MCP App StoreMCP App Store
from prodsec-skills40
Identifies error-prone APIs and 'footgun' designs that lead developers toward insecure configurations and implementation mistakes.
This skill implements a 'pit of success' analysis to evaluate whether APIs and configurations are resistant to developer misuse. It identifies 'sharp edges'—design choices where the most intuitive or easiest path leads to a security vulnerability.
Use this skill during API design reviews, auditing configuration schemas, evaluating cryptographic library ergonomics, or when assessing whether a system is 'secure by default'.
Ideal for security-focused coding agents, AI architects, and PR review bots in environments like Claude Code, Cursor, or custom security-agent harnesses.
This skill has not been reviewed by our automated audit pipeline yet.
ACP Checkout — MCP Binding
Guidance to expose ACP checkout REST operations as MCP tools so agents can perform commerce flows (create/update/complete/cancel checkout).
Code Audit
Perform professional code security audits across 9 languages with configurable quick/standard/deep modes and Docker-backed verification.
API and Interface Design
Guides design of stable, predictable APIs and interfaces — contract-first patterns, error semantics, pagination, and naming conventions for robust integrations.
Performing Threat Modeling with OWASP Threat Dragon
Use OWASP Threat Dragon to create data-flow diagrams, apply STRIDE/LINDDUN threat classifications, and generate threat-model reports to guide secure design revi
STRIDE Analysis Patterns
Apply the STRIDE threat-modeling methodology to systematically identify and document security threats during design, reviews, or audits.
Semgrep Code Security Scanner
Run Semgrep-based security scans to detect vulnerabilities, secrets, and OWASP Top 10 issues, and produce a categorized report with remediation suggestions.
Security Threat Model (Repository-grounded)
Generate an evidence-backed, repository-specific threat model that enumerates trust boundaries, assets, attacker capabilities, abuse paths, and prioritized miti
Secure Code Guardian
Provides concrete guidance and code examples to implement authentication, authorization, input validation, and other defenses against OWASP Top 10 vulnerabiliti