Best Security & Compliance Skills for Claude Code

Reviews your code for bugs, security vulnerabilities, logic errors, performance issues, and style violations. Organizes findings by severity and suggests fixes with code examples.

click-to-convert-audit

Popular

Free

High-integrity landing page audits that identify ad spend hazards and conversion blockers for Google Ads traffic.

prompt-engineer

Popular

Free

Professional prompt engineering patterns for building robust, secure, and production-ready LLM applications.

SEO optimizer and banned-word scanner for Chinese social media. Keyword optimization and advertising law compliance.

A high-performance wrapper to route security tasks directly to the Anthropic-Cybersecurity-Skills library.

Prevent vulnerabilities before they happen by forcing early security framing and secure-by-default design patterns.

Audit AI agent skills for security risks, packaging errors, and marketplace readiness with professional reports.

A premium library of 399 vulnerability patterns and DeFi attack vectors for AI-driven bug hunting and security audits.

Audit and de-conflict complex agent instruction stacks to fix inconsistent behavior and logic bloat.

Advanced engineering intelligence for building scalable, reliable, and secure distributed backend systems.

Instantly diagnose any skill or prompt and get a clear, prioritized report on what’s wrong and how to fix it — across any agent.

Audit your codebase for technical debt and generate a prioritized, actionable remediation report.

Expert CI/CD auditor for GitHub Actions, GitLab CI, CircleCI, and Jenkins to ensure security and performance.

Automated security audit and health check for software dependencies across polyglot projects.

High-precision test gap analysis that prioritizes untested code by risk and identifies missing edge cases.

Audit AI agent memory files for privacy risk and bloat.

Comprehensive security auditing for AI agents, covering prompt injection, tool permissions, and data leakage risks.

Complete SEO audit workflow for AI agents. Crawl, analyze, and generate actionable SEO reports with technical, on-page, and off-page recommendations.

ADA Compliance Checker (Free) - Most Common problems only

Free

A fast, free 3-point accessibility screen (text contrast, image alt text, form labels) to spot the most common ADA/WCAG problems before they cost you.

Expert AI guidance for ISO-compliant cleanroom design, HVAC filtration setup, and controlled environment installation.

Automated competitor content gap analysis and strategy reporting for SEO agencies and marketing teams.

PII & Data-Leak Scanner

$15

or 75 cr

Scan your schemas, seed data, config, and logs for personal data before it leaks. Detects PII-indicating column and key names (email, ssn, phone, address) across SQL, CSV, and JSON, plus PII in the data itself: email addresses, SSN-like numbers, credit-card-like numbers, phone numbers, and PII written into log files. Each finding is flagged with its location and a GDPR-style review note. Heuristic by design: it surfaces what to review, not a compliance guarantee.

sast-configuration

$10

or 50 cr

Automate the setup and optimization of Semgrep, SonarQube, and CodeQL for high-signal security testing.

skill-install-safety-gate

Free

Automated security and compatibility firewall for installing AI agent skills and Codex/OpenClaw packages.

Professional-grade git diff auditor that identifies security vulnerabilities and code smells before you merge.

Paste any Claude conversation and get a clean, complete PDF transcript — every message, every artifact, automatically formatted.

Audit frontend code for WCAG 2.2 AA compliance with prioritized remediation steps and deep semantic analysis.

etsy-tag-validator-free

Free

A professional diagnostic tool to validate, score, and optimize 13 Etsy tags for search visibility and compliance.

Catches dangerous database migrations before they hit production. Reviews schema changes for locking hazards, data loss, missing rollbacks, and index issues across PostgreSQL, MySQL, and SQLite.

Generate a complete, country-compliant Excel invoicing and tax tracking system for any business worldwide.

The security auditor for AI agents. Detect prompt injection, secret leaks, and unsafe tool access in SKILL.md files.

Find accessibility barriers and WCAG 2.2 AA failures in web and mobile UI code — with file:line, the exact criterion, and a fix

Solo SaaS Architect

$5

or 25 cr

Automatically builds complete, launch-ready SaaS websites, databases, and secure user dashboards, with security audits at each step.

