Explore skills

Performs a dependency audit for projects, checking for security vulnerabilities, license compliance, outdated packages, and transitive risks. It is used to generate vulnerability, compliance, and update priority reports.

Conducts a dependency audit for a project, checking for security vulnerabilities, license compliance, outdated packages, and transitive dependency risks. It produces a vulnerability findings table, license compliance matrix, and update priority matrix.

Java security checklist covering OWASP Top 10, input validation, injection prevention, and secure coding. Works with Spring, Quarkus, Jakarta EE, and plain Java. Use when reviewing code security, before releases, or when user asks about vulnerabilities.

Scans the .claude/ directory for security misconfigurations, exposed secrets, and unsafe permissions.

Agent-to-agent communication templates, covering formats for standard handoff, QA verdict (PASS/FAIL), escalation, bug reports, security findings, and status updates.

A framework for measuring and tracking agent response quality over time, detecting regressions before they reach production. Use it when evaluating agent changes, auditing quality, or establishing performance baselines.

Systematic false positive verification for security findings. Provides structured methodology to confirm or dismiss scanner results, manual audit findings, and automated alerts. Adapted from Trail of Bits. Use when triaging security scan results or verifying audit findings.

TOCTOU prevention, distributed locking, idempotency keys, race condition detection for Node.js and serverless environments.

Detect fail-open configurations, hardcoded secrets, weak authentication defaults, permissive CORS, disabled security features, and other insecure-by-default patterns. Adapted from Trail of Bits. Use during security review or when auditing configuration and initialization code.

Ethical security testing methodology - 5-phase pipeline, OWASP checklist, proof levels, structured findings

Security scan, dead code detection, and code quality audit for any project

Security audit workflow - OWASP Top 10, input validation, auth, secret detection, vulnerability scan