You need consistent SAST tool setup across your projects. This skill provides guidance for configuring Semgrep, SonarQube, and CodeQL with custom rules and CI integration.

This skill provides guidance on implementing PCI DSS requirements for secure payment processing. It covers encryption, tokenization, access controls, and audit logging to help achieve and maintain payment card industry compliance.

Secure service-to-service communication with mutual TLS authentication. This skill provides ready-to-use templates for Istio, Linkerd, SPIFFE, and cert-manager to implement zero-trust security in Kubernetes environments.

Kubernetes clusters need proper security policies to protect against unauthorized access and network attacks. This skill provides ready-to-use templates for NetworkPolicy, RBAC, and Pod Security Standards.

Write Bash scripts that fail safely and are easier to debug. This skill provides defensive patterns for errors, inputs, and cleanup.

You need clear guidance for secure authentication and authorization choices. This skill provides proven patterns and examples you can adapt quickly for JWT, OAuth2, and session management.

Threat paths are hard to map and explain. This skill provides structured attack tree templates and analysis guidance for clearer risk communication and defense planning.

AI agents often claim work is complete without actual verification. This skill enforces evidence-based completion claims by requiring verification command output before any success assertions. It prevents false completion reports and builds trust through proof.

Identify code issues in your changes. This skill systematically reviews branch changes for bugs, security vulnerabilities, and code quality problems using a structured approach.

Invalid data can bypass single validation checks through different code paths, refactoring, or mocks. Apply validation at every layer data passes through to make bugs structurally impossible.

Dependency vulnerabilities are a leading cause of security breaches in modern applications. This skill provides clear guidance for scanning npm packages, generating Software Bill of Materials documents, and implementing supply chain security practices.

Claude Code sandbox needs secure network configuration to prevent unauthorized access while allowing trusted domains. This skill provides step-by-step guidance for configuring firewall rules, trusted domains, and access policies.

Claude Code sandbox environments need proper security boundaries to prevent unauthorized access. This skill provides step-by-step guidance to configure file system isolation, network restrictions, and resource limits for secure code execution.

Security vulnerabilities often go undetected until it is too late. This skill performs automated security auditing across 5 vectors to identify SQL injection, XSS, path traversal, and other vulnerabilities before attackers do.

Codebases often contain placeholder code, mock data, and stub implementations that appear functional but are not production-ready. This skill systematically identifies all instances of theater and provides a workflow to replace them with production-quality code.

Claude Code sandbox configuration is complex and security trade-offs are unclear. This skill provides a specialist agent that analyzes your development needs and generates appropriate sandbox configurations with four security levels from maximum isolation to development mode.

Protect your AI coding environment from prompt injection attacks and data exfiltration. Configure trusted domain whitelists, proxy settings, and secure environment variable handling for safe development.

Prevent non-compliant content from being saved to project documentation. This guardrail enforces CC-DevFlow Constitution rules by detecting partial implementations and hardcoded secrets in real-time during file editing.

AI agents write code fast but can introduce bugs like null pointer errors, missing await statements, and security vulnerabilities. UBS provides pre-commit static analysis across 8 languages to catch these issues in seconds before they reach production.

AI agents can accidentally run destructive commands that cause irreversible damage. This skill integrates the Simultaneous Launch Button tool to implement a two-person rule, requiring peer approval before executing risky commands like rm, git push --force, or DROP TABLE.