Explore skills

脅威モデル・認可・データフロー・設計リスクの観点からセキュリティ監査を行う。新機能の設計時、外部接点を変更するとき、認証・認可・データ扱いに触れるときに使う。

Smart read-only cybersecurity audit for local projects. This v0.4.1 cleanup release features verified packaging, install validation, update scripts, and audit profiles.

Application security agent that audits code for OWASP Top 10 vulnerabilities, hardcoded secrets, and common security flaws. Triggers on: security audit, vulnerability scan, OWASP check, security review, penetration test, hardening.

Service-profile-driven project audit. Auto-fires when the user requests audit, review, code review, pre-launch check, security audit, OWASP/SOLID/12-Factor compliance, project skeleton/bootstrap/setup, or any equivalent in any language (e.g., 점검, 감사, 리뷰, 출시 전 검토, 보안 점검, 골조, 셋업). Reads the full 0–10 section checklist from SPEC.md, filters items by grade (🔴🟠🟡🔵⚪) against the user's service profil

Use when you want a dedicated security review of staged or recently changed files — deeper than the security section in /review. Covers OWASP Top 10, secrets exposure, dependency vulnerabilities, and auth gaps. Run before opening a PR on security-sensitive changes.

Perform thorough code reviews with actionable, prioritized feedback. Covers correctness, security, performance, readability, and best practices across languages.

Market timing and entry window assessment for bootstrapped founders. Evaluates whether the moment is right — strategic inflection points, adoption stage, buyer behavior shifts, regulatory catalysts, incumbent vulnerability windows, and bootstrapper timing fit. Use when user runs `/timing-analysis`, asks about "why now", "market timing", "is it too late", "is it too early", "entry window", "inflect

Security audit for MCP (Model Context Protocol) servers. Detects data exfiltration risks, command injection, permission escalation, and supply chain vulnerabilities before adding MCP servers to your agent.

Bug Hunter v1.1.0 Systematically hunts and detects potential bugs in code, including security vulnerabilities, null safety issues, boundary conditions, exception handling gaps, logic defects, code smells, and concurrency problems.

Interactive codebase health audit covering 8 dimensions: Architecture, Security, Performance, Maintainability, Testing, Docs, Dependencies, Quality. Zero dependencies.

Use to set up, install, audit, update, repair, or sync a project-local AI harness for the current repository. It inspects the repo, conducts an interview for defaults and guardrails, then creates or updates synchronized AGENTS.md, CLAUDE.md, GEMINI.md, PROJECT_HARNESS.md, harness-contract.json, and harness-runtime.json files.

Audit a prompt the user is about to send to Claude (or another coding AI) for completeness and effectiveness. Use this skill whenever the user shares a prompt and asks for feedback — phrases like "is this prompt good", "audit my prompt", "review this prompt", "will Claude understand this", "improve this prompt", "is this enough context". Also trigger proactively when you notice the user is about t