Agent skills
Skills you can use with AI coding agents, indexed from public GitHub repositories.
-
IoT UART Console (picocom)
Use picocom to interact with IoT device UART consoles for pentesting operations including device enumeration, vulnerability discovery, bootloader manipulation, and gaining root shells. Use when the user needs to interact with embedded devices, IoT hardware, or serial consoles.
majiayu000/claude-skill-registry 163
-
security-engineering
Security auditing and vulnerability detection using OWASP patterns, CWE analysis, and threat modeling. Use when auditing code for security issues, reviewing authentication/authorization, evaluating input validation, analyzing cryptographic usage, reviewing dependency security, or when security-audit, vulnerability-scan, OWASP, threat-model, or --security are mentioned.
majiayu000/claude-skill-registry 163
-
secrets-management-gha
GitHub Actionsワークフローでの安全な秘密情報管理を実現する。
リポジトリ/環境/組織/Dependabotの4種類のシークレット使い分け、OIDCによるクラウド認証、ローテーション、監査を包括的に提供する。
Anchors:
• Web Application Security (Andrew Hoffman) / 適用: 脅威モデリング・セキュア設計 / 目的: シークレット管理戦略の基盤
• GitHub Actions Secrets API / 適用: シークレット設定・アクセス制御 / 目的: 各タイプの正確な使い分け
• OpenID Connect (OIDC) Specification / 適用: クラウドプロバイダー認証 / 目的: 長期認証情報の排除
Trigger:
Use when configuring GitHub Actions secrets, implementing cloud OIDC authentication, rotating secrets, or auditing secret access patterns.
GitHub secrets, OIDC, secret rotation, environment secrets, organization secrets, cloud authentication
majiayu000/claude-skill-registry 163
-
sinatra-security
Security best practices for Sinatra applications including input validation, CSRF protection, and authentication patterns. Use when hardening applications or conducting security reviews.
majiayu000/claude-skill-registry 163
-
oauth-client-setup
Oauth Client Setup - Auto-activating skill for API Integration.
Triggers on: oauth client setup, oauth client setup
Part of the API Integration skill category.
majiayu000/claude-skill-registry 163
-
pentest-metasploit
Penetration testing framework for exploit development, vulnerability validation, and authorized security assessments using Metasploit Framework. Use when: (1) Validating vulnerabilities in authorized security assessments, (2) Demonstrating exploit impact for security research, (3) Testing defensive controls in controlled environments, (4) Conducting authorized penetration tests with proper scoping and authorization, (5) Developing post-exploitation workflows for red team operations.
majiayu000/claude-skill-registry 163
-
Pentest Checklist
This skill should be used when the user asks to "plan a penetration test", "create a security assessment checklist", "prepare for penetration testing", "define pentest scope", "follow security testing best practices", or needs a structured methodology for penetration testing engagements.
majiayu000/claude-skill-registry 163
-
oauth-callback-handler
Oauth Callback Handler - Auto-activating skill for API Integration.
Triggers on: oauth callback handler, oauth callback handler
Part of the API Integration skill category.
majiayu000/claude-skill-registry 163
-
vuln-patterns-languages
Language-specific vulnerability detection patterns for JavaScript/TypeScript, Python, Go, Java, Ruby, and PHP. Provides regex patterns and grep commands for common security vulnerabilities.
majiayu000/claude-skill-registry 163
-
cookbook-audit
Audit an Anthropic Cookbook notebook based on a rubric. Use whenever a notebook review or audit is requested.
majiayu000/claude-skill-registry 163
-
graphql-security
Secure GraphQL APIs - authentication, authorization, rate limiting, and validation
majiayu000/claude-skill-registry 163
-
team-sync-coderhzy-vibecoding-project-m
majiayu000/claude-skill-registry 163
-
auth-implementation-patterns
Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.
majiayu000/claude-skill-registry 163
-
workers-security
Cloudflare Workers security with authentication, CORS, rate limiting, input validation. Use for securing APIs, JWT/API keys, or encountering auth failures, CORS errors, XSS/injection vulnerabilities.
majiayu000/claude-skill-registry 163
-
outline-cli
Allow droids to interact with Outline Wiki via the outlinectl CLI (auth, collections, docs) with automation-friendly JSON output.
majiayu000/claude-skill-registry 163
-
bandit-security-scan
Run Bandit security analysis to find common security issues and vulnerabilities in Python code. Use when the user mentions Bandit, security analysis, vulnerability scanning, security audit, software composition analysis (SCA), or wants to check for security issues in Python code.
majiayu000/claude-skill-registry 163
-
testing-web-applications
Test web applications for security vulnerabilities including SQLi, XSS, command injection, JWT attacks, SSRF, file uploads, XXE, and API flaws. Use when pentesting web apps, analyzing authentication, or exploiting OWASP Top 10 vulnerabilities.
majiayu000/claude-skill-registry 163
-
security-williaby-image-preprocessing-d-williaby-image-preprocessing-
majiayu000/claude-skill-registry 163
-
threat-model-creator
Threat Model Creator - Auto-activating skill for Security Advanced.
Triggers on: threat model creator, threat model creator
Part of the Security Advanced skill category.
majiayu000/claude-skill-registry 163
-
laravel-routing
Route configuration, route model binding, and authorization. Use when working with routes, route binding, URL patterns, or when user mentions routing, route model binding, conditional binding, route-level authorization.
majiayu000/claude-skill-registry 163
-
insecure-deserialization-checker
Insecure Deserialization Checker - Auto-activating skill for Security Fundamentals.
Triggers on: insecure deserialization checker, insecure deserialization checker
Part of the Security Fundamentals skill category.
majiayu000/claude-skill-registry 163
-
single-source-validator
ENFORCEMENT tool that detects when Skills automation is duplicated in agent definitions, lessons learned, or process docs. Prevents "single source of truth nightmare" by finding bash commands, step-by-step procedures, or process descriptions that replicate Skills. BLOCKING AUTHORITY - workflow cannot complete with violations.
majiayu000/claude-skill-registry 163
-
jwt-authentication
Implement secure JWT (JSON Web Token) authentication in Node.js applications with access/refresh tokens and role-based access control
majiayu000/claude-skill-registry 163
-
security/input-validation
Input Validation security skill
majiayu000/claude-skill-registry 163