SKILL.md packages that extend Claude Code, Cursor, Copilot, and other AI agents.
Tags

marketplace
Static pre-install security and provenance scanner for SKILL.md packages and marketplace listings.

claude-skill-registry
Detect unsafe OS command execution patterns (system/popen/exec) and trace user-controlled input to identify command injection risks.

TerminalSkills Skills Library
Run a private certificate authority to issue and manage internal TLS certificates and mTLS.

superagent-ai
Audit a GitHub repository's security posture and produce a ranked, actionable hardening checklist.

xalgorix
Offensive/blue-team skill for authorized pentests: enumerates FreeIPA/LDAP/Kerberos environments, finds HBAC/sudo misconfigurations, reuses CCACHE/keytabs and m

agentic-security
Pre-write privacy review that classifies PII/PHI/PCI, traces where data flows, and generates a DATA_FLOW.md record before code that touches sensitive fields is

correctless
Goal-directed red team assessment skill for live systems with source-code access; enforces isolation and intensity gating before active testing.

openclaw-skills-security
Audit an OpenClaw installation and generate a prioritized, ready-to-apply hardening plan for AGENTS.md, gateway, sandbox, and permissions.

agent-skills-library
A comprehensive workflow bundle for designing, building, and operating LLM applications, RAG systems, AI agents, and ML pipelines.

skills-for-antigravity
Performs high-value code reviews focused on correctness, security, and developer growth; prioritises substantive issues over bikeshedding and uses repo referenc

xalgorix
Create, deploy, and monitor Thinkst Canary Tokens (web, DNS, document, AWS key) to detect lateral movement and credential misuse.

antigravity-awesome-skills
Client library usage guide for Azure Key Vault Certificates in Rust — create, import, manage, and list certificates.

agentguard
Guidelines and best practices for modern PHP (8.4–8.5): typing, security, architecture, testing, and performance for writing and reviewing PHP code.

vigilo
Audit-oriented patterns and mitigations for ERC4626 tokenized vaults: share/asset conversions, inflation (first-depositor) defenses, rounding rules, donation at

litellm-skills
Remove one or more API keys or key aliases from a LiteLLM proxy after confirming with the user; calls POST /key/delete and returns the deleted_keys list.

TerminalSkills Skills Library
Automate penetration testing workflows by orchestrating security tools (nmap, subfinder, nuclei, sqlmap) with AI agents to find, prove, and report web applicati

prodsec-skills
Analyzes, filters, and aggregates SARIF files from static analysis tools like CodeQL and Semgrep.

zxc123aa
Detects the real backend origin of Claude Code proxy services.

wizards-of-the-ghosts
Implement defensive area-denial mechanisms like rate limiting, tarpits, and honeypots to deter unwanted traffic.

claude-code-python-stack
Implements industry-standard Docker and Docker Compose patterns for Python, Django, and FastAPI projects, focusing on multi-stage builds and security.

Python Refactoring Skills
Detect and fix security vulnerabilities in Python code, including SQL injection, hardcoded secrets, and weak cryptography using Bandit and Ruff.

Keygraph Shannon
Autonomous AI-driven pentesting tool for web apps and APIs. Performs real exploits to prove vulnerabilities with high success rates.

claude-skills
A comprehensive set of architectural standards and anti-patterns for Python APIs, DevOps, and embedded systems to ensure scalability and security.

vibe-security-skill
Audits AI-generated codebases for critical security flaws like exposed keys, broken RLS, and insecure payment flows.

agentguard
Expert guidance on Go 1.25 practices, covering concurrency, error handling, generics, and security hardening.

bn
Perform advanced reverse engineering tasks using the local bn CLI against an open Binary Ninja session.

rune
Automates database migrations with safety checks, breaking change detection, and SQL injection scanning for multiple ORMs.

hardstop
A safety layer that blocks dangerous shell commands and warns on risky system operations to prevent accidental damage.

trezor-suite
Ensures generated code aligns with security headers and permissions policies, specifically for navigator object interactions.

ctf-super-hub
A comprehensive quick-reference skill for CTF binary exploitation: buffer overflows, format strings, heap techniques, ROP, ret2libc, shellcode, kernel exploits