What Did I Just Agree To?

Free

Turn complex legalese into a plain-English map of your rights, risks, and red flags.

fba-listing-audit-free

Free

A high-precision diagnostic tool that grades Amazon FBA listings across 5 dimensions with actionable fixes.

Real-time Chinese SEO & advertising law compliance scanner with API-backed banned word detection for 5+ platforms.

Automated environment audit to fix configuration gaps, detect secret leaks, and solve "works on my machine" issues.

codex-memory-curator

Free

Audit, prune, and secure your AI agent's long-term memory to prevent pollution and data leakage.

A rigorous 5-phase debugging framework to systematically reproduce, isolate, and resolve complex software bugs.

Transform AI claims into verified, risk-assessed technical reports for production, DevOps, and enterprise governance.

Professional-grade Kubernetes YAML auditor for security, API deprecations, and deployment best practices.

GDPR Compliance Scanner for Marketing and Code

$15

or 75 cr

Automatically detect GDPR compliance risks in websites, codebases, marketing assets, and AI workflows.

Automatically generate, audit, and repair .gitignore files to prevent secrets leakage and repository pollution.

Audit dependencies for security, licenses, and health while generating a phased, low-risk upgrade and migration plan.

Generate production-ready, platform-specific Terms of Service, Privacy Policies, and Refund Policies for your SaaS.

Enforce security, reliability, and deployment best practices for Docker Compose files.

Sanitize Mac admin logs and MDM evidence before sharing.

A security auditor that identifies Docker vulnerabilities, scores configurations, and generates hardened replacements.

Accessibility Scanner

$7

or 35 cr

Automatically detect accessibility issues in websites and applications following WCAG and accessibility standards.

Enterprise SOP Automation Architect

$50

or 250 cr

Converts internal SOPs, policies, checklists, and process notes into structured AI-agent workflows with decision trees, escalation rules, QA checkpoints, and audit-ready outputs.

Scaffold or harden a production-grade GitHub Actions pipeline for WordPress — with a blocking lint gate that stops broken code before it deploys, and a fail notification that makes silent deployment failures impossible.

privacy-impact-assessment-guide

$10

or 50 cr

Generate audit-ready privacy impact assessments, risk registers, and data flow maps for regulatory compliance.

A professional security triage workflow for mapping attack surfaces and prioritizing DeFi smart contract vulnerabilities.

Automated VAT audit assistant for accountants to verify journals and detect filing errors before submission.

Turn bounce rates into conversions with prioritized fix lists and high-converting copy variants for any SaaS landing page.

Professional Go code auditor for performance optimization, concurrency safety, and modern 1.21+ idioms.

Accessibility Auditor

$9.99

or 50 cr

Expert accessibility auditing that prioritizes user impact and provides production-ready code fixes for WCAG compliance.

Automate Web3 security lead qualification and draft technical outreach that converts prospects into audit clients.

🌐 Localization QA Auditor

$15

or 75 cr

Run structural QA on your translation files across locales. Flags missing keys, placeholder mismatches ({name}, %s, {{var}}), strings left untranslated and identical to the source, length-overflow risk that breaks UI, terminology drift against a glossary, empty targets, and plural-category gaps. Works on JSON, gettext .po/.pot, and .properties. It checks form, not meaning, so you do not need to speak the target language to use it.

Audit web pages against 13 technical SEO factors to generate structured compliance reports and prioritized code fixes.

i18n Completeness Auditor

$12

or 60 cr

Audit a JavaScript or TypeScript frontend for missing translations and hardcoded UI strings before you ship a new locale. Flags hardcoded JSX text and UI props (title, placeholder, aria-label, label, alt) not wrapped in t(), i18n.t(), or <Trans>; keys present in the default locale but missing from other locale files; keys referenced in code but absent from the locales (the raw dotted keys that leak to users); unused locale keys; and unparseable locale JSON.

