Agent Skills

API Security Testing Workflow

antigravity-awesome-skills

Structured workflow for testing REST and GraphQL API security: authentication, authorization, input validation, rate limiting, and common API vulnerabilities.

QQ Bot Channel Access

claude-qq-channel

Manage QQ bot channel access: approve pairings, edit allowlists, and configure DM policy safely from a local terminal session.

AWN (Agent World Network)

agent-world-network

CLI and daemon for world-scoped P2P messaging between AI agents with Ed25519-signed messages and world membership management.

Terrashark

terrashark

Diagnose and fix Terraform/OpenTofu failure modes (identity churn, secret exposure, blast radius, CI drift, compliance gaps) and generate risk-controlled remedi

Code Review

openagentscontrol

Automated code review guidance focusing on security, correctness, and maintainability; used to validate changes before committing.

AWS IAM — Common Pitfalls

agent-toolkit-for-aws

Verified guidance on AWS IAM edge-cases, pitfalls, and gotchas for agents working with roles, policies, STS, Organizations, and SAML/MFA.

Threat Hunter

claude-skill-registry

Expert threat-hunting guidance to proactively search for IOCs, TTPs, and suspicious activity across SIEM and telemetry sources.

ETHSKILLS

cryptoskill

Comprehensive Ethereum (EVM) guidance for building, auditing, testing, and operating smart contracts, dApps, and onchain services.

Dependency Audit

claude-skill-registry

Run a zero-assumption audit of project dependencies: CVEs, maintenance, license risk, bundle cost, bus factor, and recommendations to remove or replace risky pa

Bybit Trading Skill

cryptoskill

Natural-language trading skill for Bybit: market data, spot and derivatives trading, account queries, and secure confirmation flows for Mainnet operations.

Scanner Skill — Decepticon

decepticon

High-volume codebase scanner that shards work, ranks suspicious locations, and promotes a concise set of candidates for deeper analysis.

UCP Identity Linking

agentic-commerce-skills-plugins

Implementation guidance for UCP identity linking using OAuth2 authorization code flow to link buyer accounts between platforms and merchants for personalized ch

BlueAgent x402

skills

A pay-per-use Security OS for autonomous agents on Base offering 31 tools for security, safety, research, data, and earning features.

ATXP — Agent Infrastructure & Paid Tools

openclaw-master-skills

Provides agents a funded identity (wallet, email) plus paid API tools: web search, image/video/music generation, SMS/voice, email, and an LLM gateway — useful w

Trivy Offline Vulnerability Scan

skilllearnbench

Run Trivy in offline mode to scan dependency files (package-lock.json, etc.) for HIGH/CRITICAL vulnerabilities and produce machine-readable JSON results.

1Password CLI

solana-clawd

Instructions and guardrails for installing and using the 1Password CLI (`op`) safely inside a managed tmux session, with recommended workflows to avoid leaking

MITRE ATT&CK T1098 — Account Manipulation

mitre-attack-agent-skills

Defensive analysis and guidance for MITRE ATT&CK technique T1098 (Account Manipulation): detection, triage, hunting, and mitigation planning for enterprise envi

MITRE ATT&CK — T1569.001 Launchctl

mitre-attack-agent-skills

Defensive analysis skill for MITRE ATT&CK T1569.001 (Launchctl): detection, triage, and mitigation guidance for macOS adversary activity.

ClawSec Scanner

clawsec

Automated, multi-engine vulnerability scanner for agent platforms that runs dependency scans, SAST, CVE enrichment and agent-specific DAST harnesses to surface

Correctless: Feature Specification (cspec)

correctless

Turn a feature idea into a structured, testable specification with configurable intensity, research, and STRIDE-backed invariants.

FireEye

application-skills

Integrate with FireEye via the Membrane CLI to discover alerts, events, hosts, malware details and run actions using pre-built connectors. Use when you need pro

Acunetix (Membrane) Integration

application-skills

Integrate and automate Acunetix vulnerability scans, targets, reports and scheduled scans via the Membrane CLI.

LiteLLM: Add API Key

litellm-skills

Create and provision API keys on a live LiteLLM proxy, specifying alias, scope, allowed models, budget and expiry.

Scammer.skill

scammer.skill

Detect likely scam messages, identify the scam stage, and predict the scammer's next move to help users defend themselves.

Aiken Smart Contract Development

claude-skill-registry

Expert guidance for writing, testing, and auditing Aiken smart contracts for Cardano, including validator patterns, testing practices, and off-chain MeshJS inte

AI Factory (aif)

ai-factory

Set up agent project context: analyze tech stack, install or generate skills, and configure MCP servers with mandatory security scanning for external skills.

API Relay Security Audit

api-relay-audit

An 11-step automated security audit for AI API relay/proxy services — detects prompt injection, context truncation, tool-call substitution, stream integrity iss

Cloak — .env Protection

cloak

Protects real .env secrets by replacing on-disk values with safe sandbox values and providing a secure vault and CLI for running processes with real secrets.

Semgrep Code Security Scanner

skillsemgrep

Run Semgrep-based security scans to detect vulnerabilities, secrets, and OWASP Top 10 issues, and produce a categorized report with remediation suggestions.

API Integration Patterns

autonomous-dev

Patterns and safe templates for calling external APIs and CLI tools: subprocess safety, retries, auth handling, and rate-limit management.