ReddRadar
Topic: agents
2,643 skills in this topic.
-
flutter-testing
Comprehensive Flutter testing guidance covering unit tests, widget tests, and integration tests. Use when working with Flutter applications to write unit tests for functions/methods/classes, create widget tests to verify UI components, develop integration tests for end-to-end testing, mock dependencies and plugin interactions, debug common testing errors, test Flutter plugins with native code, and run tests in different build modes (debug, profile, release)
Im5tu/claude
-
launch-strategy
When the user wants to plan a product launch, feature announcement, or release strategy. Also use when the user mentions 'launch,' 'Product Hunt,' 'feature release,' 'announcement,' 'go-to-market,' 'beta launch,' 'early access,' 'waitlist,' or 'product update.' This skill covers phased launches, channel strategy, and ongoing launch momentum.
Im5tu/claude
-
marketing-psychology
When the user wants to apply psychological principles, mental models, or behavioral science to marketing. Also use when the user mentions 'psychology,' 'mental models,' 'cognitive bias,' 'persuasion,' 'behavioral science,' 'why people buy,' 'decision-making,' or 'consumer behavior.' This skill provides 70+ mental models organized for marketing application.
Im5tu/claude
-
plan-feature
Interview user in-depth to create a detailed spec. Also use when the user says "write a spec," "feature spec," "plan a feature," "detailed requirements," "product spec," or "spec out." For prompt refinement, see reprompt.
Im5tu/claude
-
reprompt
Formats input into Goal, Constraints, Format, Failure structure. Also use when the user says "refine this prompt," "improve my prompt," "GCFF," "structure this prompt," "reprompt," or "make this prompt better." For full feature specs, see plan-feature.
Im5tu/claude
-
using-git-worktrees
Use when starting feature work that needs isolation from current workspace or before executing implementation plans - creates isolated git worktrees with smart directory selection and safety verification
Im5tu/claude
-
website-design
When the user wants to design and build a premium multi-page website for any business type. Produces working Next.js + Tailwind CSS v4 + GSAP code — not specification documents. Also use when the user says "website design," "design a website," "build a website," "site design," "landing page," "multi-page site," or "website pages." For brand identity without website, see brand-design.
Im5tu/claude
-
website-seo
When the user wants SEO strategy, audits, technical SEO, schema markup, content architecture, or search visibility optimization. Also use when the user says "SEO strategy," "SEO audit," "technical SEO," "schema markup," "structured data," "content strategy," "topic clusters," "local SEO," "international SEO," "SEO reporting," "search everywhere," "programmatic SEO," or "free tool strategy." This skill supersedes content-strategy, seo-audit, programmatic-seo, and free-tool-strategy skills.
Im5tu/claude
-
skill-name
[REQUIRED] Comprehensive description of what this skill does and when to use it. Include: (1) Primary functionality, (2) Specific use cases, (3) Security operations context. Must include specific "Use when:" clause for skill discovery. Example: "SAST vulnerability analysis and remediation guidance using Semgrep and industry security standards. Use when: (1) Analyzing static code for security vulnerabilities, (2) Prioritizing security findings by severity, (3) Providing secure coding remediation, (4) Integrating security checks into CI/CD pipelines." Maximum 1024 characters.
AgentSecOps/SecOpsAgentKit 84
-
api-mitmproxy
Interactive HTTPS proxy for API security testing with traffic interception, modification, and replay capabilities. Supports HTTP/1, HTTP/2, HTTP/3, WebSockets, and TLS-protected protocols. Includes Python scripting API for automation and multiple interfaces (console, web, CLI). Use when: (1) Intercepting and analyzing API traffic for security testing, (2) Modifying HTTP/HTTPS requests and responses to test API behavior, (3) Recording and replaying API traffic for testing, (4) Debugging mobile app or thick client API communications, (5) Automating API security tests with Python scripts, (6) Exporting traffic in HAR format for analysis.
AgentSecOps/SecOpsAgentKit 84
-
api-spectral
API specification linting and security validation using Stoplight's Spectral with support for OpenAPI, AsyncAPI, and Arazzo specifications. Validates API definitions against security best practices, OWASP API Security Top 10, and custom organizational standards. Use when: (1) Validating OpenAPI/AsyncAPI specifications for security issues and design flaws, (2) Enforcing API design standards and governance policies across API portfolios, (3) Creating custom security rules for API specifications in CI/CD pipelines, (4) Detecting authentication, authorization, and data exposure issues in API definitions, (5) Ensuring API specifications comply with organizational security standards and regulatory requirements.
