Agent skills
Skills you can use with AI coding agents, indexed from public GitHub repositories.
-
prediction-tracking
Track and evaluate AI predictions over time to assess accuracy. Use when reviewing past predictions to determine if they came true, failed, or remain uncertain.
majiayu000/claude-skill-registry 163
-
api-security
API security best practices and common vulnerability prevention. Enforces security checks for authentication, input validation, SQL injection, XSS, and OWASP Top 10 vulnerabilities. Use when building or modifying APIs.
majiayu000/claude-skill-registry 163
-
vulnerability-analysis
Identify vulnerability class, analyze root cause, and plan exploitation strategy.
majiayu000/claude-skill-registry 163
-
security-audit-logging
Implement comprehensive security audit logging for compliance, forensics, and SIEM integration. Use when building audit trails, compliance logging, or security monitoring systems.
majiayu000/claude-skill-registry 163
-
authentication-authorization-clerk
Implement secure authentication and authorization using Clerk. Use this skill when you need to authenticate users, protect routes, check permissions, implement subscription-based access control, or integrate Clerk with your application. Triggers include "authentication", "auth", "authorization", "Clerk", "protect route", "check user", "sign in", "session", "permissions", "subscription access".
majiayu000/claude-skill-registry 163
-
ios-security
iOSアプリのセキュリティレビュー。OWASP Mobile Top 10、App Transport Security、Keychain使用をチェック。Use when: セキュリティ、脆弱性、認証、Keychain、ATS を依頼された時。
majiayu000/claude-skill-registry 163
-
prefab-dev
Use this skill when developing Go applications with the Prefab server framework.
This includes creating servers, adding gRPC/HTTP handlers, configuring authentication
and authorization, setting up SSE streams, managing configuration, creating custom
plugins, and following Prefab error handling and security patterns.
majiayu000/claude-skill-registry 163
-
security-auditor
Performs comprehensive security audits of KrakenD configurations to identify vulnerabilities, authentication gaps, and security best practices violations with Flexible Configuration support
majiayu000/claude-skill-registry 163
-
cfn-agent-lifecycle
Unified agent management from selection through completion - spawning, execution, output processing. Use when selecting agents for tasks, spawning agents with dependency validation, processing agent outputs, or tracking agent lifecycle events with audit trails.
majiayu000/claude-skill-registry 163
-
security/terminal
Terminal Security security skill
majiayu000/claude-skill-registry 163
-
security-header-generator
Generates security HTTP headers (CSP, HSTS, CORS, etc.) for web applications to prevent common attacks. Use when user asks to "add security headers", "setup CSP", "configure CORS", "secure headers", or "HSTS setup".
majiayu000/claude-skill-registry 163
-
dependency-audit-assistant
Reviews package dependencies for security vulnerabilities, outdated versions, and license compliance. Use when user asks about dependencies, security audits, or before releases.
majiayu000/claude-skill-registry 163
-
Broken Authentication Testing
This skill should be used when the user asks to "test for broken authentication vulnerabilities", "assess session management security", "perform credential stuffing tests", "evaluate password policies", "test for session fixation", or "identify authentication bypass flaws". It provides comprehensive techniques for identifying authentication and session management weaknesses in web applications.
majiayu000/claude-skill-registry 163
-
secops-engineer
Senior Security Engineer with 12+ years application security experience. Use when implementing authentication/authorization, configuring JWT/OAuth2, conducting security reviews, implementing rate limiting, ensuring GDPR compliance, or performing security scanning.
majiayu000/claude-skill-registry 163
-
moai-domain-security
OWASP Top 10, SAST/DAST, dependency security, and secrets management.
majiayu000/claude-skill-registry 163
-
audit-security
Quick security audit checking for hardcoded secrets, SSRF vectors, injection points, dependency issues, and missing security headers
majiayu000/claude-skill-registry 163
-
Reviewing Authentication and Authorization Security
Use when reviewing authentication or authorization code. Provides comprehensive security guidance on JWT validation, token exchange, OAuth 2.0/2.1 compliance, PKCE, Resource Indicators, MCP authorization, session management, and API authentication. Covers critical vulnerabilities including token forwarding, audience validation, algorithm confusion, confused deputy attacks, and authentication bypass. Invoke when analyzing any authentication, authorization, or access control code changes.
majiayu000/claude-skill-registry 163
-
axiom-audit
Audit Axiom logs to identify and prioritize errors and warnings, research probable causes, and flag log smells. Use when user asks to check Axiom logs, analyze production errors, investigate log issues, or audit logging patterns.
majiayu000/claude-skill-registry 163
-
security-design
Design security controls and threat mitigations. Use for features involving auth, data, or external exposure.
majiayu000/claude-skill-registry 163
-
break-filter-js-from-html
Guidance for bypassing HTML/JavaScript sanitization filters in security testing contexts. This skill should be used when tasked with finding XSS filter bypasses, testing HTML sanitizers, or exploiting parser differentials between server-side filters and browsers. Applies to CTF challenges, authorized penetration testing, and security research involving HTML injection and JavaScript execution through sanitization bypasses.
majiayu000/claude-skill-registry 163
-
cookie-security-analyzer
Cookie Security Analyzer - Auto-activating skill for Security Fundamentals.
Triggers on: cookie security analyzer, cookie security analyzer
Part of the Security Fundamentals skill category.
majiayu000/claude-skill-registry 163
-
rn-security-audit
Security audit skill for React Native applications. Use when reviewing code for vulnerabilities, detecting leaked secrets (API keys, tokens, credentials), identifying exposed personal data (PII), checking insecure storage, validating authentication flows, reviewing network security, and ensuring compliance with mobile security best practices (OWASP MASVS). Covers both JavaScript/TypeScript and native iOS/Android code.
majiayu000/claude-skill-registry 163
-
security-design
Design security controls and threat mitigations. Use for features involving auth, data, or external exposure.
majiayu000/claude-skill-registry 163
-
slack-auth-security
OAuth flows, token management, and security best practices for Slack apps. Use when implementing app distribution, multi-workspace installations, token storage and rotation, managing scopes and permissions, or securing production Slack applications.
majiayu000/claude-skill-registry 163