect. Languages: JavaScript, TypeScript, Python, PHP, Java, Go, Ruby. Frameworks: Express, Django, Flask, Laravel, Spring, Rails. Vulnerabilities: SQL injection, XSS, CSRF, authentication bypass, authorization issues, command injection, path traversal, insecure deserialization, weak crypto, sensitive data exposure. Topics: input validation, output encoding, parameterized queries, password hashing, session management, CORS, CSP, security headers, rate limiting, dependency scanning.

aiskillstore

testing-security

open

security

api-mitmproxy

Interactive HTTPS proxy for API security testing with traffic interception, modification, and replay capabilities. Supports HTTP/1, HTTP/2, HTTP/3, WebSockets, and TLS-protected protocols. Includes Python scripting API for automation and multiple interfaces (console, web, CLI). Use when: (1) Intercepting and analyzing API traffic for security testing, (2) Modifying HTTP/HTTPS requests and responses to test API behavior, (3) Recording and replaying API traffic for testing, (4) Debugging mobile app or thick client API communications, (5) Automating API security tests with Python scripts, (6) Exporting traffic in HAR format for analysis.

aiskillstore

testing-security

open

security

firebase-development-validate

This skill should be used when reviewing Firebase code against security model and best practices. Triggers on "review firebase", "check firebase", "validate", "audit firebase", "security review", "look at firebase code". Validates configuration, rules, architecture, and security.

aiskillstore

testing-security

open

security

aws-sso-login

Authenticate to AWS using Single Sign-On (SSO). Use when AWS CLI operations require SSO authentication or when SSO session has expired.

aiskillstore

testing-security

open

security

security-analyzer

Comprehensive security vulnerability analysis for codebases and infrastructure. Scans dependencies (npm, pip, gem, go, cargo), containers (Docker, Kubernetes), cloud IaC (Terraform, CloudFormation), and detects secrets exposure. Fetches live CVE data from OSV.dev, calculates risk scores, and generates phased remediation plans with TDD validation tests. Use when users mention security scan, vulnerability, CVE, exploit, security audit, penetration test, OWASP, hardening, dependency audit, container security, or want to improve security posture.

aiskillstore

testing-security

open

security

security-guardian

Expert en sécurité applicative pour détecter les vulnérabilités, auditer le code, et guider les bonnes pratiques de sécurité. OWASP Top 10, authentification, autorisation, cryptographie, gestion de secrets. Utiliser pour audits sécurité, reviews de code sensible, conception de features sécurisées, ou résolution de failles.

aiskillstore

testing-security

open

security

security-sentinel

Use when working with authentication, API routes, user input, or sensitive data. Audits code for security vulnerabilities based on OWASP Top 10. Critical for payment processing, auth systems, and data handling.

aiskillstore

testing-security

open

security

sast-bandit

Python security vulnerability detection using Bandit SAST with CWE and OWASP mapping. Use when: (1) Scanning Python code for security vulnerabilities and anti-patterns, (2) Identifying hardcoded secrets, SQL injection, command injection, and insecure APIs, (3) Generating security reports with severity classifications for CI/CD pipelines, (4) Providing remediation guidance with security framework references, (5) Enforcing Python security best practices in development workflows.

aiskillstore

testing-security

open

Page 160 / 389