Security
Security audits, vulnerabilities, compliance, auth, secrets, and safe automation
Browse security skills
Showing 1–24 of 3,621 skills
Full Crusader security-proxy integration for Claude Code. Hunt web/API vulnerabilities (IDOR/BOLA, auth, injection, SSRF/OOB, races) over Crusader's native MCP, confirm with oracles, and turn confirmed bugs into shareable self-proving crusader://poc/ links. Use when testing an app, reproducing a reported bug, or whenever the user mentions Crusader, a proxy hunt, or packaging a proof-of-concept.
Perform codebase analysis and architecture mapping as the first phase of a security assessment. Explores the tech stack, frameworks, entry points, data flows, and trust boundaries. Outputs sast/architecture.md. Run this before any vulnerability detection skill. Use when asked to analyze a codebase for security or when sast/architecture.md does not yet exist.
Detect and test for OWASP API3:2023 Broken Object Property Level Authorization
'Detects and analyzes Bluetooth Low Energy (BLE) security attacks including
Detect and investigate Azure service principal abuse including privilege
'Detecting exposed AWS credentials in source code repositories, CI/CD
'This skill covers detecting cyber attacks targeting Supervisory Control
'Detect cyber attacks targeting OT historian servers (OSIsoft PI, Ignition,
Detect and prevent API enumeration attacks including BOLA and IDOR exploitation
Deploy and configure Tailscale as a WireGuard-based zero trust mesh VPN
Deploy a Software-Defined Perimeter using the CSA v2.0 specification
'Deploys and configures osquery for real-time endpoint monitoring using
'Deploying Cloudflare Access with Cloudflare Tunnel to provide zero trust
'Deploys deception-based honeytokens in Active Directory including fake
'Executes containment strategies to stop active adversary operations
'Configuring Zscaler Private Access (ZPA) to replace traditional VPN
Writes security user stories and security-aware acceptance criteria that fit a Scrum backlog, converting threats, scan findings, and compliance requirements into INVEST-compliant stories with Given/When/Then criteria and regression tests. Use this (not general story writing) whenever the story or criteria concern a security control, vulnerability, or compliance requirement. Triggers on: "write a security story", "security acceptance criteria", "acceptance criteria for rate limiting/auth/valid...
Use when the user wants to check, understand, or harden the security of their Mac, or asks whether their laptop is secure and what to fix. Runs a full macOS security audit, explains each finding in plain language (what it is, why it matters, what changing it would affect), and applies only the fixes the user approves. Also produces SOC 2 / ISO 27001 / NIST / CIS evidence on request. Triggers on phrases like "is my Mac secure", "audit my laptop", "harden my Mac", "what security gaps do I have"...
This skill should be used when the user asks to \"pentest WordPress sites\", \"scan WordPress for vulnerabilities\", \"enumerate WordPress users, themes, or plugins\", \"exploit WordPress vu...
This skill should be used when the user asks to \"escalate privileges on Windows,\" \"find Windows privesc vectors,\" \"enumerate Windows for privilege escalation,\" \"exploit Windows miscon...
Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.
Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use for security architecture r...
This skill should be used when the user asks to \"pentest SSH services\", \"enumerate SSH configurations\", \"brute force SSH credentials\", \"exploit SSH vulnerabilities\", \"perform SSH tu...
This skill should be used when the user asks to \"test for SQL injection vulnerabilities\", \"perform SQLi attacks\", \"bypass authentication using SQL injection\", \"extract database inform...