aiskillstore/skill-name
skills/agentsecops/skill-name/SKILL.md
[REQUIRED] Comprehensive description of what this skill does and when to use it. Include: (1) Primary functionality, (2) Specific use cases, (3) Security operations context. Must include specific "Use when:" clause for skill discovery. Example: "SAST vulnerability analysis and remediation guidance using Semgrep and industry security standards. Use when: (1) Analyzing static code for security vulnerabilities, (2) Prioritizing security findings by severity, (3) Providing secure coding remediation, (4) Integrating security checks into CI/CD pipelines." Maximum 1024 characters.
$ install --global
skillsauthnpx skillsauth add aiskillstore/marketplace skill-nameInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 28, 2026, 5:15 PM36.2s6 files scanned
SKILL.md
- name:
- skill-name
- description:
- >
- Include:
- (1) Primary functionality, (2) Specific use cases, (3) Security operations context.
- Must include specific "Use when:
- clause for skill discovery.
- Example:
- SAST vulnerability analysis and remediation guidance using Semgrep and industry
- security standards. Use when:
- (1) Analyzing static code for security vulnerabilities,
- version:
- 0.1.0
- maintainer:
- your-github-username
- category:
- [appsec|devsecops|secsdlc|threatmodel|compliance|incident-response]
- tags:
- [relevant, security, tags]
- frameworks:
- [OWASP|CWE|MITRE-ATT&CK|NIST|SOC2]
<!--
PROGRESSIVE DISCLOSURE GUIDELINES:
- Keep this SKILL.md file under 500 lines
- Only include core workflows and common patterns here
- Move detailed content to references/ directory
- Link clearly to when references should be consulted
- See: references/WORKFLOW_CHECKLIST.md for workflow pattern examples
- Challenge every sentence: "Does Claude really need this?"
-->
Scripts (
References (
Assets (
Skill Name
Overview
Brief overview of what this skill provides and its security operations context.
Quick Start
Provide the minimal example to get started immediately:
# Example command or workflow
tool-name --option value
Core Workflow
Sequential Workflow
For straightforward step-by-step operations:
- First action with specific command or operation
- Second action with expected output or validation
- Third action with decision points if needed
Workflow Checklist (for complex operations)
For complex multi-step operations, use a checkable workflow:
Progress: [ ] 1. Initial setup and configuration [ ] 2. Run primary security scan or analysis [ ] 3. Review findings and classify by severity [ ] 4. Apply remediation patterns [ ] 5. Validate fixes with re-scan [ ] 6. Document findings and generate report
Work through each step systematically. Check off completed items.
For more workflow patterns, see references/WORKFLOW_CHECKLIST.md
Feedback Loop Pattern (for validation)
When validation and iteration are needed:
- Generate initial output (configuration, code, etc.)
- Run validation:
./scripts/validator_example.py output.yaml - Review validation errors and warnings
- Fix identified issues
- Repeat steps 2-4 until validation passes
- Apply the validated output
Note: Move detailed validation criteria to references/ if complex.
Security Considerations
- Sensitive Data Handling: Guidance on handling secrets, credentials, PII
- Access Control: Required permissions and authorization contexts
- Audit Logging: What should be logged for security auditing
- Compliance: Relevant compliance requirements (SOC2, GDPR, etc.)
Bundled Resources
Scripts (scripts/)
Executable scripts for deterministic operations. Use scripts for low-freedom operations requiring consistency.
example_script.py- Python script template with argparse, error handling, and JSON outputexample_script.sh- Bash script template with argument parsing and colored outputvalidator_example.py- Validation script demonstrating feedback loop pattern
When to use scripts:
- Deterministic operations that must be consistent
- Complex parsing or data transformation
- Validation and quality checks
References (references/)
On-demand documentation loaded when needed. Keep SKILL.md concise by moving detailed content here.
EXAMPLE.md- Template for reference documentation with security standards sectionsWORKFLOW_CHECKLIST.md- Multiple workflow pattern examples (sequential, conditional, iterative, feedback loop)
When to use references:
- Detailed framework mappings (OWASP, CWE, MITRE ATT&CK)
- Advanced configuration options
- Language-specific patterns
- Content exceeding 100 lines
Assets (assets/)
Templates and configuration files used in output (not loaded into context). These are referenced but not read until needed.
ci-config-template.yml- Security-enhanced CI/CD pipeline with SAST, dependency scanning, secrets detectionrule-template.yaml- Security rule template with OWASP/CWE mappings and remediation guidance
When to use assets:
- Configuration templates
- Policy templates
- Boilerplate secure code
- CI/CD pipeline examples
Common Patterns
Pattern 1: [Pattern Name]
Description and example of common usage pattern.
Pattern 2: [Pattern Name]
Additional patterns as needed.
Integration Points
- CI/CD: How this integrates with build pipelines
- Security Tools: Compatible security scanning/monitoring tools
- SDLC: Where this fits in the secure development lifecycle
Troubleshooting
Issue: [Common Problem]
Solution: Steps to resolve.
References
- Tool Documentation
- Security Framework
- Compliance Standard
Related Skills
aiskillstore/hig-components-content
development
VerifiedTrustedCommunity
Apple Human Interface Guidelines for content display components. Use this skill when the user asks about charts component, collection view, image view, web view, color well, image well, activity view, lockup, data visualization, content display, displaying images, rendering web content, color pickers, or presenting collections of items in Apple apps. Also use when the user says how should I display charts, what's the best way to show images, should I use a web view, how do I build a grid of items, what component shows media, or how do I present a share sheet. Cross-references: hig-foundations for color/typography/accessibility, hig-patterns for data visualization patterns, hig-components-layout for structural containers, hig-platforms for platform-specific component behavior.
244SKILL.mdUpdated Apr 10, 2026
aiskillstore/helpdesk-automation
tools
VerifiedTrustedCommunity
Automate HelpDesk tasks via Rube MCP (Composio): list tickets, manage views, use canned responses, and configure custom fields. Always search tools first for current schemas.
244SKILL.mdUpdated Apr 10, 2026
aiskillstore/haskell-pro
testing
VerifiedTrustedCommunity
Expert Haskell engineer specializing in advanced type systems, pure functional design, and high-reliability software. Use PROACTIVELY for type-level programming, concurrency, and architecture guidance.
244SKILL.mdUpdated Apr 10, 2026
aiskillstore/graphql
tools
VerifiedTrustedCommunity
GraphQL gives clients exactly the data they need - no more, no less. One endpoint, typed schema, introspection. But the flexibility that makes it powerful also makes it dangerous. Without proper controls, clients can craft queries that bring down your server. This skill covers schema design, resolvers, DataLoader for N+1 prevention, federation for microservices, and client integration with Apollo/urql. Key insight: GraphQL is a contract. The schema is the API documentation. Design it carefully.
244SKILL.mdUpdated Apr 10, 2026