AgentSecOps/SecOpsAgentKit 84
-
dast-ffuf
Fast web fuzzer for DAST testing with directory enumeration, parameter fuzzing, and virtual host discovery. Written in Go for high-performance HTTP fuzzing with extensive filtering capabilities. Supports multiple fuzzing modes (clusterbomb, pitchfork, sniper) and recursive scanning. Use when: (1) Discovering hidden directories, files, and endpoints on web applications, (2) Fuzzing GET and POST parameters to identify injection vulnerabilities, (3) Enumerating virtual hosts and subdomains, (4) Testing authentication endpoints with credential fuzzing, (5) Finding backup files and sensitive data exposures, (6) Performing comprehensive web application reconnaissance.
AgentSecOps/SecOpsAgentKit 84
-
dast-nuclei
Fast, template-based vulnerability scanning using ProjectDiscovery's Nuclei with extensive community templates covering CVEs, OWASP Top 10, misconfigurations, and security issues across web applications, APIs, and infrastructure. Use when: (1) Performing rapid vulnerability scanning with automated CVE detection, (2) Testing for known vulnerabilities and security misconfigurations in web apps and APIs, (3) Running template-based security checks in CI/CD pipelines with customizable severity thresholds, (4) Creating custom security templates for organization-specific vulnerability patterns, (5) Scanning multiple targets efficiently with concurrent execution and rate limiting controls.
AgentSecOps/SecOpsAgentKit 84
-
dast-zap
Dynamic application security testing (DAST) using OWASP ZAP (Zed Attack Proxy) with passive and active scanning, API testing, and OWASP Top 10 vulnerability detection. Use when: (1) Performing runtime security testing of web applications and APIs, (2) Detecting vulnerabilities like XSS, SQL injection, and authentication flaws in deployed applications, (3) Automating security scans in CI/CD pipelines with Docker containers, (4) Conducting authenticated testing with session management, (5) Generating security reports with OWASP and CWE mappings for compliance.
AgentSecOps/SecOpsAgentKit 84
-
sast-bandit
Python security vulnerability detection using Bandit SAST with CWE and OWASP mapping. Use when: (1) Scanning Python code for security vulnerabilities and anti-patterns, (2) Identifying hardcoded secrets, SQL injection, command injection, and insecure APIs, (3) Generating security reports with severity classifications for CI/CD pipelines, (4) Providing remediation guidance with security framework references, (5) Enforcing Python security best practices in development workflows.
AgentSecOps/SecOpsAgentKit 84
-
sast-semgrep
Static application security testing (SAST) using Semgrep for vulnerability detection, security code review, and secure coding guidance with OWASP and CWE framework mapping. Use when: (1) Scanning code for security vulnerabilities across multiple languages, (2) Performing security code reviews with pattern-based detection, (3) Integrating SAST checks into CI/CD pipelines, (4) Providing remediation guidance with OWASP Top 10 and CWE mappings, (5) Creating custom security rules for organization-specific patterns, (6) Analyzing dependencies for known vulnerabilities.
AgentSecOps/SecOpsAgentKit 84
-
sca-blackduck
Software Composition Analysis (SCA) using Synopsys Black Duck for identifying open source vulnerabilities, license compliance risks, and supply chain security threats with CVE, CWE, and OWASP framework mapping. Use when: (1) Scanning dependencies for known vulnerabilities and security risks, (2) Analyzing open source license compliance and legal risks, (3) Identifying outdated or unmaintained dependencies, (4) Integrating SCA into CI/CD pipelines for continuous dependency monitoring, (5) Providing remediation guidance for vulnerable dependencies with CVE and CWE mappings, (6) Assessing supply chain security risks and third-party component threats.
