MCP App StoreMCP App Store
from skillsemgrep22
Run Semgrep-based security scans to detect vulnerabilities, secrets, and OWASP Top 10 issues, and produce a categorized report with remediation suggestions.
This skill runs Semgrep security scans against the current project to find known vulnerability patterns, secrets leaks, and common OWASP Top 10 issues. It outlines scanning workflows, recommended rule sets per language, and produces structured results suitable for triage and remediation.
Use when you need an automated code security check: before merges, during audits, or on-demand when a user asks for a vulnerability scan, secrets check, or OWASP-focused review. Useful in CI, local developer workflows, or interactive agent-driven audits.
Best for agents that can run shell commands and process JSON output (e.g., Claude Code / Codex / agents with shell access). The skill is language-agnostic and provides tailored rule recommendations for Python, JavaScript/TypeScript, and Go.
A Semgrep-based code security scanning skill that provides CLI commands for running various Semgrep rule sets (auto, OWASP, language-specific, secrets detection). Written mostly in Chinese. No bundled scripts — the skill is purely instructional, telling the agent which semgrep commands to run. Security posture is clean with no suspicious patterns, but quality and architecture are limited: it's essentially a list of semgrep CLI invocations with minimal structure, no scripts/, no references/, and no output contracts.
semgrepSimple instructional skill wrapping semgrep CLI. No executable scripts. Frontmatter has context:fork which is appropriate. Lacks output contracts, error handling guidance, and structured reporting format beyond markdown tables. The skill is functional but thin — mostly a semgrep cheat sheet rather than a fully operational skill.
Reverse Engineer
Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for
Sandbox0 Integration
Guidance and templates for integrating Sandbox0 sandboxing into AI agents — CLI/SDK patterns, templates, volumes, network policy, and deployment choices.
CTF Write-up Generator
Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.
Code Spec Backfill
Identify missing function-level contracts and backfill docstrings and type annotations; report ambiguous gaps with misuse scenarios. Incremental, state-driven w
Azure External Attack Surface Management
Provides expert guidance for Azure External Attack Surface Management (EASM): quotas, configuration, integrations, and exporting inventory to analytics platform
Node.js Best Practices
Guidelines and decision-making for Node.js architecture, runtime, async patterns, security, validation, and testing to inform framework and system choices.
radar — Smart Contract AST & Security Analysis
Multi-framework AST generator and static analysis tool for smart contracts (Rust/Anchor/Stylus and Solidity/Foundry) with a template DSL for writing detection r
Bash Pro
Defensive, production-grade Bash scripting patterns and CI/CD best practices: strict mode, safe argument parsing, testing with Bats, and tooling (ShellCheck/shf