MCP App StoreMCP App Store
from claude-skill-registry417
Detect unsafe OS command execution patterns (system/popen/exec) and trace user-controlled input to identify command injection risks.
This skill helps an analyst or automated code-review agent identify instances of OS command injection by locating calls to system-level execution APIs (e.g., system(), popen(), execve(), ShellExecute()) and tracing their inputs back to potential user-controlled sources. It guides triage by checking sanitization, argument separation, and exploitability, and produces a structured report with severity and mitigation guidance.
Use this skill during security code reviews, CI security scans, or manual investigations when you suspect command execution paths may accept untrusted input. It's useful for repositories with native bindings, CLI helpers, or any code invoking shell/OS commands.
Best suited for code-analysis and security-focused agents (e.g., Claude Code, static-analysis assistants, CI-integrated linters).
This skill has not been reviewed by our automated audit pipeline yet.
Uloop: Execute Dynamic Code
Run small C# snippets in the Unity Editor via the uloop CLI for editor automation tasks like prefab wiring, AddComponent flows, and scene edits—without writing
Bookmarklet Creation
Generates browser-executable JavaScript bookmarklets with strict formatting (IIFE wrapper, block comments) and provides ready-to-install links or installer inst
Overnight — Autonomous Long-Running Coding
Orchestrates long-running coding goals: decomposes objectives into atomic tasks, dispatches isolated worktree workers, verifies acceptance criteria, and merges
Bexio API (Swiss CRM & Invoicing)
Integrate and manage Bexio contacts, quotes, invoices, orders and products via the Bexio API. Useful for CRM and Swiss business document workflows.
Content Research Writer
A writing-partner skill that helps research, outline, draft, cite, and iteratively improve articles, tutorials, and thought pieces.
Agent Hierarchy Diagram
Generate visual hierarchy diagrams (ASCII, Mermaid, GraphML) that show agent roles, levels, and delegation for documentation and onboarding.
Review Pull Request
Automated, structured PR reviewer: gathers metadata, diffs, CI results, dependency changes and provides a concise verdict with testing and documentation recomme
Agent Ops — Testing Workflow
Guidance for designing, running, and analyzing test suites for agents: test isolation, execution patterns, and coverage-based enforcement.
libagent
Agent orchestration library for conversational AI — coordinates LLM completions, memory, tool execution, and multi-turn flows; useful for building chat agents a
Raindrop.io API
Manage Raindrop.io bookmarks, collections, tags and highlights via the Raindrop REST API with helper scripts and examples.
Reverse Engineer
Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for
Run Execute
Orchestrates execution of work items across modes (autopilot, confirm, validate) with scripted init/complete tooling, plan/test/report artifacts and strict gati
Sandbox0 Integration
Guidance and templates for integrating Sandbox0 sandboxing into AI agents — CLI/SDK patterns, templates, volumes, network policy, and deployment choices.
CTF Write-up Generator
Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.
Codex Collab
Bridge Claude and Codex to run tasks, perform code reviews, and run background jobs for research or implementation workflows.
Code Spec Backfill
Identify missing function-level contracts and backfill docstrings and type annotations; report ambiguous gaps with misuse scenarios. Incremental, state-driven w
Azure External Attack Surface Management
Provides expert guidance for Azure External Attack Surface Management (EASM): quotas, configuration, integrations, and exporting inventory to analytics platform
Node.js Best Practices
Guidelines and decision-making for Node.js architecture, runtime, async patterns, security, validation, and testing to inform framework and system choices.