💻 Development & Engineering
3,795 skills
affaan-m/security-bounty-hunter
testing
VerifiedTrustedCommunity
リポジトリ内の悪用可能なバウンティ対象のセキュリティ問題を発見します。ノイズの多いローカルのみの発見ではなく、実際のレポートに適格なリモートから到達可能な脆弱性に焦点を当てます。
185,766SKILL.mdUpdated May 18, 2026
affaan-m/quarkus-verification
tools
VerifiedTrustedCommunity
Quarkusプロジェクト検証ループ:ビルド、静的分析、カバレッジ付きテスト、セキュリティスキャン、ネイティブコンパイル、本番環境またはPR前の差分レビュー。
185,766SKILL.mdUpdated May 18, 2026
garrytan/cso
testing
VerifiedTrustedCommunity
Chief Security Officer mode. Infrastructure-first security audit: secrets archaeology, dependency supply chain, CI/CD pipeline security, LLM/AI security, skill supply chain scanning, plus OWASP Top 10, STRIDE threat modeling, and active verification. Two modes: daily (zero-noise, 8/10 confidence gate) and comprehensive (monthly deep scan, 2/10 bar). Trend tracking across audit runs. Use when: "security audit", "threat model", "pentest review", "OWASP", "CSO review". (gstack) Voice triggers (speech-to-text aliases): "see-so", "see so", "security review", "security check", "vulnerability scan", "run security".
71,662SKILL.mdUpdated Apr 4, 2026
paperclipai/deal-with-security-advisory
tools
VerifiedTrustedCommunity
Handle a GitHub Security Advisory response for Paperclip, including confidential fix development in a temporary private fork, human coordination on advisory-thread comments, CVE request, synchronized advisory publication, and immediate security release steps.
53,860SKILL.mdUpdated Apr 15, 2026
wshobson/stride-analysis-patterns
testing
VerifiedTrustedCommunity
Apply STRIDE methodology to systematically identify threats. Use when analyzing system security, conducting threat modeling sessions, or creating security documentation.
35,806SKILL.mdUpdated Apr 25, 2026
wshobson/deployment-pipeline-design
development
VerifiedTrustedCommunity
Design multi-stage CI/CD pipelines with approval gates, security checks, and deployment orchestration. Use this skill when designing zero-downtime deployment pipelines, implementing canary rollout strategies, setting up multi-environment promotion workflows, or debugging failed deployment gates in CI/CD.
35,806SKILL.mdUpdated Apr 25, 2026
sickn33/api-security-best-practices
development
VerifiedTrustedCommunity
Implement secure API design patterns including authentication, authorization, input validation, rate limiting, and protection against common API vulnerabilities
33,084SKILL.mdUpdated Apr 13, 2026
sickn33/007
development
VerifiedTrustedCommunity
Security audit, hardening, threat modeling (STRIDE/PASTA), Red/Blue Team, OWASP checks, code review, incident response, and infrastructure security for any project.
33,084SKILL.mdUpdated Apr 13, 2026
github/security-review
tools
VerifiedTrustedOfficial
AI-powered codebase security scanner that reasons about code like a security researcher — tracing data flows, understanding component interactions, and catching vulnerabilities that pattern-matching tools miss. Use this skill when asked to scan code for security vulnerabilities, find bugs, check for SQL injection, XSS, command injection, exposed API keys, hardcoded secrets, insecure dependencies, access control issues, or any request like "is my code secure?", "review for security issues", "audit this codebase", or "check for vulnerabilities". Covers injection flaws, authentication and access control bugs, secrets exposure, weak cryptography, insecure dependencies, and business logic issues across JavaScript, TypeScript, Python, Java, PHP, Go, Ruby, and Rust.
27,569SKILL.mdUpdated Mar 30, 2026
github/doublecheck
development
VerifiedTrustedOfficial
Three-layer verification pipeline for AI output. Extracts verifiable claims, finds supporting or contradicting sources via web search, runs adversarial review for hallucination patterns, and produces a structured verification report with source links for human review.
25,862SKILL.mdUpdated Mar 18, 2026
davila7/github-actions-templates
development
VerifiedTrustedCommunity
Production-ready GitHub Actions workflow patterns for testing, building, and deploying applications.
24,615SKILL.mdUpdated Apr 15, 2026
davila7/WordPress Penetration Testing
tools
VerifiedTrustedCommunity
This skill should be used when the user asks to "pentest WordPress sites", "scan WordPress for vulnerabilities", "enumerate WordPress users, themes, or plugins", "exploit WordPress vulnerabilities", or "use WPScan". It provides comprehensive WordPress security assessment methodologies.
24,615SKILL.mdUpdated Apr 15, 2026
rightnow-ai/security-audit
development
VerifiedTrustedCommunity
Security audit expert for OWASP Top 10, CVE analysis, code review, and penetration testing methodology
16,813SKILL.mdUpdated Apr 20, 2026
rightnow-ai/ci-cd
tools
VerifiedTrustedCommunity
CI/CD pipeline expert for GitHub Actions, GitLab CI, Jenkins, and deployment automation
16,813SKILL.mdUpdated Apr 20, 2026
alirezarezvani/engineering-skills
tools
VerifiedTrustedCommunity
23 engineering agent skills and plugins for Claude Code, Codex, Gemini CLI, Cursor, OpenClaw, and 6 more tools. Architecture, frontend, backend, QA, DevOps, security, AI/ML, data engineering, Playwright, Stripe, AWS, MS365. 30+ Python tools (stdlib-only).
16,359SKILL.mdUpdated May 10, 2026
alirezarezvani/adversarial-reviewer
development
VerifiedTrustedCommunity
Adversarial code review that breaks the self-review monoculture. Use when you want a genuinely critical review of recent changes, before merging a PR, or when you suspect Claude is being too agreeable about code quality. Forces perspective shifts through hostile reviewer personas that catch blind spots the author's mental model shares with the reviewer.
16,359SKILL.mdUpdated May 10, 2026
mukul975/bypassing-authentication-with-forced-browsing
development
VerifiedTrustedCommunity
Discovering and accessing unprotected pages, APIs, and administrative interfaces by enumerating URLs and bypassing authentication controls during authorized security assessments.
13,647SKILL.mdUpdated Jun 3, 2026
mukul975/building-vulnerability-scanning-workflow
tools
VerifiedTrustedCommunity
Builds a structured vulnerability scanning workflow using tools like Nessus, Qualys, and OpenVAS to discover, prioritize, and track remediation of security vulnerabilities across infrastructure. Use when SOC teams need to establish recurring vulnerability assessment processes, integrate scan results with SIEM alerting, and build remediation tracking dashboards.
13,647SKILL.mdUpdated Jun 3, 2026
benbjohnson/litestream
tools
VerifiedTrustedCommunity
Expert knowledge for contributing to Litestream, a standalone disaster recovery tool for SQLite. Provides architectural understanding, code patterns, critical rules, and debugging procedures for WAL monitoring, LTX replication format, storage backend implementation, multi-level compaction, and SQLite page management. Use when working with Litestream source code, writing storage backends, debugging replication issues, implementing compaction logic, or handling SQLite WAL operations.
13,453SKILL.mdUpdated Apr 16, 2026
nearai/security-review
development
VerifiedTrustedCommunity
Security audit for code changes and PRs — OWASP top 10, auth flows, data handling, secrets exposure, supply chain risks. Writes findings as actionable items.
11,894SKILL.mdUpdated Apr 15, 2026