Agent skills

Skills you can use with AI coding agents, indexed from public GitHub repositories.

Latest Most Popular

GitHub CLI Expert help with GitHub CLI (gh) for managing pull requests, issues, repositories, workflows, and releases. Use this when working with GitHub operations from the command line.
majiayu000/claude-skill-registry 163
vulnerability-validation Validate security findings from commit-security-scan by assessing exploitability, filtering false positives, and generating proof-of-concept exploits. Use after running commit-security-scan to confirm vulnerabilities.
majiayu000/claude-skill-registry 163
discovery.risk_assessment Identify potential quality, security, and delivery risks early in discovery to inform mitigation planning.
majiayu000/claude-skill-registry 163
WordPress Penetration Testing This skill should be used when the user asks to "pentest WordPress sites", "scan WordPress for vulnerabilities", "enumerate WordPress users, themes, or plugins", "exploit WordPress vulnerabilities", or "use WPScan". It provides comprehensive WordPress security assessment methodologies.
majiayu000/claude-skill-registry 163
security-express Express.js security audit patterns. Load when reviewing Express apps. Covers Helmet.js, CORS, body-parser limits, auth middleware, and common Express security mistakes.
majiayu000/claude-skill-registry 163
security-scan Run comprehensive security vulnerability scans when reviewing code. Automatically uses basic mode (fast, high/medium severity only) for first reviews, advanced mode (comprehensive, all severities) for iterations. Detects SQL injection, XSS, hardcoded secrets, insecure dependencies. Use before approving any code changes or pull requests.
majiayu000/claude-skill-registry 163
rate-limiter-config Rate Limiter Config - Auto-activating skill for Security Fundamentals. Triggers on: rate limiter config, rate limiter config Part of the Security Fundamentals skill category.
majiayu000/claude-skill-registry 163
firebase-auth Implements Firebase Authentication with email, OAuth, phone auth, and custom tokens. Use when building apps with Firebase, needing flexible auth methods, or integrating with Firebase ecosystem.
majiayu000/claude-skill-registry 163
git-workflow Git workflow guidance for commits, branches, and pull requests
majiayu000/claude-skill-registry 163
security-stride-methodology Activate when conducting security analysis using STRIDE threat modeling, vulnerability assessment, and security architecture evaluation
majiayu000/claude-skill-registry 163
security Security validation, vulnerability scanning, and compliance checking for development environments. Auto-activates on keywords security, vulnerability, audit, OWASP, encryption, GPG, SSH, signing, secrets, scan. Routes to specialized security workflows.
majiayu000/claude-skill-registry 163
authentication Authentication and authorization including JWT, OAuth2, sessions, and RBAC. Activate for login, auth flows, security, access control, and identity management.
majiayu000/claude-skill-registry 163
security-fastapi Review FastAPI security audit patterns for dependencies and middleware. Use for auditing auth dependencies, CORS configuration, and TrustedHost middleware. Use proactively when reviewing FastAPI apps. Examples: - user: "Audit FastAPI route security" → check for Depends() and Security() usage - user: "Check FastAPI CORS setup" → verify origins when allow_credentials=True - user: "Review FastAPI middleware" → check TrustedHost and HTTPSRedirect config - user: "Secure FastAPI API keys" → move from query params to header schemes - user: "Scan for FastAPI footguns" → check starlette integration and dependency order
majiayu000/claude-skill-registry 163
rust-security Rust security best practices and vulnerability prevention. Use when handling user input, authentication, cryptography, secrets management, network security, or conducting security reviews.
majiayu000/claude-skill-registry 163
auth-token-manager Получение валидных JWT Bearer токенов для аутентификации MikoPBX REST API v3. Использовать когда нужно тестировать API эндпоинты, отлаживать проблемы аутентификации или при возникновении ошибок 401 Unauthorized. Автоматически обрабатывает вход с username/password и возвращает готовый к использованию access token.
majiayu000/claude-skill-registry 163
chapter-authoring-agent Writes educational textbook chapters following pedagogical best practices.
majiayu000/claude-skill-registry 163
security-checklist Security best practices, OWASP guidelines, and vulnerability prevention checklist. (project)
majiayu000/claude-skill-registry 163
code-reviewer Use this when user requests code review, pull request analysis, or quality assessment. Provides systematic 6-category checklist: functionality, security (OWASP), code quality (SOLID), performance, testing, and maintainability. Apply for PR reviews, security audits, or teaching code quality principles
majiayu000/claude-skill-registry 163
docusaurus-auth Expert skill for implementing authentication in Docusaurus static sites. Handles FastAPI backend setup for authentication, JWT token management, and secure API communication. Includes setup for static site generation, client-side authentication, and user data protection. Use when adding authentication to Docusaurus static sites, implementing FastAPI backend for authentication services, or securing API routes with JWT tokens in static site context.
majiayu000/claude-skill-registry 163
code-reviewer-advanced Use when reviewing code for quality, design issues, implementation problems, security vulnerabilities, or architectural concerns. Apply when user asks to review code, check implementation, find issues, or audit code quality. Use proactively after implementation is complete. Also use to provide feedback to system-architect and principal-engineer on design and implementation decisions.
majiayu000/claude-skill-registry 163
goth-fundamentals This skill should be used when the user asks to "set up goth", "install goth", "oauth in go", "authentication in golang", "goth package", "goth basics", or mentions "github.com/markbates/goth". Provides foundational guidance for the Goth multi-provider authentication library.
majiayu000/claude-skill-registry 163
auth-security-validator Autonomous validation of authentication security. Checks password hashing, cookie configuration, CSRF protection, and session management for OWASP compliance.
majiayu000/claude-skill-registry 163
security-convex Convex security audit patterns. Load when reviewing Convex apps (convex/ directory present). Covers query/mutation auth, row-level security, public vs authenticated functions, validators, and Convex-specific issues.
majiayu000/claude-skill-registry 163
sandbox-configuration Central authority for Claude Code sandboxing and isolation. Covers sandboxed bash tool, /sandbox command, filesystem isolation (blocked access, custom paths), network isolation (domain restrictions, proxy support), OS-level enforcement (bubblewrap on Linux, Seatbelt on macOS), sandbox configuration options, escape hatches (dangerouslyDisableSandbox, allowUnsandboxedCommands), and sandbox security limitations. Assists with configuring sandbox settings, understanding isolation mechanisms, and troubleshooting sandbox issues. Delegates 100% to docs-management skill for official documentation.
majiayu000/claude-skill-registry 163