MCP App StoreMCP App Store
from OStack SaaS105
Comprehensive security audit agent that performs OWASP Top 10 analysis, STRIDE threat modeling, and attack surface mapping.
This skill transforms the agent into a high-seniority Chief Security Officer. It conducts a read-only security audit of a codebase, identifying vulnerabilities without modifying code. It focuses on finding actual 'unlocked doors' rather than performing security theater.
Invoke this skill for full codebase security audits, specific reviews of branch changes (--diff), or focused audits on domains like authentication or supply-chain risk. It is specifically designed to identify OWASP Top 10 vulnerabilities and perform STRIDE threat modeling.
Specifically optimized for Claude Code and the ostack environment.
This skill has not been reviewed by our automated audit pipeline yet.
Post-Deploy Canary Monitor
Automated production monitoring that uses visual snapshots and performance metrics to detect regressions immediately after deployment.
Benchmark (Performance Regression Detection)
Automated performance benchmarking and regression detection: captures baselines, measures Core Web Vitals, and compares metrics across PRs to flag regressions.
/setup-deploy — Deployment Configuration
Detect and configure deployment platform and health checks for a project (Fly, Render, Vercel, Netlify, Heroku, custom) and persist settings to CLAUDE.md for au
Code Audit
Perform professional code security audits across 9 languages with configurable quick/standard/deep modes and Docker-backed verification.
Input Validation Checker
Automated guidance and code patterns for implementing robust input validation and secure-coding practices (OWASP-aligned).
Performing Threat Modeling with OWASP Threat Dragon
Use OWASP Threat Dragon to create data-flow diagrams, apply STRIDE/LINDDUN threat classifications, and generate threat-model reports to guide secure design revi
STRIDE Analysis Patterns
Apply the STRIDE threat-modeling methodology to systematically identify and document security threats during design, reviews, or audits.
Security Headers Generator
Auto-activating skill that generates and validates security HTTP headers and provides guidance for implementing secure header configurations.
Command Injection Methodology
Comprehensive methodology for detecting, exploiting, and bypassing OS command injection, including blind extraction and output-filtering workarounds.
ksubdomain Subdomain Brute
High-speed, stateless subdomain brute-force and verification using ksubdomain; optimized for large-scale discovery and validation where raw-socket performance a
Semgrep Code Security Scanner
Run Semgrep-based security scans to detect vulnerabilities, secrets, and OWASP Top 10 issues, and produce a categorized report with remediation suggestions.