🔒Security Operations Skills
Browse skills in the Security Operations category.
Cloudflare Turnstile
A powerful skill for Claude agents.
Red Team Tactics
A powerful skill for Claude agents.
Firebase Apk Scanner
A powerful skill for Claude agents.
Vulnerability Scanner
A powerful skill for Claude agents.
Burpsuite Project Parser
A powerful skill for Claude agents.
Semgrep Rule Creator
A powerful skill for Claude agents.
penetration-testing
Comprehensive penetration testing workflow using Kali Linux tools via MCP. Guides agents through reconnaissance, vulnerability assessment, exploitation, privilege escalation, and reporting. Use when conducting security assessments, CTF challenges, vulnerability testing, or red team exercises.
dependencies
Multi-ecosystem dependency analysis tools. Provides structured data for vulnerability scanningand version checking. The AI applies intelligence to create rich reports - scripts are data providers only.Supports Maven projects (pom.xml), with Python and Node.js support planned.
security-scan
Scan for security vulnerabilities in dependencies, code patterns, and secrets. Detects tech stack automatically and runs appropriate tools.
azure-osdu
Queries OSDU users and entitlements via the OSDU Entitlements API. Use when listing OSDU users, checking roles (Viewer, Editor, Admin, Ops), resolving GUIDs to names, or troubleshooting OSDU access.
1password-secrets
Secure secret management with 1Password CLI: detect secrets, generate templates, inject secrets, and audit compliance.
vibe-auditor
Security auditor for vibe-coded projects. Automatically triggered when working with security-sensitive files or detecting risky code patterns.
security-checker
Validates that no secrets or sensitive data are being committed to the repository
security-auditor
Scan for OWASP Top 10 vulnerabilities and security best practices. Checks for SQL injection, XSS, authentication issues, sensitive data exposure, and other common security risks.
security-hardener
Implement security headers, input validation, and CSRF protection. Use when hardening security, reviewing for vulnerabilities, or before releases.
security-hardening
OWASP Top 10に準拠したセキュアなコード実装を支援。入力検証、認証・認可、セキュアなエラーハンドリング、SQL/XSS/CSRF対策などのセキュリティ強化を実施。「セキュリティチェック」「脆弱性スキャン」「OWASP準拠」などの指示で起動。
security-scanner
Scan code and infrastructure for security vulnerabilities and compliance issues
security
Expert security architect providing comprehensive security guidance, architecture assessments, threat modeling, and compliance verification. Follows OWASP, NIS2, ISO 27001, NIST, and industry best practices. Use for security architecture design and review, threat modeling, security strategy, compliance assessment (OWASP, NIS2, GDPR, PCI DSS, SOC 2), infrastructure security, API security patterns, and incident response planning. For code-level security reviews, use the code-review skill.
security-github-review
Security review workflow for GitHub repositories using the Security MCP (OWASP ASVS + NIST 800-53) as the primary reference and mapping layer. Use when asked to security review a repo, produce an OWASP/NIST-aligned checklist, map findings to ASVS/NIST controls, generate a prioritized vulnerability report, or create security requirements/acceptance criteria from repo code/config.
security-review
보안, 보안 리뷰, 보안 검토, 취약점, 보안 분석 - Use when reviewing code for security vulnerabilities, designing authentication/authorization, or ensuring secure architecture. Provides systematic security analysis based on OWASP guidelines.
security
Information security expertise for cybersecurity frameworks (NIST, ISO 27001), security architecture, incident response, vulnerability management, identity management, and cloud security. Use when designing security programs, responding to incidents, or assessing vulnerabilities.
trivy
Security vulnerability scanner using Trivy for container images, filesystems, and IaC. Blocks CRITICAL and HIGH severity vulnerabilities before commit. Triggers on "trivy", "vulnerability scan", "security scan", "container scan", "image scan", "sbom", "cve", "dependency scan", "supply chain security", "docker scan", "scan image", "scan container", "check vulnerabilities", "security check", "license scan", "secret scan", "misconfig scan", "iac scan", "terraform scan", "kubernetes scan", "helm scan", "dockerfile scan", "package vulnerabilities", "npm audit", "pip audit", "go mod vulnerabilities", "scan dependencies", "security gate", "compliance scan", "aqua trivy". PROACTIVE: MUST invoke before committing code with new dependencies or container images.
auth-security
OAuth 2.1 + JWT authentication security best practices. Use when implementing auth, API authorization, token management. Follows RFC 9700 (2025).
pact-security-patterns
CROSS-CUTTING: Security patterns and best practices for ALL PACT phases.Provides OWASP Top 10 guidance, authentication/authorization patterns, input validation,secure coding practices, secrets management, and security testing checklists.Use when: implementing authentication, handling user input, storing secrets,designing authorization, reviewing code for vulnerabilities, planning security tests.
security-auditor
security-auditor skillTrigger terms: security audit, vulnerability scan, OWASP, security analysis, penetration testing, security review, threat modeling, security best practices, CVEUse when: User requests involve security auditor tasks.
security-guidance
Comprehensive security best practices, vulnerability scanning, and security guidance for development workflows with automated security checks and compliance monitoring.
