Agent skills

Skills you can use with AI coding agents, indexed from public GitHub repositories.

Latest Most Popular

security-symfony Sicherheit & DSGVO - Atoll Tourisme. Use when reviewing security, implementing auth, or hardening code.
majiayu000/claude-skill-registry 163
.claude/skills/file-watcher-security/SKILL.md ファイル監視システムのセキュリティ対策とプロダクション環境での安全な運用パターン。最小権限の原則、Defense in Depth、Fail-Safe Defaultsに基づく多層防御設計を提供。専門分野: 📖 参照書籍: - 『Web Application Security』（Andrew Hoffman）: 脅威モデリング 📚 リソース参照: - `resources/Level1_basics.md`: レベル1の基礎ガイド - `resources/Level2_intermediate.md`: レベル2の実務ガイド - `resources/Level3_advanced.md`: レベル3の応用ガイド - `resources/Level4_expert.md`: レベル4の専門ガイド - `resources/legacy-skill.md`: 旧SKILL.mdの全文 - `resources/threat-model.md`: threat-model の詳細ガイド - `scripts/log_usage.mjs`: 使用記録・自動評価スクリプト - `scripts/security-audit.sh`: セキュリティを監査するスクリプト - `scripts/validate-skill.mjs`: スキル構造検証スクリプト - `templates/secure-watcher.ts`: secure-watcher のテンプレート - `resources/requirements-index.md`: 要求仕様の索引（docs/00-requirements と同期） Use proactively when handling file watcher security tasks.
majiayu000/claude-skill-registry 163
moai-alfred-code-reviewer Enterprise systematic code review orchestrator with TRUST 5 principles, multi-language support, Context7 integration, AI-powered quality checks, SOLID principle validation, security vulnerability detection, and maintainability analysis across 25+ programming languages; activates for code reviews, quality standard validation, TRUST 5 enforcement, architectural audits, and automated review automation
majiayu000/claude-skill-registry 163
testing-apis Test REST and GraphQL APIs for authentication bypasses, authorization flaws, IDOR, mass assignment, injection attacks, and rate limiting issues. Use when pentesting APIs or testing microservices security.
majiayu000/claude-skill-registry 163
Dependency Health Security-first dependency management methodology with batch remediation, policy-driven compliance, and automated enforcement. Use when security vulnerabilities exist in dependencies, dependency freshness low (outdated packages), license compliance needed, or systematic dependency management lacking. Provides security-first prioritization (critical vulnerabilities immediately, high within week, medium within month), batch remediation strategy (group compatible updates, test together, single PR), policy-driven compliance framework (security policies, freshness policies, license policies), and automation tools for vulnerability scanning, update detection, and compliance checking. Validated in meta-cc with 6x speedup (9 hours manual to 1.5 hours systematic), 3 iterations, 88% transferability across package managers (concepts universal, tools vary by ecosystem).
majiayu000/claude-skill-registry 163
greg-isenberg Talk to Greg Isenberg about their expertise. Greg Isenberg provides authentic advice using their mental models, core beliefs, and real-world examples.
majiayu000/claude-skill-registry 163
generate-report-header Create standardized report headers with metadata for all agent-generated reports. Use when generating bug reports, security audits, dependency reports, or any worker output requiring consistent formatting.
majiayu000/claude-skill-registry 163
csp-header-generator Generate Content Security Policy (CSP) header configurations for web security. Triggers on "create csp header", "generate content security policy", "csp config", "security headers".
majiayu000/claude-skill-registry 163
security-express Review Express.js security audit patterns for middleware and routes. Use for auditing Helmet.js, CORS, body-parser limits, and auth middleware. Use proactively when reviewing Express.js apps. Examples: - user: "Secure my Express app" → add Helmet.js and disable x-powered-by - user: "Check Express CORS config" → verify origin allowlists and credentials - user: "Review Express auth middleware" → check route order and coverage - user: "Scan for Express path traversal" → verify path normalization and validation - user: "Audit Express session config" → check secure, httpOnly, and sameSite flags
majiayu000/claude-skill-registry 163
