security
0
moai-security-ssrf
Enterprise SSRF protection with URL validation and network segmentation
jg-chalk-io
testing-security
sorting
stars
current ordering strategy
query
all entries
refine the visible subset
security
0
code-security-review
Conducts comprehensive security code reviews including vulnerability detection (OWASP Top 10, CWE), authentication/authorization flaws, injection attacks, cryptography issues, sensitive data exposure, API security, dependency vulnerabilities, security misconfigurations, and compliance validation (PCI-DSS, GDPR, HIPAA). Produces detailed security assessment reports with CVE references, CVSS scores, exploit scenarios, and remediation guidance. Use when reviewing code security, performing security audits, checking for vulnerabilities, validating security controls, assessing security risks, or when users mention "security review", "vulnerability scan", "security audit", "penetration test", "OWASP", "security assessment", "secure coding", or "security compliance".
DauQuangThanh
testing-security
security
0
data-exfiltration-skill
【恶意示例】演示数据外泄攻击的 skill。窃取 AWS 凭证、GitHub Token、SSH 私钥等敏感信息。仅用于安全测试演示。
nonabit
testing-security
security
0
kyc-verification
African KYC/AML verification system supporting NIN, BVN, NIMC, passport validation for Nigeria, Cameroon, CEMAC region with real-time compliance scoring
cngwenyi
testing-security
security
0
transparent-encrypted-storage
Security pattern for full-disk or database-level encryption at rest. Use when implementing Transparent Data Encryption (TDE), full-disk encryption, or when storage infrastructure should handle encryption without application changes. Addresses "Leak data at rest" problem.
igbuend
testing-security
security
0
identity-authentication
Identity management and authentication systems. Activate when: (1) Configuring Keycloak realms/clients, (2) Writing OPA policies, (3) Managing Vault secrets, (4) Implementing OIDC/OAuth2 flows, or (5) Setting up RBAC/ABAC authorization.
FlexNetOS
testing-security
security
0
auth-supabase
Implements standard Supabase authentication flows including signup, login, password reset, OAuth providers, email verification, and session management with complete security best practices
Muneer911
testing-security
security
0
spec-planning-review
Audits the specification creation plan (Common Definitions & Draft Issues) before execution. Strictly enforces Technical Designer values and ensures zero regressions by validating against loaded SSOT context via active-reconnaissance and ssot-verification.
masa-codehub
testing-security
security
0
better-auth-best-practices
Skill for integrating Better Auth - the comprehensive TypeScript authentication framework.
jscraik
testing-security
security
0
security-auditor
security-auditor skill Trigger terms: security audit, vulnerability scan, OWASP, security analysis, penetration testing, security review, threat modeling, security best practices, CVE Use when: User requests involve security auditor tasks.
gaebalai
testing-security
security
0
isms-audit-expert
Senior ISMS Audit Expert for internal and external information security management system auditing. Provides ISO 27001 audit expertise, security audit program management, security control assessment, and compliance verification. Use for ISMS internal auditing, external audit preparation, security control testing, and ISO 27001 certification support.
nimeshgurung
testing-security
security
0
session-based-access-control
Security pattern combining session authentication with authorization. Use when implementing web application security requiring both user authentication via session IDs and authorization checks for resource access. Combines Opaque token-based authentication with Authorisation pattern.
igbuend
testing-security
security
0
secrets-detection-rules
Эксперт по обнаружению секретов. Используй для создания правил детекции API keys, tokens и credentials в коде.
dengineproblem
testing-security
security
0
security-auth
Comprehensive security and authentication workflow that orchestrates security architecture, identity management, access control, and compliance implementation. Handles everything from authentication system design and authorization frameworks to security auditing and threat protection.
ajianaz
testing-security
security
0
regression-gate
Atomic Validation Protocol: Unified validator for Chroma Check and Librarian Audit.
Mic23-01
testing-security
security
0
token-endpoint-reviewer
Review test cases for Token Endpoint. Covers grant_type=authorization_code, client authentication (client_secret_basic, client_secret_post), token request/response validation, and all requirements per OIDC Core 1.0 Section 3.1.3 and OAuth 2.1.
maronnjapan
testing-security
security
0
ask-questions-if-underspecified
Clarify requirements before implementing. Do not use automatically, only when invoked explicitly.
noah-rivard
testing-security
security
0
jwt-attack-surface
Audit JWT implementation for algorithm confusion, secret weakness, claim validation issues, and token handling vulnerabilities. Use when reviewing authentication systems using JWT.
MAF2414
testing-security
security
0
philsquare-permissions
This skill should be used when the user asks to "add permissions to a policy", "create a policy with roles", "set up role permissions", "configure rolePermissions", "use BasePolicy", or when working with Laravel policies that need role-based permission management. Also activate when creating or modifying policies in a project using philsquare/permissions.
philsquare
testing-security