🎨 Brand Consistency Linter

$12

or 60 cr

Hold your bios, footers, and profiles to one brand spec. Flags brand-name spelling and casing that does not match your canonical form, off-spec taglines, links that are not on your official list, leftover placeholders (Lorem, TODO, "your tagline here"), and handles that differ from one surface to the next. You define the spec once and it enforces it everywhere.

Strategic Friction Cartographer

$19.99

or 100 cr

Identify, map, and resolve the hidden systemic resistance that turns high effort into low momentum.

open-source-intelligence-collector

$12

or 60 cr

Plan, collect, and synthesize lawful defensive intelligence into structured exposure reports and investigation briefs.

Structureert de eerste juridische respons, risicoanalyse en 72-uurs meldplicht bij GDPR-datalekken.

AI Stack Spend Audit

$9

or 45 cr

List your AI subscriptions and usage; it finds the overlap and returns a cut/keep/downgrade verdict with estimated monthly dollar savings.

Locally scan your repository for leaked API keys, tokens, and secrets before committing or publishing code.

Adaptive GDPR, CCPA, security, and AI compliance audit with severity-graded findings and law citations

Automatically scan code for trackers and generate GDPR-compliant cookie banners and Dutch privacy policies.

Email Auth Deliverability Doctor

$12

or 60 cr

Audit your SPF, DKIM, and DMARC records for the misconfigurations that get mail rejected or sent to spam. Flags a missing DMARC record or p=none, missing rua reporting, a missing or duplicated SPF record, SPF over the 10-lookup limit, permissive +all/?all, a missing DKIM selector, and SPF/DKIM domain-alignment mismatches. Paste a DNS zone file or dig/nslookup output.

Coding Agent Quality Gate — Catch AI-Written Security Bugs & Logic Errors Before Deploy

$24

or 120 cr

An adversarial senior engineer review gate that audits AI-written code for security gaps and logic errors before shipping.

Automated construction budget tracking for architects: flags overruns, payment leaks, and financial site risks.

Kandji Configuration Auditor

$24.99

or 125 cr

Security review of Kandji agent configurations, library items, and automation for compliance and safety

Meeting Notes Architect

$8.99

or 45 cr

Turn chaotic meeting notes into professional, action-oriented minutes ready for immediate email distribution.

Accessibility Gate: Catch WCAG Violations Before You Ship

$29

or 145 cr

Audit your frontend for accessibility violations before release — flags WCAG failures, gives prioritized fixes, and blocks the broken patterns that get sites sued.

Github Actions Permission Hardener

$19

or 95 cr

Audit and harden GitHub Actions workflows against overbroad permissions, secrets exposure, and supply-chain risks.

Identify conversion blockers and ad-budget leaks with a severity-ranked landing page audit.

AI Disclosure & Provenance Gate

$5

or 25 cr

An adversarial gate to verify AI-use disclosures and draft compliant provenance statements for any venue.

Automated mechanical check of notarial deeds for consistency in names, dates, amounts, and template placeholders.

Generate hardened, production-ready systemd service units with auto-restart, sandboxing, and install scripts.

security-operations-tabletop-exercise-facilitator

$15

or 75 cr

Design, facilitate, and document professional security incident response tabletop exercises and after-action reports.

incident-response-playbook-builder

$10

or 50 cr

Build, review, and automate structured incident response playbooks for enterprise security operations.

Enterprise-grade project orchestration for breaking complex work into phases, dependencies, and agent workstreams.

bmc-remedy-sr-designer

$12

or 60 cr

Convert SOPs and checklists into configuration-ready BMC Remedy Service Request and Work Order design documents.

🖼️ Open Graph Social Card Auditor

$12

or 60 cr

Catch the Open Graph and Twitter Card problems that make a shared link preview blank or broken. Flags missing og:title, og:image, og:description, og:url, or twitter:card, a relative og:image URL (crawlers need an absolute one), an SVG og:image (no platform renders it), and image dimensions that miss the 1200x630 standard. Reads your HTML or pasted head markup; it does not fetch the page or refresh a platform's cache.

Expert regex architect for building, auditing, and optimizing high-performance, ReDoS-safe patterns.

