Skill UI

Provides a structured reference of the 100 most critical web application vulnerabilities organized by category, helping security teams identify attack vectors, assess impacts, and follow remediation guidance during audits or penetration tests.

Provides an OWASP 2025-aligned vulnerability scanning mindset, supply chain defenses, attack surface mapping, and risk prioritization guidance with runtime scripts for automated validation of modern application security.

Guides security pros through WordPress 7.0 attack surfaces covering discovery, enumeration, vulnerability scanning, credential checks, and exploitation with WPScan, Burp, Metasploit, and manual curl probes for authorized assessments.

Provides Wycheproof test vectors for validating cryptographic implementations against known attacks and edge cases, making it ideal for CI regression sweeps and third-party crypto audits.

Guides analysts through assessing web authentication, credential stuffing, password policies, session tokens, and fixation flows to uncover broken authentication risks before attackers do.

Audits GitHub Actions workflows that invoke AI coding agents to surface prompt injection and sandbox risks, tracing attacker-controlled inputs through env vars, reusable actions, and workflow references before deployment or code review.

A comprehensive security scanner designed to audit AI agent skills before deployment. It analyzes source code (Python, Bash, JS), detects critical vulnerabilities like command injection, network exfiltration, and unsafe deserialization. Furthermore, it scans markdown files for prompt injection attacks, and assesses dependency supply chain risks, providing a clear PASS/WARN/FAIL verdict and remediation guidance.

Performs static security analysis on GitHub Actions workflows that incorporate AI coding agents (e.g., Claude, Gemini, OpenAI). This skill helps identify critical data flow vulnerabilities, such as where attacker-controlled input can reach AI agent prompts or internal systems via CI/CD pipelines, going beyond simple expression checks.

A rigorous, security-focused code review process designed for Pull Requests (PRs), commits, and diffs. It moves beyond general reviews by focusing intensely on high-risk areas such as authentication, cryptography, external calls, and value transfer. The methodology is evidence-based, requiring detailed attack scenario modeling and generating comprehensive, auditable markdown reports to identify overlooked vulnerabilities and regressions.

A rigorous framework designed to audit GitHub Actions workflows for exploitable security vulnerabilities. This skill focuses strictly on real-world attack patterns, requiring every identified finding to include a concrete exploitation scenario (Entry Point, Payload, Impact). Ideal for securing CI/CD pipelines against external attackers.

This tool systematically audits a project's dependencies to identify potential supply chain security risks. It evaluates critical factors such as maintenance status, contributor count, popularity, and the presence of high-risk features. It is ideal for pre-security audits, assessing the overall attack surface, and mitigating risks before deployment.

This tool parses API Gateway access logs from various providers (AWS, Kong, Nginx). It performs statistical analysis using pandas to detect critical security threats such as Broken Object Level Authorization (BOLA/IDOR), credential stuffing, rate limit bypass attempts, and injection vulnerabilities. Ideal for SOC analysts or security engineers investigating API abuse and building advanced threat detection rules.