Security

This skill documents Burp Suite Professional, a leading HTTP interception proxy for web application security testing. It provides detailed workflows for proxy configuration, active/passive scanning, and fuzzing with Intruder. The guide includes practical examples for Docker integration and common troubleshooting scenarios.

This skill provides a structured workflow for using 1Password CLI within Claude, focusing on secure secret retrieval. It enforces tmux sessions to handle authentication prompts, includes guardrails against secret exposure, and references official documentation for setup.

Provides a structured approach to security testing based on OWASP Top 10, with ready-to-use test code for access control, injection, and crypto failures. Includes CI/CD integration examples and coordination for multiple security-focused agents.

This skill provides a structured framework for performing security audits on codebases. It guides users through scope discovery, threat modeling, and offers two review strategies (sequential and parallel scanning). It outputs findings with CVSS scores, OWASP mappings, exploit scenarios, and prioritized fixes. It includes templates for audit reports and a reference checklist for common vulnerabilities.

A skill that implements authentication and payment features using Clerk, Supabase Auth, or Stripe. It includes a mandatory security checklist before execution and provides clear implementation flows for both authentication and payment scenarios.

A comprehensive security testing tool for n8n workflows that effectively addresses credential exposure, encryption verification, and authentication testing with practical code examples.

A comprehensive and well-structured security assessment skill that provides systematic frameworks (STRIDE, OWASP Top 10) for evaluating code, architecture, and infrastructure security with practical guidance and review patterns.

This skill provides concrete security audit guidance for RLS policies, API authentication, and vulnerability detection. It includes specific forbidden patterns, correct examples, and actionable checklists with grep commands for real-world security validation.

Provides expert guidance for using ffuf web fuzzer during penetration testing, covering authenticated fuzzing with raw requests, auto-calibration, result analysis, and troubleshooting. Includes practical examples for directory discovery, subdomain enumeration, parameter fuzzing, and POST data testing with filtering strategies.

This skill audits AI-generated code for security vulnerabilities, offering both quick checks during development and comprehensive audits. It detects hardcoded secrets, SQL injection, XSS, and other common issues, generating actionable reports. It integrates with development commands to block critical issues before testing or deployment.

Provides a structured six-phase workflow for infrastructure security audits, from scoping to verification. Includes specific templates for audit plans, scanning commands, review checklists, compliance mapping, and remediation tracking. Clearly defines triggers and when to use related skills.