security Skills

Use telnet to interact with IoT device shells for pentesting operations including device enumeration, vulnerability discovery, cre...

Test REST and GraphQL APIs for authentication bypasses, authorization flaws, IDOR, mass assignment, injection attacks, and rate li...

Test REST and GraphQL APIs for authentication bypasses, authorization flaws, IDOR, mass assignment, injection attacks, and rate li...

Test web applications for security vulnerabilities including SQLi, XSS, command injection, JWT attacks, SSRF, file uploads, XXE, a...

Test web applications for security vulnerabilities including SQLi, XSS, command injection, JWT attacks, SSRF, file uploads, XXE, a...

Threat Model Creator - Auto-activating skill for Security Advanced.Triggers on: threat model creator, threat model creatorPart of...

Threat Model Creator - Auto-activating skill for Security Advanced.Triggers on: threat model creator, threat model creatorPart of...

Generate a STRIDE-based security threat model for a repository. Use when setting up security monitoring, after architecture change...

Generate a STRIDE-based security threat model for a repository. Use when setting up security monitoring, after architecture change...

Creates comprehensive threat models using STRIDE methodology with asset identification, threat enumeration, mitigation strategies,...

Creates comprehensive threat models using STRIDE methodology with asset identification, threat enumeration, mitigation strategies,...

Use when implementing auth, file uploads, payments, or external APIs. Applies STRIDE framework systematically. Triggers: "authenti...

Security tool command reference

Security tool command reference

This skill should be used when the user asks to "identify web application vulnerabilities", "explain common security flaws", "unde...

This skill should be used when the user asks to "identify web application vulnerabilities", "explain common security flaws", "unde...

This skill should be used when scanning container images, filesystems, or repositories for vulnerabilities using Trivy. Use for CV...

Next.js/TypeScriptプロジェクト向けセキュリティ診断スキル。OWASP準拠。以下の場合に使用:(1) PRレビュー時のセキュリティチェック(2) API Routes のセキュリティ検証(3) 認証・認可ロジックの確認(4) 依存パッケージの脆...

Next.js/TypeScriptプロジェクト向けセキュリティ診断スキル。OWASP準拠。以下の場合に使用:(1) PRレビュー時のセキュリティチェック(2) API Routes のセキュリティ検証(3) 認証・認可ロジックの確認(4) 依存パッケージの脆...

Understand the OCSF schema. Use when working with OCSF, looking up classes or objects, normalizing security events, or asking abou...

Understand the OCSF schema. Use when working with OCSF, looking up classes or objects, normalizing security events, or asking abou...

Search and query Goodreads library from CSV export. Use when the user asks about books, TBR (to-be-read), reading lists, book sear...

Search and query Goodreads library from CSV export. Use when the user asks about books, TBR (to-be-read), reading lists, book sear...

Validate authentication mechanisms for security weaknesses and compliance. Use when reviewing login systems or auth flows. Trigger...

Validate authentication mechanisms for security weaknesses and compliance. Use when reviewing login systems or auth flows. Trigger...

Validate CSRF protection implementations for security gaps. Use when reviewing form security or state-changing operations. Trigger...

Validate CSRF protection implementations for security gaps. Use when reviewing form security or state-changing operations. Trigger...

BigCommerce OAuth, embedded app JWT validation, and pre-registration patterns for VioletConnect

BigCommerce OAuth, embedded app JWT validation, and pre-registration patterns for VioletConnect

Shopify OAuth integration patterns for VioletConnect merchant onboarding

Shopify OAuth integration patterns for VioletConnect merchant onboarding

WooCommerce REST API authentication and credential-based onboarding patterns for VioletConnect

WooCommerce REST API authentication and credential-based onboarding patterns for VioletConnect

Language-specific vulnerability detection patterns for JavaScript/TypeScript, Python, Go, Java, Ruby, and PHP. Provides regex patt...

Language-specific vulnerability detection patterns for JavaScript/TypeScript, Python, Go, Java, Ruby, and PHP. Provides regex patt...

Identify vulnerability class, analyze root cause, and plan exploitation strategy.

Systematic approach to identifying security vulnerabilities in code, dependencies, and infrastructure

Systematic approach to identifying security vulnerabilities in code, dependencies, and infrastructure

Systematic vulnerability finding, threat modeling, and attack surface analysis. Use for comprehensive security assessment planning...

Systematic vulnerability finding, threat modeling, and attack surface analysis. Use for comprehensive security assessment planning...

Vulnerability lifecycle management including CVE tracking, CVSS scoring, risk prioritization, remediation workflows, and coordinat...

Index of vulnerability detection pattern skills. Routes to core patterns (universal) and language-specific patterns for security s...

Index of vulnerability detection pattern skills. Routes to core patterns (universal) and language-specific patterns for security s...

Validate security findings from commit-security-scan by assessing exploitability, filtering false positives, and generating proof-...

Validate security findings from commit-security-scan by assessing exploitability, filtering false positives, and generating proof-...

Waf Rule Creator - Auto-activating skill for Security Advanced.Triggers on: waf rule creator, waf rule creatorPart of the Security...

Waf Rule Creator - Auto-activating skill for Security Advanced.Triggers on: waf rule creator, waf rule creatorPart of the Security...

Lead web application penetration testing coordinator that orchestrates comprehensive security assessments by spawning specialized...