AgentSecOps/SecOpsAgentKit 84
-
policy-opa
Policy-as-code enforcement and compliance validation using Open Policy Agent (OPA). Use when: (1) Enforcing security and compliance policies across infrastructure and applications, (2) Validating Kubernetes admission control policies, (3) Implementing policy-as-code for compliance frameworks (SOC2, PCI-DSS, GDPR, HIPAA), (4) Testing and evaluating OPA Rego policies, (5) Integrating policy checks into CI/CD pipelines, (6) Auditing configuration drift against organizational security standards, (7) Implementing least-privilege access controls.
AgentSecOps/SecOpsAgentKit 84
-
container-grype
Container vulnerability scanning and dependency risk assessment using Grype with CVSS severity ratings, EPSS exploit probability, and CISA KEV indicators. Use when: (1) Scanning container images and filesystems for known vulnerabilities, (2) Integrating vulnerability scanning into CI/CD pipelines with severity thresholds, (3) Analyzing SBOMs (Syft, SPDX, CycloneDX) for security risks, (4) Prioritizing remediation based on threat metrics (CVSS, EPSS, KEV), (5) Generating vulnerability reports in multiple formats (JSON, SARIF, CycloneDX) for security toolchain integration.
AgentSecOps/SecOpsAgentKit 84
-
container-hadolint
Dockerfile security linting and best practice validation using Hadolint with 100+ built-in rules aligned to CIS Docker Benchmark. Use when: (1) Analyzing Dockerfiles for security misconfigurations and anti-patterns, (2) Enforcing container image security best practices in CI/CD pipelines, (3) Detecting hardcoded secrets and credentials in container builds, (4) Validating compliance with CIS Docker Benchmark requirements, (5) Integrating shift-left container security into developer workflows, (6) Providing remediation guidance for insecure Dockerfile instructions.
AgentSecOps/SecOpsAgentKit 84
-
iac-checkov
Infrastructure as Code (IaC) security scanning using Checkov with 750+ built-in policies for Terraform, CloudFormation, Kubernetes, Dockerfile, and ARM templates. Use when: (1) Scanning IaC files for security misconfigurations and compliance violations, (2) Validating cloud infrastructure against CIS, PCI-DSS, HIPAA, and SOC2 benchmarks, (3) Detecting secrets and hardcoded credentials in IaC, (4) Implementing policy-as-code in CI/CD pipelines, (5) Generating compliance reports with remediation guidance for cloud security posture management.
AgentSecOps/SecOpsAgentKit 84
-
sca-trivy
Software Composition Analysis (SCA) and container vulnerability scanning using Aqua Trivy for identifying CVE vulnerabilities in dependencies, container images, IaC misconfigurations, and license compliance risks. Use when: (1) Scanning container images and filesystems for vulnerabilities and misconfigurations, (2) Analyzing dependencies for known CVEs across multiple languages (Go, Python, Node.js, Java, etc.), (3) Detecting IaC security issues in Terraform, Kubernetes, Dockerfile, (4) Integrating vulnerability scanning into CI/CD pipelines with SARIF output, (5) Generating Software Bill of Materials (SBOM) in CycloneDX or SPDX format, (6) Prioritizing remediation by CVSS score and exploitability.
AgentSecOps/SecOpsAgentKit 84
-
secrets-gitleaks
Hardcoded secret detection and prevention in git repositories and codebases using Gitleaks. Identifies passwords, API keys, tokens, and credentials through regex-based pattern matching and entropy analysis. Use when: (1) Scanning repositories for exposed secrets and credentials, (2) Implementing pre-commit hooks to prevent secret leakage, (3) Integrating secret detection into CI/CD pipelines, (4) Auditing codebases for compliance violations (PCI-DSS, SOC2, GDPR), (5) Establishing baseline secret detection and tracking new exposures, (6) Remediating historical secret exposures in git history.
AgentSecOps/SecOpsAgentKit 84
-
detection-sigma
Generic detection rule creation and management using Sigma, the universal SIEM rule format. Sigma provides vendor-agnostic detection logic for log analysis across multiple SIEM platforms. Use when: (1) Creating detection rules for security monitoring, (2) Converting rules between SIEM platforms (Splunk, Elastic, QRadar, Sentinel), (3) Threat hunting with standardized detection patterns, (4) Building detection-as-code pipelines, (5) Mapping detections to MITRE ATT&CK tactics, (6) Implementing compliance-based monitoring rules.
AgentSecOps/SecOpsAgentKit 84