Explorar skills

Review an authorized codebase for ORM misuse, N+1 query patterns, authorization-after-fetch bugs, raw SQL risks, cache key collisions, and missing tenant scopes. Use for data-access layers and security-adjacent performance pitfalls.

Review an authorized codebase for ORM misuse, N+1 query patterns, authorization-after-fetch bugs, raw SQL risks, cache key collisions, and missing tenant scopes. Use for data-access layers and security-adjacent performance pitfalls.

Review an authorized API surface for access control, mass assignment, schema validation, rate limiting, SSRF, error leakage, webhook verification, and unsafe defaults. Use for REST, GraphQL, RPC, and webhook handlers.

Review an authorized pull request diff for security regressions. Use when changes modify trust boundaries, auth logic, data-access scope, file handling, logging, headers, or secrets.

Review an authorized pull request diff for security regressions. Use when changes modify trust boundaries, auth logic, data-access scope, file handling, logging, headers, or secrets.

Critical review (min. 5 findings). Modes: code, audit, plan. Use when: "review", "critical review", "code review", "plan review", "audit review".

Use when handling user input, authentication, data storage, or external integrations. Use when building any feature that accepts untrusted data, manages user sessions, or interacts with third-party services.

Launch parallel security analysis agents for comprehensive vulnerability assessment. Use when: "security team", "security audit", "security-team", "pentest", "vulnerability scan".

La característica o área a auditar (opcional)

Astro Migration & Best-Practice Audit with state persistence. Use when: "astro-audit", "astro upgrade", "astro migration", "astro check", "astro version".

12 regulatory & QM agent skills and plugins for Claude Code, Codex, Gemini CLI, Cursor, OpenClaw. ISO 13485 QMS, MDR 2017/745, FDA 510(k)/PMA, ISO 27001 ISMS, GDPR/DSGVO, risk management (ISO 14971), CAPA, document control, auditing. Python tools (stdlib-only).

Utilice al generar código Java para aplicaciones web, APIs o sistemas empresariales. Previene vulnerabilidades del OWASP Top 10 en Spring Boot, Jakarta EE y Java puro.