security
23 skills · 0 free · cap $19/skill or unlock all for $99
bumblebee
IncludedRun Bumblebee supply-chain inventory and exposure scans on macOS/Linux to detect compromised packages, extensions, and MCP host configs.
production-audit
IncludedAudit a shipped repo for production-readiness gaps across RLS, webhooks, secrets, grants, Stripe idempotency, mobile UX, and deployment health.
audit-skills
IncludedExpert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads across Windows, macOS, Linux/Unix, and Mobile (Android/iOS).
skill-audit
IncludedPre-install security scanner for AI agent skills. 7.5% of 14,706 skills are malicious. Audit before you trust.
agent-skill-trust-check
IncludedStatic pre-install trust review for SKILL.md, OpenClaw, Hermes, MCP, and agent-skill marketplace packages before they request local, account, payment, or external access.
network-security-setup
IncludedConfigure Claude Code sandbox network isolation with trusted domains, custom access policies, and environment variables
container-security-hardening
IncludedHarden Docker/container images and runtime deployments with secure base images, non-root users, CVE scanning, SBOM/signing, seccomp/AppArmor, and Kubernetes pod security controls. Use for Dockerfile security reviews, container CVEs, image scanning, distroless images, or production hardening.
aws-compliance-checker
IncludedAutomated compliance checking against CIS, PCI-DSS, HIPAA, and SOC 2 benchmarks
aws-secrets-rotation
IncludedAutomate AWS secrets rotation for RDS, API keys, and credentials
aws-iam-best-practices
IncludedIAM policy review, hardening, and least privilege implementation
aws-security-audit
IncludedComprehensive AWS security posture assessment using AWS CLI and security best practices
aws-compliance-checker
IncludedAutomated compliance checking against CIS, PCI-DSS, HIPAA, and SOC 2 benchmarks
aws-iam-best-practices
IncludedIAM policy review, hardening, and least privilege implementation
aws-secrets-rotation
IncludedAutomate AWS secrets rotation for RDS, API keys, and credentials
aws-security-audit
IncludedComprehensive AWS security posture assessment using AWS CLI and security best practices
harden
IncludedApplies NIST/CWE security hardening to Python and Rust code. Use when auditing code for vulnerabilities or proposing concrete security remediations.
web-pentest
IncludedAuthorized web application penetration testing — reconnaissance, vulnerability analysis, proof-based exploitation, and professional reporting. Adapts Shannon's "No Exploit, No Report" methodology with hard guardrails for scope, authorization, and aux-client leakage. Active testing against running applications you own or have written authorization to test.
oss-forensics
IncludedSupply chain investigation, evidence recovery, and forensic analysis for GitHub repositories. Covers deleted commit recovery, force-push detection, IOC extraction, multi-source evidence collection, hypothesis formation/validation, and structured forensic reporting. Inspired by RAPTOR's 1800+ line OSS Forensics system.
Security Architect
IncludedComprehensive security architecture combining threat modeling, security-first design, secure coding review, and compliance validation. Consolidated from threat-modeling, security-first-design, secure-coding-review, and compliance-validator.
audit-expert
IncludedExpert-level security auditing, compliance, code review, and vulnerability assessment
security-expert
IncludedExpert-level application security, OWASP Top 10, penetration testing, and security best practices
Security Monitoring
IncludedAutomate security monitoring, threat detection, incident response, and compliance workflows
codeql-expert
IncludedExpert-level CodeQL for static analysis, vulnerability detection, and security code scanning