Security Skills

Security skills help you audit code, test for vulnerabilities, implement secure patterns, and ensure compliance.

114 skills covering security auditing, penetration testing, DevSecOps, and compliance

Security Auditing

Security Auditor

Expert DevSecOps, cybersecurity, and compliance frameworks

Threat Modeling Expert

STRIDE, PASTA, attack trees, and risk assessment

Find Bugs

Find bugs and vulnerabilities in local branch changes

Code Review Checklist

Comprehensive code review covering security and performance

Audit & Review Skills

Skill	Description
`security-audit`	Comprehensive security auditing workflow
`security-auditor`	Expert security auditor specializing in DevSecOps
`find-bugs`	Find bugs, security vulnerabilities, and code quality issues
`code-review-excellence`	Provide constructive feedback and catch bugs
`code-review-checklist`	Thorough code reviews covering security
`laravel-security-audit`	Security auditor for Laravel applications
`vibe-code-auditor`	Audit AI-produced code for production risks

Penetration Testing

Web Application Testing

api-security-testing - REST and GraphQL API security
web-security-testing - OWASP Top 10 vulnerabilities
api-fuzzing-bug-bounty - Fuzz APIs and find IDOR vulnerabilities
burp-suite-testing - Intercept HTTP traffic and modify requests
xss-html-injection - Test for XSS vulnerabilities
sql-injection-testing - Test for SQL injection
idor-testing - Test for insecure direct object references
broken-authentication - Test authentication vulnerabilities
file-path-traversal - Test for directory traversal
html-injection-testing - Test for HTML injection

Cloud & Infrastructure Testing

aws-penetration-testing - Pentest AWS infrastructure
cloud-penetration-testing - Test Azure, AWS, GCP security
network-101 - Web server setup, HTTP/HTTPS, SNMP, SMB
smtp-penetration-testing - SMTP enumeration and testing
ssh-penetration-testing - SSH service penetration testing
wordpress-penetration-testing - Pentest WordPress sites

Active Directory & Enterprise

active-directory-attacks - Attack AD, Kerberoasting, DCSync
windows-privilege-escalation - Windows privilege escalation
protocol-reverse-engineering - Network protocol analysis
wireshark-analysis - Analyze network traffic with Wireshark

Testing Tools

metasploit-framework - Exploit vulnerabilities with msfconsole
scanning-tools - Vulnerability scanning and network assessment
sqlmap-database-pentesting - Automate SQL injection testing
ffuf-claude-skill - Web fuzzing with ffuf

Secure Coding

Backend Security

Input validation, authentication, API security

Frontend Security

XSS prevention, output sanitization, client-side security

Mobile Security

Input validation, WebView security, mobile patterns

Solidity Security

Smart contract security and secure patterns

Secure Coding Skills

backend-security-coder - Secure backend coding practices
frontend-security-coder - XSS prevention and sanitization
mobile-security-coder - Mobile-specific security patterns
solidity-security - Smart contract security best practices
api-security-best-practices - Secure API design patterns
auth-implementation-patterns - JWT, OAuth2, session management, RBAC

Vulnerability Management

Category	Skills
Scanning	`vulnerability-scanner`, `sast-configuration`, `dependency-management-deps-audit`
Analysis	`threat-modeling-expert`, `stride-analysis-patterns`, `attack-tree-construction`
Mitigation	`threat-mitigation-mapping`, `security-requirement-extraction`

DevSecOps

Security Automation

security-scanning-security-hardening - Multi-layer security scanning
security-scanning-security-sast - Static Application Security Testing
security-scanning-security-dependencies - Dependency vulnerability analysis
sast-configuration - Configure SAST tools for automation
codebase-cleanup-deps-audit - Vulnerability and license compliance

Authentication & Authorization

auth-implementation-patterns - JWT, OAuth2, session management
clerk-auth - Clerk auth implementation with Next.js
nextjs-supabase-auth - Supabase Auth with Next.js App Router
convex - Convex reactive backend with auth
firebase - Firebase auth, database, storage