Run Claude Code unattended with a battle-tested safety framework, hardened deny-rules, and a 6-layer rollback ladder.

PrivacyShield

$19

or 95 cr

Protect sensitive data before it reaches an AI model and automatically restore it in the final response.

Workflow Automation Reliability Auditor

$55

or 275 cr

Audits fragile Zapier, Make, n8n, Airtable, Google Sheets, CRM, webhook, API, and script automations for failure points, data-loss risks, weak logging, missing retries, and risky dependencies.

cyber-hygiene-assessment

$20

or 100 cr

Transform raw security evidence into professional Cyber Healthcheck reports, RAG scorecards, and remediation roadmaps.

Specialized static security scanner for MCP servers and Python tool handlers to prevent injection and data leaks.

🗂️ Model Inventory Auditor

$13

or 65 cr

Inventory every LLM model and provider your code depends on, the AI bill of materials, and flag the dependency risk. It lists each provider, model, and where it's used, then flags hardcoded model ids, single-provider dependency with no alternative, the same model referenced by different ids, model ids with no config or env indirection, and providers pinned in your manifests. Recognizes OpenAI, Anthropic, Google Gemini, and more from an editable list.

knowledge-management-institutional-memory

$8.99

or 45 cr

Design and scale organizational knowledge systems to capture institutional memory and decision history.

incident-response-dashboard-builder

$12

or 60 cr

Transform raw incident logs and evidence into professional, tool-agnostic IR dashboards and executive reporting packs.

ot-incident-response-playbook-builder

$15

or 75 cr

Build safety-first, framework-aligned incident response playbooks for ICS, SCADA, and OT environments.

cyber-attack-chain-analysis

$12

or 60 cr

Transform incident timelines into structured Cyber Kill Chain mappings and high-impact defensive roadmaps.

Structureert een subsidie- of steunaanvraag voor een cliënt-onderneming: voorwaardencheck, stukkenlijst, kostenonderbouwing en verantwoordingsverplichtingen na toekenning.

🤖 3. AI Readiness Score

$7

or 35 cr

Evaluate company AI maturity across 6 dimensions with weighted scoring, radar charts, and a GDPR risk audit.

attack-tree-construction

$10

or 50 cr

Generate structured, scored attack trees with AND/OR logic to visualize threat paths and identify security gaps.

Competitor Content Gap Analyzer

$100

or 500 cr

Analyzes competitor URLs, page types, topics, keywords, and editorial angles to find missing pages, weak content, commercial opportunities, and prioritized 30/60/90-day SEO roadmaps.

cyber-compliance-report-drafter

$15

or 75 cr

Professional drafting and review of cyber security risk reports, mapping evidence to compliance frameworks.

Stop AI hallucinations in cold email with server-side legal footers and Belgian GDPR compliance guardrails.

Turn verified property facts, lead notes, and showing feedback into listing copy, follow-up scripts, CRM notes, lead prioritization, and risk-aware real estate marketing support.

Run a buyer-readiness check before publishing an AI agent skill package.

Automate EU AI Act transparency audits, Article 50 disclosures, and AI literacy documentation for your apps.

procurement-security-reviewer

$12

or 60 cr

Automate information security assessments and drafting for procurement contracts, RFPs, and supplier agreements.

functional-requirements-specification-builder

$12

or 60 cr

Draft, update, and convert professional Functional Requirements Specifications (FRS) for procurement and GRC.

business-ai-governance-mesh

$7

or 35 cr

A modular governance framework for AI policy, agent risk assessment, human-in-the-loop approvals, and audit trails.

A systematic framework for risk-aware dependency upgrades, breaking change analysis, and safe execution.

📌 TODO FIXME Extractor

Free

List every TODO, FIXME, HACK, XXX, BUG, and OPTIMIZE comment in your codebase with file, line, and tag. Scans 14 languages, groups the results by tag with counts, and skips node_modules, dist, build, and vendor. A clean tech-debt inventory instead of scrolling grep output.

