MCP App StoreMCP App Store
from awesome-omni-skills50
Generate an evidence-backed, repository-specific threat model that enumerates trust boundaries, assets, attacker capabilities, abuse paths, and prioritized miti
This skill packages an upstream threat-model workflow so an operator can produce an AppSec-grade, repository-grounded threat model. It drives a focused analysis: scoping components and entrypoints, enumerating trust boundaries and assets, mapping realistic attacker capabilities, enumerating abuse paths, and producing prioritized mitigations tied to concrete files or locations in the repo. The output is a concise Markdown threat-model file that preserves provenance and references to the copied upstream artifacts.
Use this skill when you need a threat model that is specific to a codebase or path — for example, before a security review, PR, or release. Do NOT use it for general architecture summaries or generic security checklists. Use it when provenance matters and when the operator should preserve upstream workflow, support files, and evidence.
Inferred compatibility: codex-cli, claude-code, cursor, gemini-cli and other developer-oriented agent harnesses that can read repository files and run scripted prompts.
A repository-grounded threat modeling skill with no bundled scripts — purely instructional. The SKILL.md is well-structured with clear workflow steps, trigger conditions, and output contracts referencing prompt-template.md. No security concerns: no shell commands, credentials, or network calls. Lacks executable automation which limits practical out-of-box value.
Omni-skills curation wrapper around OpenAI's upstream security-threat-model skill. Provenance metadata (ORIGIN.md, metadata.json) is well-documented. Related skills section lists unrelated skills (ai-pricing, ai-sdr) which seems like filler.
Azure Identity SDK (TypeScript) v2
Authenticate to Azure services from TypeScript using DefaultAzureCredential, Managed Identity, service principals, and credential chains with provenance-preserv
Conductor Revert (Git-aware Revert Track)
Git-aware revert workflow for reverting tracks, phases, or tasks while preserving provenance and upstream workflow; includes safety checks and an execution plan
Context Restoration — Code Refactoring
Workflow and best practices for restoring and preserving project context during code refactoring, with provenance and selective file restoration.
HelpDesk Automation (Rube MCP)
Automate HelpDesk workflows via Rube MCP (Composio): list and paginate tickets, manage views, use canned responses, and inspect custom fields while preserving u
Azure Event Hubs (Rust) — Workflow
Run and review Azure Event Hubs workflows in Rust: send/receive events, batch sends, partitioned consumption and checkpointing with preserved provenance.
Azure.Messaging.EventGrid (.NET) v2
Workflow skill for Azure Event Grid (.NET): publish and consume EventGrid and CloudEvents, with examples for publishing, pull delivery, and Azure Functions trig
AgentPhone (Telephony)
Manage AgentPhone telephony workflows: create agents, buy/release numbers, make calls, send/receive SMS, configure webhooks, and inspect transcripts/usage.
Node.js Best Practices (v3)
Decision-focused Node.js guidance for framework choice, async patterns, security, testing, and architecture — teaches how to think about Node.js projects rather
Learning Opportunities
Adds short interactive learning exercises during AI-assisted coding to help developers understand design decisions and new code before merging.
PostgreSQL Table Design
Operational workflow for PostgreSQL schema design: data types, indexing, constraints, partitioning, RLS, and best-practice examples for safe migrations and scal
Reverse Engineer
Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for
Sandbox0 Integration
Guidance and templates for integrating Sandbox0 sandboxing into AI agents — CLI/SDK patterns, templates, volumes, network policy, and deployment choices.
OpenTestAI
Automated, high-confidence AI testing: bug detection, persona feedback, and prioritized test-case generation using many specialized tester profiles.
CTF Write-up Generator
Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.
Minimal Run & Audit (repro reporting)
Execute a README-first smoke test and produce standardized reproducibility outputs (`repro_outputs/`) and PATCHES.md — trusted reporting for repo reproduction r
Skill Issue — Skill Auditor
Scan and audit installed agent skills to produce a health report covering inventory, usage, dependency checks, version status, and actionable recommendations.
GRC & Compliance (ServiceNow)
Guides Governance, Risk & Compliance (GRC) work in ServiceNow: policies, controls, risk records, audits and ES5 script examples for automating GRC workflows.
Azure External Attack Surface Management
Provides expert guidance for Azure External Attack Surface Management (EASM): quotas, configuration, integrations, and exporting inventory to analytics platform