Security
86 skills · sorted by GitHub stars
varlock
Secure-by-default environment variable management for Claude Code sessions.
ffuf-claude-skill
Web fuzzing with ffuf
varlock-claude-skill
Secure environment variable management ensuring secrets are never exposed in Claude sessions, termin
customs-trade-compliance
Codified expertise for customs documentation, tariff classification, duty optimisation, restricted p
007
Security audit, hardening, threat modeling (STRIDE/PASTA), Red/Blue Team, OWASP checks, code review,
active-directory-attacks
Provide comprehensive techniques for attacking Microsoft Active Directory environments. Covers recon
advogado-criminal
Advogado criminalista especializado em Maria da Penha, violencia domestica, feminicidio, direito pen
advogado-especialista
Advogado especialista em todas as areas do Direito brasileiro: familia, criminal, trabalhista, tribu
anti-reversing-techniques
AUTHORIZED USE ONLY: This skill contains dual-use security techniques. Before proceeding with any by
attack-tree-construction
Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, ident
audit-skills
Expert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identif
auth-implementation-patterns
Build secure, scalable authentication and authorization systems using industry-standard patterns and
aws-compliance-checker
Automated compliance checking against CIS, PCI-DSS, HIPAA, and SOC 2 benchmarks
aws-iam-best-practices
IAM policy review, hardening, and least privilege implementation
aws-secrets-rotation
Automate AWS secrets rotation for RDS, API keys, and credentials
aws-security-audit
Comprehensive AWS security posture assessment using AWS CLI and security best practices
binary-analysis-patterns
Comprehensive patterns and techniques for analyzing compiled binaries, understanding assembly code,
broken-authentication
Identify and exploit authentication and session management vulnerabilities in web applications. Brok
bumblebee
Run Bumblebee supply-chain inventory and exposure scans on macOS/Linux to detect compromised package
burp-suite-testing
Execute comprehensive web application security testing using Burp Suite's integrated toolset, includ
burpsuite-project-parser
Searches and explores Burp Suite project files (.burp) from the command line. Use when searching res
constant-time-analysis
Analyze cryptographic code to detect operations that leak secret data through execution timing varia
container-security-hardening
Harden Docker/container images and runtime deployments with secure base images, non-root users, CVE
cred-omega
CISO operacional enterprise para gestao total de credenciais e segredos.
dependency-management-deps-audit
You are a dependency security expert specializing in vulnerability scanning, license compliance, and
differential-review
Security-focused code review for PRs, commits, and diffs.
employment-contract-templates
Templates and patterns for creating legally sound employment documentation including contracts, offe
ethical-hacking-methodology
Master the complete penetration testing lifecycle from reconnaissance through reporting. This skill
fda-food-safety-auditor
Expert AI auditor for FDA Food Safety (FSMA), HACCP, and PCQI compliance. Reviews food facility reco
fda-medtech-compliance-auditor
Expert AI auditor for Medical Device (SaMD) compliance, IEC 62304, and 21 CFR Part 820. Reviews DHFs
ffuf-web-fuzzing
Expert guidance for ffuf web fuzzing during penetration testing, including authenticated fuzzing wit
file-path-traversal
Identify and exploit file path traversal (directory traversal) vulnerabilities that allow attackers
file-uploads
Expert at handling file uploads and cloud storage. Covers S3, Cloudflare R2, presigned URLs, multipa
firmware-analyst
Expert firmware analyst specializing in embedded systems, IoT security, and hardware reverse enginee
frontend-security-coder
Expert in secure frontend coding practices specializing in XSS prevention, output sanitization, and
fsi-compliance-checker
Maps code, architecture, and infrastructure changes to specific control IDs in PCI-DSS v4.0 and MAS
gdpr-data-handling
Practical implementation guide for GDPR-compliant data processing, consent management, and privacy c
gha-security-review
Find exploitable vulnerabilities in GitHub Actions workflows. Every finding MUST include a concrete
html-injection-testing
Identify and exploit HTML injection vulnerabilities that allow attackers to inject malicious HTML co
idor-testing
Provide systematic methodologies for identifying and exploiting Insecure Direct Object Reference (ID
laravel-security-audit
Security auditor for Laravel applications. Analyzes code for vulnerabilities, misconfigurations, and
legal-advisor
Draft privacy policies, terms of service, disclaimers, and legal notices. Creates GDPR-compliant tex
lex
Centralized 'Truth Engine' for cross-jurisdictional legal context (US, EU, CA) and contract scaffold
linux-privilege-escalation
Execute systematic privilege escalation assessments on Linux systems to identify and exploit misconf
malware-analyst
Expert malware analyst specializing in defensive malware research, threat intelligence, and incident
memory-forensics
Comprehensive techniques for acquiring, analyzing, and extracting artifacts from memory dumps for in
metasploit-framework
⚠️ AUTHORIZED USE ONLY > This skill is for educational purposes or authorized security assessments o
mtls-configuration
Configure mutual TLS (mTLS) for zero-trust service-to-service communication. Use when implementing z
pci-compliance
Master PCI DSS (Payment Card Industry Data Security Standard) compliance for secure payment processi
pentest-checklist
Provide a comprehensive checklist for planning, executing, and following up on penetration tests. En