📝 Prompt Template Linter

$12

or 60 cr

Lint a prompt template for the issues that cause injection and flaky output. Flags untrusted variables interpolated straight into the instructions (the injection surface), placeholders that are never provided or never used, contradictory instructions, a missing output-format spec where the result is parsed, unbounded context interpolation, and leftover placeholders. It detects problems; it does not write prompts.

Turn discovery intake into professional, ranked AI automation roadmaps and executive audit reports.

E-Shield

$20

or 100 cr

A high-performance ethical guardrail and IP protection layer for safeguarding AI reasoning and core logic.

Struktureert de analyse, voorwaarden en administratie voor een btw-eenheid tussen verbonden vennootschappen.

A complete Manifest V3 Chrome extension to detect and highlight manipulative UI dark patterns on any website.

Transform business ideas into deployment-ready autonomous company blueprints for multi-agent frameworks.

Auth & Multi-Tenant SaaS Foundation: Ship Secure Accounts in a Day

$29

or 145 cr

Scaffold a complete, production-ready auth and multi-tenant foundation — sessions, OAuth/SSO, role-based access control, organizations, teams, invitations, and row-level data isolation — wired to your app and database.

Audit SQL and ORM queries for security vulnerabilities, N+1 performance issues, and indexing anti-patterns.

Shell Script Admin Safety Reviewer

$19.99

or 100 cr

Review bash and zsh admin scripts for safer quoting, input handling, permissions, and rollout readiness.

Automatische rekenkundige en formele controle van architecturale meetstaten (CSV).

Automate Belgian vzw (non-profit) administration, WVV-compliant bylaws, UBO filings, and GA minutes.

Professional technical SEO crawler and site auditor for deep architectural analysis and issue detection.

Idiomatic code translation between Python, TypeScript, and Go that preserves logic and adapts language-specific patterns.

Supabase RLS Doctor

$19

or 95 cr

Audit your Supabase project for the row-level-security mistakes that quietly expose data: tables without RLS, policies that resolve to true, leaked service-role keys, missing auth.uid() checks, open storage buckets, overbroad grants, and migration drift. A local, read-only scan plus a full review checklist, each finding with severity, evidence, and a fix. No database changes without confirmation.

SAST Configuration Kit

$7

or 35 cr

A DevSecOps engineer that stands up and tunes static analysis (Semgrep, SonarQube, CodeQL) for high-signal findings — picks the right tool for the stack, writes the config and rulesets, wires a sane CI gate, and tunes out the false positives that get scanners muted.

Professional accessibility auditing for architects, balancing legal regulations with real-world usability.

Add stablecoin micropayment paywalls to FastAPI and Express routes using the HTTP 402 standard.

A universal, multi-role AI engineering team for autonomous planning, implementation, and rigorous code review.

Turn prospect notes, quote context, and client objections into quote follow-up scripts, renewal-save messages, CRM notes, and risk-aware broker communication.

Controleert een voorraadlijst op plausibiliteit via een Python-script: negatieve aantallen, waarde-afwijkingen, verkoopprijs onder kostprijs (LOCOM-signaal) en trage rotatie.

skill-auditor

$5

or 25 cr

Audit, score, and improve your AI agent skills for higher quality, lower token costs, better reliability, and marketplace success. Get actionable recommendations for prompts, instructions, tool usage, error handling, and user experience.

Prevent data leaks with auto-injected SQLAlchemy tenant scoping and Cloudflare Access auth for FastAPI SaaS apps.

Protect your IP by embedding invisible, redundant buyer fingerprints and license terms into your AI skill files.

Audit paid ads and landing pages as one conversion path for service businesses.

📚 SOP Generator

$7

or 35 cr

Transform messy chat logs and transcripts into structured, RACI-compliant Standard Operating Procedures (SOPs).

Schedule C Tax Prep Workbook

$25

or 125 cr

Turn 1099s and a messy expense export into a complete, line-by-line IRS Schedule C worksheet for the 2025 tax year — every line filled, every deduction flagged (home office, vehicle, QBI/§199A, SE health, SEP-IRA), every audit-risk noted with IRC cites. For sole props, freelancers, and single-member LLCs.

