Security Auditor

Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.

vulnerability-scanner

Installable GitHub library of 1,400+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.

Security Audit

Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.

vulnerability-scanner

Installable GitHub library of 1,400+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.

security-reviewer

Use when conducting security audits, reviewing code for vulnerabilities, or analyzing infrastructure security. Invoke for SAST scans, penetration testing, DevSecOps practices, cloud security reviews.

vulnerability-scanner

Installable GitHub library of 1,400+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.

Security Skill Scanner

Scans OpenClaw skills for security vulnerabilities and suspicious patterns before installation

vulnerability-scanner

Installable GitHub library of 1,400+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.

Test Specialist

This skill should be used when writing test cases, fixing bugs, analyzing code for potential issues, or improving test coverage for JavaScript/TypeScript applications. Use this for unit tests, integration tests, end-to-end tests, debugging runtime errors, logic bugs, performance issues, security vulnerabilities, and systematic code analysis.

building-vulnerability-aging-and-sla-tracking

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platforms · 26 security domains · Apache 2.0

Secure Code Guardian

Use when implementing authentication/authorization, securing user input, or preventing OWASP Top 10 vulnerabilities. Invoke for authentication, authorization, input validation, encryption, OWASP Top 10 prevention.

building-vulnerability-scanning-workflow

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platforms · 26 security domains · Apache 2.0

Security Hardener

Audit and harden OpenClaw configuration for security. Scans openclaw.json for vulnerabilities, exposed credentials, insecure gateway settings, overly permiss...

building-vulnerability-dashboard-with-defectdojo

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platforms · 26 security domains · Apache 2.0

Go Security Vulnerability

Identify, assess, and fix security vulnerabilities in Go modules using govulncheck. Handle common vulnerabilities like JWT issues and ensure application stability during fixes.

exploiting-ms17-010-eternalblue-vulnerability

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platforms · 26 security domains · Apache 2.0

AgentAudit

Automatic security gate that checks packages against a vulnerability database before installation. Use before any npm install, pip install, yarn add, or pack...

implementing-cloud-vulnerability-posture-management

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platforms · 26 security domains · Apache 2.0

Openclaw Security Guard

Security audit CLI + live dashboard for OpenClaw. Scans for secrets, config issues, prompt injections, vulnerable dependencies, and unverified MCP servers. Zero telemetry.

implementing-epss-score-for-vulnerability-prioritization

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platforms · 26 security domains · Apache 2.0

Agent Skills Tools

Security audit and validation tools for the Agent Skills ecosystem. Scan skill packages for common vulnerabilities like credential leaks, unauthorized file access, and Git history secrets. Use when you need to audit skills for security before installation, validate skill packages against Agent Skills standards, or ensure your skills follow best practices.

BYOCB ArbInjectionSkill

BYOCB ArbInjectionSkill: Scan EVM smart contracts for arbitrary call injection vulnerabilities. Monitor chains in real-time or scan specific addresses.

Hefestoai Auditor

Static code analysis tool. Detects security vulnerabilities, code smells, and complexity issues across 17 languages. All analysis runs locally — no code leav...

Tech Security Audit

Performs local network scans using Nmap to detect vulnerabilities, identify service versions, and fingerprint operating systems.

OSV Scanner

Scans Node.js/NPM and Linux packages for known vulnerabilities using the Google OSV API by analyzing dependencies and reporting related CVEs.

dep-audit

Audit project dependencies for known vulnerabilities (CVEs). Supports npm, pip, Cargo, and Go. Zero API keys required. Safe-by-default: report-only mode, fix...

Cybersecurity Risk Assessment

Conduct cybersecurity risk assessments by identifying assets, modeling threats, scoring vulnerabilities, mapping compliance, and creating incident response a...

Node.js Security Audit

Audit Node.js HTTP servers and web apps for security vulnerabilities. Checks OWASP Top 10, CORS, auth bypass, XSS, path traversal, hardcoded secrets, missing...

Web Vulnerability Assessment

Generate comprehensive web application vulnerability assessments with OWASP-aligned checklists, remediation guides, and testing scripts. Use when assessing w...

web-recon

Website vulnerability scanner and security audit toolkit. Scan any website for security issues: open ports (nmap), exposed secrets, subdomain enumeration, di...

Bug Audit

Comprehensive bug audit for Node.js web projects. Activate when user asks to audit, review, check bugs, find vulnerabilities, or do security/quality review o...

Cyber Kev Triage

Prioritize vulnerability remediation using KEV-style exploitation context plus asset criticality. Use for CVE triage, patch order decisions, and remediation...

isnad-scan

Scan AI agent skills for security vulnerabilities — detects code injection, prompt injection, credential exfiltration, supply chain attacks, and 69+ threat p...

Ctf Pwn

Provides binary exploitation (pwn) techniques for CTF challenges. Use when exploiting buffer overflows, format strings, heap vulnerabilities (House of Orange...

OpenClaw Vulnerability Checker

OpenClaw 安全漏洞检查与配置审计工具。用于检测当前 OpenClaw 版本存在的已知安全漏洞、公网访问安全风险，对比当前版本与最新版本的差异，获取漏洞详情、风险评估、配置审计和升级建议。使用场景：(1) 用户询问"检查一下我的 OpenClaw 版本有什么安全漏洞"，(2) 用户说"检查 OpenClaw...

Security Audit Tianjin

Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.

Pentest Workbench

Comprehensive offensive security workflow for bug bounty, vulnerability assessment, penetration testing, and exploitation. Use when performing security testi...

ai-prompt-engineering-safety-review

Comprehensive AI prompt engineering safety review and improvement prompt. Analyzes prompts for safety, bias, security vulnerabilities, and effectiveness whil...

Bug Reaper

Web2 bug bounty hunting agent — evidence-based vulnerability finder and report writer. Use when: auditing web apps/APIs for HackerOne, Bugcrowd, Intigriti, Y...

skill-security-auditor

Security audit and vulnerability scanner for AI agent skills before installation. Use when: (1) evaluating a skill from an untrusted source, (2) auditing a s...

Golang Dependency Management

Dependency management strategies for Golang projects — go.mod management, installing/upgrading packages, Minimal Version Selection, vulnerability scanning, o...

Snyk Skill Scanner

Scan installed agent components (MCP servers, skills, agent tools) for security vulnerabilities using snyk-agent-scan. Use only when running uvx snyk-agent-s...

Sphinx — Adopt a Sphinx. Cat. 斯芬克斯猫。Gato Esfinge.

Adopt a virtual Sphinx cat at animalhouse.ai. Vulnerable without fur. Needs warmth. Bonds deeply. Feeding every 4 hours. Uncommon tier cat.

Neckr0ik Security Scanner

Security audit tool for OpenClaw skills. Scans skill directories for common vulnerabilities including hardcoded secrets, unsafe shell commands, prompt inject...

Code Quality Guardian

代码质量检测器 - 检测代码异味、复杂度、安全漏洞、风格规范等 | Code Quality Guardian - Detect code smells, complexity, security vulnerabilities and style issues

Dep Vuln Scanner

Scan project dependencies for known security vulnerabilities using the OSV.dev API. Supports npm (package.json), Python/pip (requirements.txt), and Go (go.mo...

penetration-tester

Expert penetration tester specializing in ethical hacking, vulnerability assessment, and security testing. Masters offensive security techniques, exploit dev...

AgentWyre

Get AI ecosystem intelligence from AgentWyre. Use when you need to check for breaking changes, security vulnerabilities, new model releases, or pricing updat...