MCP App StoreMCP App Store
from devops-security-agent-skills18
Guidance and templates to implement FedRAMP/NIST 800-53 controls, continuous monitoring, and authorization artifacts for cloud services pursuing federal complia
Provides a detailed, prescriptive playbook for implementing FedRAMP and NIST 800-53 controls for cloud service offerings. The skill covers impact-level guidance (Low/Moderate/High), control family summaries, System Security Plan (SSP) structure, POA&M templates, continuous monitoring procedures, and operational checklists that map technical controls to cloud tooling (audit logs, vulnerability scanning, configuration management). It also includes example YAML snippets and runnable audit/check templates in the repository.
Use this skill when preparing a cloud service for FedRAMP authorization, establishing continuous monitoring (ConMon), building an SSP, preparing evidence for a 3PAO assessment, or tracking remediation through a POA&M. It is appropriate for security engineers, compliance owners, and platform teams responsible for federal workloads.
Best used by agents supporting DevOps/security workflows (Copilot/Code-style agents, CLI-capable agents) and human operators familiar with cloud IAM, logging, and compliance evidence collection.
FedRAMP compliance guidance skill providing detailed NIST 800-53 control family references, SSP outline, POA&M templates, and continuous monitoring procedures. No scripts included — purely reference/knowledge content. Well-structured YAML documentation with practical checklists and implementation notes, but lacks actionable automation or tooling. Niche audience limited to US federal cloud service providers pursuing FedRAMP authorization.
Reference-only skill with no scripts. Clean from a security perspective — no shell injection risks, no credentials, no destructive commands, no network calls. Architecture is basic: monolithic SKILL.md with no scripts/ or references/ directories. Content is comprehensive and well-organized but the skill only provides guidance rather than automation. Usefulness is limited by niche audience (US federal cloud compliance).
TradeOS
Natural-language driven CEX trading and portfolio management for agents: API key vaulting, multi-exchange orders, DCA, arbitrage scanning, alerts and security r
Spring Boot Migration
Guided, phased migration for existing Spring Boot apps to Boot 4 / Java 25 (including Modulith 2 and Testcontainers 2), with scanners and reference guides.
Java 25 & Spring Boot 4 Code Reviewer
Run focused, evidence-based code reviews for Java 25 and Spring Boot 4 projects — migration risks, architecture boundaries, null-safety (JSpecify), security, an
ArcKit — French Public Procurement (fr-marche-public)
Generates French public procurement (Dossier de Consultation des Entreprises) drafts aligned with the Code de la Commande Publique, UGAP frameworks, and DINUM d
ArcKit Architecture Conformance
Run a systematic architecture conformance assessment that compares ADRs and principles against HLD/DLD artifacts to surface drift, violations, and technical deb
Speak Security Basics
Security best practices for integrating Speak: API key management, audio data privacy, student data protection, and COPPA/FERPA compliance for production deploy
RemoFirst — Core Workflow A
Onboarding workflow for RemoFirst: create employee records, upload compliance documents, and track country-specific onboarding status.
Replit — Advanced Troubleshooting
Step-by-step diagnostics and debugging techniques for deep Replit issues: Nix build failures, container crash loops, memory leaks, and platform vs app isolation
