Explorar skills

脅威モデル・認可・データフロー・設計リスクの観点からセキュリティ監査を行う。新機能の設計時、外部接点を変更するとき、認証・認可・データ扱いに触れるときに使う。

Application security agent that audits code for OWASP Top 10 vulnerabilities, hardcoded secrets, and common security flaws. Triggers on: security audit, vulnerability scan, OWASP check, security review, penetration test, hardening.

Service-profile-driven project audit. Auto-fires when the user requests audit, review, code review, pre-launch check, security audit, OWASP/SOLID/12-Factor compliance, project skeleton/bootstrap/setup, or any equivalent in any language (e.g., 점검, 감사, 리뷰, 출시 전 검토, 보안 점검, 골조, 셋업). Reads the full 0–10 section checklist from SPEC.md, filters items by grade (🔴🟠🟡🔵⚪) against the user's service profil

Use when you want a dedicated security review of staged or recently changed files — deeper than the security section in /review. Covers OWASP Top 10, secrets exposure, dependency vulnerabilities, and auth gaps. Run before opening a PR on security-sensitive changes.

Market timing and entry window assessment for bootstrapped founders. Evaluates whether the moment is right — strategic inflection points, adoption stage, buyer behavior shifts, regulatory catalysts, incumbent vulnerability windows, and bootstrapper timing fit. Use when user runs `/timing-analysis`, asks about "why now", "market timing", "is it too late", "is it too early", "entry window", "inflect

Audit a prompt the user is about to send to Claude (or another coding AI) for completeness and effectiveness. Use this skill whenever the user shares a prompt and asks for feedback — phrases like "is this prompt good", "audit my prompt", "review this prompt", "will Claude understand this", "improve this prompt", "is this enough context". Also trigger proactively when you notice the user is about t

Run the test-coverage-mapper reducer subagent over the per-node enrichment sidecars + actual test files in the target repo. Verifies sidecar-claimed test files exist; surfaces uncovered behaviours as TEST-GAP-NNN candidates ranked by node criticality (anchored on concepts.yaml's security/performance aggregates); cross-references with `doc-gaps.md` for double-jeopardy findings (undocumented AND unt

Explain or apply a general operating model that turns messy requests and unfamiliar domains into reusable, adopted capabilities through clarification, context engineering, reuse, composition, hardening, and adoption.

Audit code for security vulnerabilities. Use when the user says "security-audit", "security check", "is this secure", "audit for vulnerabilities", or before any public deployment. Covers OWASP Top 10 and common API/backend attack surfaces.

Audit a page for WCAG 2.1 AA accessibility issues. Traces the render chain, checks structural/semantic HTML, contrast indicators, ARIA, and outputs a prioritized report.

Realiza revisiones de código exhaustivas con retroalimentación accionable y priorizada. Cubre corrección, seguridad, rendimiento, legibilidad y mejores prácticas en todos los lenguajes.

Review Claude Code skills, hooks, CLAUDE.md files, scripts, or workflow configurations for design flaws, unclosed loops, stale references, side effects, security risks, and portability issues. Use when: 'review this skill', 'audit this hook', '/util-review', 'check this config', or when evaluating any supplementary Claude Code artifact for quality and correctness.