Vulnerability Scan
78 skills · sorted by GitHub stars
varlock
Secure-by-default environment variable management for Claude Code sessions.
ffuf-claude-skill
Web fuzzing with ffuf
varlock-claude-skill
Secure environment variable management ensuring secrets are never exposed in Claude sessions, termin
007
Security audit, hardening, threat modeling (STRIDE/PASTA), Red/Blue Team, OWASP checks, code review,
active-directory-attacks
Provide comprehensive techniques for attacking Microsoft Active Directory environments. Covers recon
anti-reversing-techniques
AUTHORIZED USE ONLY: This skill contains dual-use security techniques. Before proceeding with any by
attack-tree-construction
Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, ident
audit-skills
Expert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identif
auth-implementation-patterns
Build secure, scalable authentication and authorization systems using industry-standard patterns and
aws-compliance-checker
Automated compliance checking against CIS, PCI-DSS, HIPAA, and SOC 2 benchmarks
aws-iam-best-practices
IAM policy review, hardening, and least privilege implementation
aws-secrets-rotation
Automate AWS secrets rotation for RDS, API keys, and credentials
aws-security-audit
Comprehensive AWS security posture assessment using AWS CLI and security best practices
binary-analysis-patterns
Comprehensive patterns and techniques for analyzing compiled binaries, understanding assembly code,
broken-authentication
Identify and exploit authentication and session management vulnerabilities in web applications. Brok
bumblebee
Run Bumblebee supply-chain inventory and exposure scans on macOS/Linux to detect compromised package
burp-suite-testing
Execute comprehensive web application security testing using Burp Suite's integrated toolset, includ
burpsuite-project-parser
Searches and explores Burp Suite project files (.burp) from the command line. Use when searching res
constant-time-analysis
Analyze cryptographic code to detect operations that leak secret data through execution timing varia
container-security-hardening
Harden Docker/container images and runtime deployments with secure base images, non-root users, CVE
cred-omega
CISO operacional enterprise para gestao total de credenciais e segredos.
dependency-management-deps-audit
You are a dependency security expert specializing in vulnerability scanning, license compliance, and
differential-review
Security-focused code review for PRs, commits, and diffs.
ethical-hacking-methodology
Master the complete penetration testing lifecycle from reconnaissance through reporting. This skill
ffuf-web-fuzzing
Expert guidance for ffuf web fuzzing during penetration testing, including authenticated fuzzing wit
file-path-traversal
Identify and exploit file path traversal (directory traversal) vulnerabilities that allow attackers
file-uploads
Expert at handling file uploads and cloud storage. Covers S3, Cloudflare R2, presigned URLs, multipa
firmware-analyst
Expert firmware analyst specializing in embedded systems, IoT security, and hardware reverse enginee
frontend-security-coder
Expert in secure frontend coding practices specializing in XSS prevention, output sanitization, and
fsi-compliance-checker
Maps code, architecture, and infrastructure changes to specific control IDs in PCI-DSS v4.0 and MAS
gdpr-data-handling
Practical implementation guide for GDPR-compliant data processing, consent management, and privacy c
gha-security-review
Find exploitable vulnerabilities in GitHub Actions workflows. Every finding MUST include a concrete
html-injection-testing
Identify and exploit HTML injection vulnerabilities that allow attackers to inject malicious HTML co
idor-testing
Provide systematic methodologies for identifying and exploiting Insecure Direct Object Reference (ID
laravel-security-audit
Security auditor for Laravel applications. Analyzes code for vulnerabilities, misconfigurations, and
linux-privilege-escalation
Execute systematic privilege escalation assessments on Linux systems to identify and exploit misconf
malware-analyst
Expert malware analyst specializing in defensive malware research, threat intelligence, and incident
memory-forensics
Comprehensive techniques for acquiring, analyzing, and extracting artifacts from memory dumps for in
metasploit-framework
⚠️ AUTHORIZED USE ONLY > This skill is for educational purposes or authorized security assessments o
mtls-configuration
Configure mutual TLS (mTLS) for zero-trust service-to-service communication. Use when implementing z
pci-compliance
Master PCI DSS (Payment Card Industry Data Security Standard) compliance for secure payment processi
pentest-checklist
Provide a comprehensive checklist for planning, executing, and following up on penetration tests. En
pentest-commands
Provide a comprehensive command reference for penetration testing tools including network scanning,
privacy-by-design
Use when building apps that collect user data. Ensures privacy protections are built in from the sta
privilege-escalation-methods
Provide comprehensive techniques for escalating privileges from a low-privileged user to root/admini
production-audit
Audit a shipped repo for production-readiness gaps across RLS, webhooks, secrets, grants, Stripe ide
protocol-reverse-engineering
Comprehensive techniques for capturing, analyzing, and documenting network protocols for security re
red-team-tactics
Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.
red-team-tools
Implement proven methodologies and tool workflows from top security researchers for effective reconn
reverse-engineer
Expert reverse engineer specializing in binary analysis, disassembly, decompilation, and software an