Explore skills

Software Bill of Materials (SBOM) generation using Syft for container images, filesystems, and archives. Detects packages across 28+ ecosystems with multi-format output support (CycloneDX, SPDX, syft-json). Enables vulnerability assessment, license compliance, and supply chain security. Use when: (1) Generating SBOMs for container images or applications, (2) Analyzing software dependencies and pac

Configure Static Application Security Testing (SAST) tools for automated vulnerability detection in application code. Use when setting up security scanning, implementing DevSecOps practices, or automating code vulnerability detection.

Python security vulnerability detection using Bandit SAST with CWE and OWASP mapping. Use when: (1) Scanning Python code for security vulnerabilities and anti-patterns, (2) Identifying hardcoded secrets, SQL injection, command injection, and insecure APIs, (3) Generating security reports with severity classifications for CI/CD pipelines, (4) Providing remediation guidance with security framework r

Performs a full-depth audit of a project covering accessibility, UX, performance, SEO, security, database, architecture, legal compliance, operations, and observability. It uses graphify for local and global knowledge, reporting findings with evidence and severity, and can optionally mitigate issues.

Audits third-party code repositories, typically GitHub URLs, for security issues, malicious code, supply-chain risks, and dangerous patterns before adoption or execution. This skill is used when users inquire about repository safety or trustworthiness, or request an an audit.

This skill should be used when the user asks to \"perform vulnerability scanning\", \"scan networks for open ports\", \"assess web application security\", \"scan wireless networks\", \"detec...

This skill offers universal autonomous overnight sessions that scan projects, identify issues like security, dead code, and performance, and then generate a bash loop to fix them using fresh Claude sessions while you sleep. It creates a pull request for morning review.

Configure Static Application Security Testing (SAST) tools for automated vulnerability detection in application code. Use when setting up security scanning, implementing DevSecOps practices, or automating code vulnerability detection.

An AI security co-pilot for identifying, testing, and fixing vulnerabilities in LLM-powered applications. It assists in securing LLM agents, generating security test suites, hardening prompts, and ensuring compliance with standards like OWASP LLM Top 10.

Comprehensive security auditor for Claude Skills and MCP servers, analyzing code for malicious patterns, suspicious behaviors, and security vulnerabilities, and providing detailed risk assessments and recommendations.

Orchestrate multiple Antigravity skills through guided workflows for SaaS MVP delivery, security audits, AI agent builds, and browser QA.

Azure Key Vault Keys Java SDK for cryptographic key management. Use when creating, managing, or using RSA/EC keys, performing encrypt/decrypt/sign/verify operations, or working with HSM-backed keys.