Automate secret scanning with gitleaks — detect API keys, passwords, tokens before incidents.

Prompt-Injection & Agent-Security Gate — Block Hidden Instructions Before Your Agent Acts

$14

or 70 cr

An adversarial security gate that audits untrusted content — web pages, tool outputs, documents, emails — for embedded instructions, exfiltration, and authority spoofing, then returns a SAFE/REVIEW/BLOCK verdict.

Automated detection and remediation auditing for the CVE-2026-46243 "CIFSwitch" Linux privilege escalation vulnerability.

Scaffold legal entity formation, VAT validation, and compliance documentation for the Netherlands, Belgium, and Luxembourg.

🔳 QR Payload Auditor

$5

or 25 cr

Audit the decoded text a QR code carries before you print it on something. Flags URLs that are not absolute, link shorteners that hide the real destination, unsafe schemes (javascript:, data:, file:), payloads too long to scan reliably, malformed Wi-Fi or contact payloads, and exposed credentials like a Wi-Fi password or a token sitting in a URL. It audits the decoded payload you paste; it does not read images.

Professional content freshness auditor and multi-source report aggregator for digital agencies.

Audit your local Agensi skill library against the live marketplace to catch version drift, unpublished work, and low-conversion listings — before they cost you installs and reputation.

a2a-agent-interoperability-launch-pack

$7

or 35 cr

Turn multi-agent intake into client-ready A2A readiness reports, task contracts, and orchestration topologies.

Stroomlijn de voorbereiding van hypothecaire kredietakten met automatische kruiscontroles en zekerheidsanalyses.

Automated political budget analysis: detects shifts, flags vague spending, and drafts amendments with funding offsets.

A professional CRO and SEO audit workflow to identify conversion leaks and prioritize website fixes.

Pre-launch accessibility audit. WCAG 2.2 AA/AAA, ADA/EAA, 70+ checks, axe-core. VPAT/ACR report for procurement.

Generate compliant, professional engagement letters and fee proposals for accounting firms and financial advisors.

code-review-buddy

$5

or 25 cr

Structured, severity-aware code reviews focusing on security, bugs, and performance across all major languages.

Turn sprint output into stakeholder communication — adapted for Team, Management, Executive, or External audiences.

Credential Handling Safety Reviewer

$24.99

or 125 cr

Review scripts and docs for safer handling of passwords, tokens, keys, and sensitive values.

Turns Claude into a senior WordPress launch reviewer that audits a site, theme, or plugin against the entire pre-launch standard across 7 weighted domains and returns one objective go/no-go decision with a scored blocker list.

Enterprise security with NIST/ISO27001/zero-trust frameworks. Threat modeling, GDPR compliance, DevSecOps guidance.

enterprise-cyber-communications-drafter

$12

or 60 cr

Transform complex cyber security risks, audit findings, and meeting notes into executive-grade business communications.

Automated Belgian tax prepayment (VA) memos with scenario modeling and penalty calculations for accountants.

api-key-vault

$7

or 35 cr

Secure encrypted secret management with automated health checks, expiration tracking, and rotation reminders.

Audit your AI agent's evaluation coverage to identify missing release gates and production risks.

🤖 AI Agent Auditor

$7

or 35 cr

Analyzes AI agents for performance, reliability, security, and optimization opportunities.

Automated procedural deadline calculator and risk-check tool for Dutch/Belgian legal professionals.

WCAG 2.1 AA auditor with auto-fixing and Dutch accessibility statement generation for EAA compliance.

Structureert de formaliteiten na een vennootschaps- of verenigingsakte: UBO-registratie, KBO-inschrijvingen, publicaties, registers: in een concept-checklist met termijnen en verantwoordelijken.

Package Supply-Chain Sentinel

$19

or 95 cr

Vet dependency changes for supply-chain risk before you install, commit, or release. Scans package and lockfile diffs for install-time lifecycle scripts, non-registry sources, suspicious download commands, typosquatting, and floating versions, across npm, pnpm, yarn, pip, uv, and poetry. Flags what to review with evidence. No install required.