Agent skills
Skills you can use with AI coding agents, indexed from public GitHub repositories.
-
julien-infra-hostinger-security
Security management for Hostinger VPS srv759970 - Fail2ban, WordPress security audits (25+ checks, 0-100% scoring), infrastructure audit. Use for security hardening, IP bans, or security assessments.
majiayu000/claude-skill-registry 163
-
sandbox-configuration
Central authority for Claude Code sandboxing and isolation. Covers sandboxed bash tool, /sandbox command, filesystem isolation (blocked access, custom paths), network isolation (domain restrictions, proxy support), OS-level enforcement (bubblewrap on Linux, Seatbelt on macOS), sandbox configuration options, escape hatches (dangerouslyDisableSandbox, allowUnsandboxedCommands), and sandbox security limitations. Assists with configuring sandbox settings, understanding isolation mechanisms, and troubleshooting sandbox issues. Delegates 100% to docs-management skill for official documentation.
majiayu000/claude-skill-registry 163
-
security-convex
Review Convex security audit patterns for authentication and authorization. Use for auditing query/mutation auth, row-level security, and validators. Use proactively when reviewing Convex apps (convex/ directory present).
Examples:
- user: "Audit these Convex mutations" → check for missing ctx.auth and input validators
- user: "Check for IDOR in Convex queries" → verify ownership checks on document access
- user: "Review Convex HTTP actions" → check for signature verification on webhooks
- user: "Secure these Convex queries" → implement custom functions for enforced auth
- user: "Check for data leaks in subscriptions" → verify filtered result sets
majiayu000/claude-skill-registry 163
-
vercel-security-basics
Execute apply Vercel security best practices for secrets and access control.
Use when securing API keys, implementing least privilege access,
or auditing Vercel security configuration.
Trigger with phrases like "vercel security", "vercel secrets",
"secure vercel", "vercel API key security".
majiayu000/claude-skill-registry 163
-
detect-hardcoded-secrets
Detect hardcoded secrets, API keys, passwords, and credentials in source code. Security audit for leaked secrets. Works across all languages. Use when user asks about security issues or secret detection.
majiayu000/claude-skill-registry 163
-
integrations
External API integrations with OAuth2, async HTTP, and proper error handling
majiayu000/claude-skill-registry 163
-
sip-authentication-security
Use when implementing SIP authentication, security mechanisms, and encryption. Use when securing SIP servers, clients, or proxies.
majiayu000/claude-skill-registry 163
-
account-security-validation
Validate account security and authentication protocols.
majiayu000/claude-skill-registry 163
-
spring-boot-security
Spring Security 7 implementation for Spring Boot 4. Use when configuring authentication, authorization, OAuth2/JWT resource servers, method security, or CORS/CSRF. Covers the mandatory Lambda DSL migration, SecurityFilterChain patterns, @PreAuthorize, and password encoding. For testing secured endpoints, see spring-boot-testing skill.
majiayu000/claude-skill-registry 163
-
owasp-mobile-security-checker
Analyze Flutter and mobile applications for OWASP Mobile Top 10 (2024) security compliance. Use this skill when performing security audits, vulnerability assessments, or compliance checks on mobile applications. Performs automated scans for hardcoded secrets, insecure storage, weak cryptography, network security issues, and provides detailed remediation guidance.
majiayu000/claude-skill-registry 163
-
account-security-validation
Validate account security and authentication protocols.
majiayu000/claude-skill-registry 163
-
sinatra-security
Security best practices for Sinatra applications including input validation, CSRF protection, and authentication patterns. Use when hardening applications or conducting security reviews.
majiayu000/claude-skill-registry 163
-
nextauth-patterns
NextAuth.js v5の設定とカスタマイズパターンを専門とするスキル。
OAuth 2.0プロバイダー統合、データベースアダプター、セッション戦略、コールバック実装、型安全なセッション管理を提供する。
Anchors:
• Web Application Security (Andrew Hoffman) / 適用: OAuth脅威モデリングとセッションセキュリティ / 目的: 安全な認証フロー設計
• NextAuth.js v5 Official Docs / 適用: プロバイダー設定とコールバック / 目的: 標準準拠の実装
Trigger:
Use when implementing NextAuth.js authentication, configuring OAuth providers (Google, GitHub),
integrating database adapters (Drizzle), designing session strategies (JWT or database-backed),
customizing authentication callbacks, or adding role-based data to sessions.
Keywords: nextauth, oauth, authentication, session, jwt, drizzle adapter, google oauth, github oauth
majiayu000/claude-skill-registry 163
-
auth-configs
Configure Supabase authentication providers (OAuth, JWT, email). Use when setting up authentication, configuring OAuth providers (Google/GitHub/Discord), implementing auth flows, configuring JWT settings, or when user mentions Supabase auth, social login, authentication setup, or auth configuration.
majiayu000/claude-skill-registry 163
-
gate-validation
Validate that quality, security, and release gates are correctly defined, implemented, and enforced with evidence.
majiayu000/claude-skill-registry 163
-
key-rotation-manager
Key Rotation Manager - Auto-activating skill for Security Advanced.
Triggers on: key rotation manager, key rotation manager
Part of the Security Advanced skill category.
majiayu000/claude-skill-registry 163
-
remediation-auth
Security fix patterns for authentication and authorization vulnerabilities (credentials, JWT, deserialization, access control). Provides language-specific secure implementations.
majiayu000/claude-skill-registry 163
-
jwt-config-generator
Generate JWT authentication configuration and utilities for API security. Triggers on "create jwt config", "generate jwt authentication", "jwt setup", "token auth config".
majiayu000/claude-skill-registry 163
-
marketplace-audit
Display plugin versions from marketplace.json. Use when user asks to "audit versions", "show plugin versions", "list marketplace versions", or wants to see the current state of plugin versioning.
majiayu000/claude-skill-registry 163
-
team-sync
majiayu000/claude-skill-registry 163
-
security-prompts-auth
Authentication and authorization prompt templates for RBAC implementation, permissions systems, ownership verification, and authorization testing. Use when setting up roles, implementing access control, or testing authorization logic. Triggers include "RBAC", "role-based access", "permissions", "ownership", "authorization", "access control", "user roles", "auth testing".
majiayu000/claude-skill-registry 163
-
claude-code-knowledge
Access official Claude Code documentation including comprehensive guides on hooks, MCP servers, agent skills, slash commands, settings, CLI reference, security, memory, plugins, and troubleshooting. Use when the user asks about Claude Code features, configuration, capabilities, or best practices. ALWAYS use this skill instead of guessing about Claude Code functionality - it contains the authoritative documentation from docs.anthropic.com with automatic updates. Also includes comprehensive skill creation guide with helper scripts when users want to create new skills.
majiayu000/claude-skill-registry 163
-
mobile-security
Reverses and exploits mobile applications. Use when working with Android APK files, iOS IPA files, mobile app reversing, Frida hooking, or app security analysis challenges.
majiayu000/claude-skill-registry 163
-
discover-cryptography
Automatically discover cryptography skills when working with encryption, TLS, certificates, PKI, and security
majiayu000/claude-skill-registry 163