content-security-policy-generator Content Security Policy Generator - Auto-activating skill for Security Fundamentals. Triggers on: content security policy generator, content security policy generator Part of the Security Fundamentals skill category.
majiayu000/claude-skill-registry 163
Vulnerability Detection Systematic approach to identifying security vulnerabilities in code, dependencies, and infrastructure
majiayu000/claude-skill-registry 163
vulnerability-assessor Assess identified vulnerabilities for exploitability, impact, and risk. Provide CVSS scoring and remediation strategies. Use when analyzing security findings.
majiayu000/claude-skill-registry 163
ffp-code-review Review code changes for FFP project standards including multi-tenant security, British English, architecture patterns, and SOLID principles. Use when reviewing PRs, checking branch changes, or auditing code quality.
majiayu000/claude-skill-registry 163
qa-scenario-authoring Create well-formed quality attribute scenarios with measurable response criteria
majiayu000/claude-skill-registry 163
security-audit-checklist Provides exhaustive security vulnerability checklists with severity classifications, point deductions, and detection commands. Use when performing security audits, code reviews, penetration testing preparation, or checking OWASP compliance.
majiayu000/claude-skill-registry 163
analysis-tshark Network protocol analyzer and packet capture tool for traffic analysis, security investigations, and forensic examination using Wireshark's command-line interface. Use when: (1) Analyzing network traffic for security incidents and malware detection, (2) Capturing and filtering packets for forensic analysis, (3) Extracting credentials and sensitive data from network captures, (4) Investigating network anomalies and attack patterns, (5) Validating encryption and security controls, (6) Performing protocol analysis for vulnerability research.
majiayu000/claude-skill-registry 163
ui-design-a11y 无障碍设计审查与修复能力。
majiayu000/claude-skill-registry 163
security-guardian Expert en sécurité applicative pour détecter les vulnérabilités, auditer le code, et guider les bonnes pratiques de sécurité. OWASP Top 10, authentification, autorisation, cryptographie, gestion de secrets. Utiliser pour audits sécurité, reviews de code sensible, conception de features sécurisées, ou résolution de failles.
majiayu000/claude-skill-registry 163
mcp-security Multi-agent and MCP pipeline security with 5-layer defense architecture. Use when building MCP servers, multi-agent systems, or any pipeline that handles user input to prevent prompt injection and ensure proper authorization.
majiayu000/claude-skill-registry 163
terraform-audit Audits Terraform code for anti-patterns, security issues, and best practice violations. Use when asked to audit, review, or check terraform code quality. Generates a comprehensive report under reports/YYYY-MM-DD/terraform-audit.md. (project)
majiayu000/claude-skill-registry 163
shopify-api Complete API integration guide for Shopify including GraphQL Admin API, REST Admin API, Storefront API, Ajax API, OAuth authentication, rate limiting, and webhooks. Use when making API calls to Shopify, authenticating apps, fetching product/order/customer data programmatically, implementing cart operations, handling webhooks, or working with API version 2025-10. Requires fetch or axios for JavaScript implementations.
majiayu000/claude-skill-registry 163
axiom-audit Audit Axiom logs to identify and prioritize errors and warnings, research probable causes, and flag log smells. Use when user asks to check Axiom logs, analyze production errors, investigate log issues, or audit logging patterns.
majiayu000/claude-skill-registry 163
dialogue-refiner Analyzes and refines dialogue for authentic character voices, natural flow, subtext, and emotional impact. Use this to elevate conversations from functional to compelling.
majiayu000/claude-skill-registry 163
authentication-patterns Authentication patterns for external services: API keys, OAuth, token management, verification. Triggers: authentication, API keys, OAuth, token management, credentials Use when: integrating external services or implementing authentication flows
majiayu000/claude-skill-registry 163