Compliance & Standards

GDPR

GDPR-compliant data handling and consent

PCI DSS

Payment card data security requirements

WCAG

Accessibility compliance and auditing

AWS Compliance

CIS, PCI-DSS, HIPAA, SOC 2 benchmarks

Compliance Skills

security-compliance-compliance-check - GDPR, HIPAA, SOC2, PCI-DSS
gdpr-data-handling - Consent management and privacy by design
pci-compliance - PCI DSS requirements for payment data
wcag-audit-patterns - WCAG 2.2 accessibility audits
accessibility-compliance-accessibility-audit - WCAG compliance
security/aws-compliance-checker - AWS compliance checking
security/aws-iam-best-practices - IAM policy review and hardening

Secrets Management

secrets-management - Secure secrets for CI/CD pipelines
azure-keyvault-* - Azure Key Vault across all languages
varlock-claude-skill - Secure environment variable management
security/aws-secrets-rotation - Automate AWS secrets rotation

Security Operations

Incident Response

incident-responder - Rapid problem resolution
incident-response-incident-response - Incident response workflow
incident-response-smart-fix - AI-assisted debugging and resolution
incident-runbook-templates - Structured response procedures
postmortem-writing - Blameless postmortems with action items

Malware & Forensics

malware-analyst - Defensive malware research
firmware-analyst - Embedded systems and IoT security
memory-forensics - Memory acquisition and artifact extraction
binary-analysis-patterns - Disassembly and decompilation
anti-reversing-techniques - Bypass anti-reversing protections

Threat Intelligence & Red Team

red-team-tactics - MITRE ATT&CK tactics
ethical-hacking-methodology - Penetration testing lifecycle
top-web-vulnerabilities - Common security flaws
pentest-checklist - Penetration test planning

Service Mesh & Network Security

service-mesh-expert - Istio, Linkerd, security policies
mtls-configuration - Mutual TLS for zero-trust
k8s-security-policies - NetworkPolicy, PodSecurityPolicy, RBAC
network-engineer - Cloud networking and security

Start with security-auditor for comprehensive audits, then use specific testing skills like api-security-testing or web-security-testing for targeted analysis.

Always get written authorization before performing penetration testing on production systems.

Browse by Category

Popular Skills

Security Skills

Security Skills

Security Auditing

Security Auditor

Threat Modeling Expert

Find Bugs

Code Review Checklist

Audit & Review Skills

Penetration Testing

Testing Tools

Secure Coding

Backend Security

Frontend Security

Mobile Security

Solidity Security

Secure Coding Skills

Vulnerability Management

DevSecOps

Authentication & Authorization

Compliance & Standards

GDPR

PCI DSS

WCAG

AWS Compliance

Compliance Skills

Secrets Management

Security Operations

Threat Intelligence & Red Team

Service Mesh & Network Security

Build docs developers (and LLMs) love

Browse by Category

Popular Skills

​Security Skills

​Security Auditing

Security Auditor

Threat Modeling Expert

Find Bugs

Code Review Checklist

​Audit & Review Skills

​Penetration Testing

​Testing Tools

​Secure Coding

Backend Security

Frontend Security

Mobile Security

Solidity Security

​Secure Coding Skills

​Vulnerability Management

​DevSecOps

​Authentication & Authorization

​Compliance & Standards

GDPR

PCI DSS

WCAG

AWS Compliance

​Compliance Skills

​Secrets Management

​Security Operations

​Threat Intelligence & Red Team

​Service Mesh & Network Security

Build docs developers (and LLMs) love

Security Skills

Security Auditing

Audit & Review Skills

Penetration Testing

Testing Tools

Secure Coding

Secure Coding Skills

Vulnerability Management

DevSecOps

Authentication & Authorization

Compliance & Standards

Compliance Skills

Secrets Management

Security Operations

Threat Intelligence & Red Team

Service Mesh & Network Security