Manual compliance checks are slow and error-prone. This skill provides ready-to-use Rego policies for SOC2, PCI-DSS, GDPR, and HIPAA compliance that can be enforced automatically in CI/CD pipelines and Kubernetes admission controllers.

Learn to conduct authorized penetration tests using Metasploit Framework. This skill provides structured workflows for exploit development, vulnerability validation, and red team operations with proper authorization and compliance guidance.

Security professionals need documented guidance on using netcat for authorized penetration testing, port scanning, file transfers, and reverse shell establishment. This skill provides comprehensive workflows and command references for offensive security operations with explicit authorization requirements.

Conduct forensic investigations and threat hunting across enterprise endpoints. Use VQL queries to collect process artifacts, network connections, registry data, and event logs for incident analysis and compromise detection.

Manual review of Terraform, Kubernetes, and CloudFormation files misses critical misconfigurations. This skill integrates Checkov to automatically scan IaC for 750+ security policies, detecting encryption gaps, overly permissive access, and compliance violations before deployment.

This skill provides SQL-powered forensic investigation using osquery to query operating systems as databases. Use it to collect forensic evidence, hunt for threats, and respond to incidents across Linux, macOS, and Windows endpoints.

Security teams need vendor-agnostic detection rules that work across multiple SIEM platforms. This skill provides templates, workflows, and references for creating, validating, and converting Sigma rules to Splunk, Elastic, Sentinel, QRadar, and other platforms.

Web applications and APIs often contain security vulnerabilities that manual testing misses. This skill automates comprehensive security scanning using OWASP ZAP, detecting issues like XSS, SQL injection, and authentication flaws. Generate detailed reports mapped to OWASP Top 10 and CWE for compliance.

Automated vulnerability scanning identifies security issues in web applications and APIs. Nuclei uses 7000+ community templates to detect CVEs, misconfigurations, and OWASP Top 10 vulnerabilities quickly and accurately.

Identify hidden directories, files, and parameters in web applications that could expose vulnerabilities. Use this skill to perform comprehensive reconnaissance during authorized security testing with the high-performance ffuf fuzzer.

An AI skill for Claude, Codex, and Claude Code

Container images often contain security misconfigurations that create deployment risks. This skill integrates Hadolint to automatically validate Dockerfiles against CIS Docker Benchmark requirements, detecting issues like unpinned packages, root user usage, and hardcoded secrets before images are built.

Container images often contain known security vulnerabilities in operating system packages and application dependencies. This skill provides guided workflows for scanning images with Grype, interpreting CVSS scores, prioritizing based on CISA KEV indicators, and integrating security gates into CI/CD pipelines.

APIs often expose security vulnerabilities through misconfigured specifications. Spectral validates OpenAPI and AsyncAPI definitions against OWASP API Security Top 10, catching authentication flaws, authorization issues, and data exposure risks before deployment.

API security testing requires intercepting and analyzing HTTPS traffic. This skill provides guidance on using mitmproxy to inspect, modify, and replay API traffic for security testing. Perfect for penetration testers and developers who need to identify vulnerabilities in API implementations.

Network security professionals need to capture and analyze packet data for incident response and forensic investigations. TShark provides command-line packet analysis capabilities for traffic inspection, credential extraction, malware detection, and protocol analysis without requiring a GUI interface.

An AI skill for Claude, Codex, and Claude Code

UI/UX design projects often lack consistent standards and clear processes, leading to fragmented user experiences and accessibility gaps. This skill provides comprehensive operational procedures and checklists to streamline design workflows, ensure consistency, and maintain accessibility compliance across all projects.

Development teams often struggle with inconsistent test coverage and fragmented testing practices. This skill provides standardized guidelines for test design, mocking strategies, and quality metrics to ensure comprehensive and maintainable test suites.

Multi-agent projects often face coordination chaos. This skill provides clear role definitions, checklists, and templates so leader, implementer, and reviewer agents can collaborate efficiently without confusion.