secure-code-guardian
Security expert for writing secure code and preventing vulnerabilities. Invoke for authentication, authorization, input validation, encryption, OWASP Top 10 prevention. Keywords: security, authentication, authorization, OWASP, encryption, vulnerability.
sonarcloud-security-triage
Apply triage decisions to SonarCloud security issues by reading a CSV with review decisions and updating issue/hotspot statuses via the SonarCloud API. Use when the user has reviewed security issues and wants to bulk-update SonarCloud with their triage decisions.
security-shield
**SECURITY SHIELD**: '보안', '인증', '로그인', '비밀번호', 'JWT', '토큰', '암호화', '취약점', 'SQL 인젝션', 'XSS', '보안 검사' 요청 시 자동 발동. .env/auth/**/guard/** 파일 작업 시 자동 적용. 하드코딩 시크릿 탐지(40+ 패턴), OWASP Top 10 검증.
1password
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
security-auditor
security-auditor skillTrigger terms: security audit, vulnerability scan, OWASP, security analysis, penetration testing, security review, threat modeling, security best practices, CVEUse when: User requests involve security auditor tasks.
do-platform-auth0
Auth0 보안 전문가로서 공격 방어, 다중 인증, 토큰 보안, 발신자 제약(DPoP/mTLS), 규정 준수(FAPI, GDPR, HIPAA)를 다룸. Auth0 보안 기능 구현, MFA 설정, 토큰 보안, 규정 요구사항 충족 시 사용.
security-audit
Security vulnerability detection and remediation for XSS and SQL injection in IBL5 PHP code. Use when auditing security, fixing vulnerabilities, or reviewing code for security issues.
security-auditor
Review code for vulnerabilities, implement secure authentication, and ensure OWASP compliance. Handles JWT, OAuth2, CORS, CSP, and encryption. Use PROACTIVELY for security reviews, auth flows, or vulnerability fixes.
identity-hub
Expert in Identity and Access Management (IAM). Trigger this when implementing Login, Auth, RBAC, or Multi-tenancy logic.
neon-db-security-check
Review Neon (Postgres) project security posture using project details like roles/users, connection strings, branches, IP allowlists, integrations, and schema info. Use when asked to identify misconfigurations, rate severity, and produce a prioritized hardening checklist with exact SQL and Neon settings remediation steps.
fortify-security
Expert in Gravito security and authentication. Trigger this when setting up Auth, configuring CSP, or implementing security middleware.
rbac-validator
Validates role-based access control (RBAC) implementation for four-tier permissions in the NABIP AMS (Member, Chapter Admin, State Admin, National Admin). Use when implementing permission checks, RLS policies, UI access controls, or audit logging for multi-tenant association management.
sovereign
Performs privacy audits and data sovereignty checks. USE WHEN you want to ensure your private data is not being leaked to external providers.
system-architect
Use when performing security audits or system hardening. Teaches security assessment principles and prioritization.
sonarcloud-security-audit
Audit SonarCloud security issues (vulnerabilities and hotspots) for NASA PDS repositories and export to CSV for triage. Use when the user requests SonarCloud security scans, vulnerability reports, or security audits for PDS projects.
security
セキュリティ監査スキル。OWASP Top 10チェック・依存関係脆弱性・機密情報検出を実行
security
Security and data protection guidelines for RawDrive. Use when implementing authentication, handling user data, validating inputs, or reviewing security-sensitive code.
nextjs-security
Next.js 15 security patterns for veterinary platforms including Server Action hardening, CSRF protection, rate limiting, RLS policy generation, and auth middleware. Use when building or auditing security features.
security-management
Manage security policies and access controls for Protect surveillance. Monitor access to recordings and system settings to ensure only authorized personnel have appropriate access.
senhasegura-skill
Comprehensive senhasegura PAM platform skill for secrets management, credential vaulting, SSH key rotation, and DevOps secrets integration. Use when working with senhasegura A2A APIs, DSM CLI, MySafe, credential management, password rotation, External Secrets Operator integration, or any senhasegura PAM operations.
security-audit
Procedure for analyzing code or dependencies for vulnerabilities
security-auditor
Comprehensive Supabase security auditor for RLS policies, table privileges (GRANTs), and access control validation.Use when:- Auditing database security (RLS + GRANTs)- Generating access matrix (who can SELECT/INSERT/UPDATE/DELETE which tables)- Finding security gaps (missing RLS, overly permissive GRANTs)- Validating PostgREST access patterns- Creating security documentation for Docs/context/- Creating RLS policies for new or existing tables- Validating user data protection- Checking admin access patterns- Identifying security vulnerabilitiesTriggers: "security audit", "access matrix", "who can update", "missing RLS", "check grants", "security gaps", "table permissions", "RLS policy", "row level security", "validate security", "user data protection", "admin access"
security-check
Security audit, vulnerability scanning, and secrets detection for comprehensive application security
security-review
Perform OWASP Top 10 security audit, check auth/authz guards, find injection vulnerabilities, and identify data exposure. Use when reviewing security-sensitive code, before merging auth changes, or when asked to check for vulnerabilities.