API Contract Guardian for AI Coding Agents
by Shandra
Protects API endpoints from accidental breaking changes by generating contract maps, validation rules, integration tests, documentation, and safe AI coding prompts.
Ship agent workflows in 30 seconds. Browse 1,500+ expert-built and security scanned skills. Browse skills
THE AGENSI STORE
227 skills found
by Shandra
Protects API endpoints from accidental breaking changes by generating contract maps, validation rules, integration tests, documentation, and safe AI coding prompts.
by Julian
A rigorous security auditor that scans code for OWASP Top 10 vulnerabilities with severity ratings and concrete fixes.
A professional security triage workflow for mapping attack surfaces and prioritizing DeFi smart contract vulnerabilities.
by LocoLoboZ
Orchestrate independent reviews, adversarial audits, and multimodal analysis via secondary models and external tools.
Audit any AI-generated output for unsupported claims, then verify every factual and technical assertion against its real source before it ships.
Audit codebases for structural debt, TODOs, and dependency rot to generate prioritized remediation reports.
by Ikerg
Deterministic AWS Databricks cost auditor that finds waste in compute, Delta tables, and PySpark code with ROI estimates.
Map any repo into an interactive D3 dependency graph plus a Markdown onboarding guide: entry points, module relationships, circular dependencies, and dead-code candidates, with refactor suggestions. Parses TypeScript, Python, Java, Go, and Rust imports, exports, and calls. Self-contained HTML, no source changes.
by Timoranjes
Scan multi-language codebases for unused variables, orphaned functions, and unreachable code with severity ranking.
by Timoranjes
Expert IaC auditing for Terraform and OpenTofu to catch security holes, cost leaks, and state management risks.
Find the unit tests that pass without testing anything. Flags tests with no assertions, trivial existence-only checks (toBeDefined, assertIsNotNone), tests that assert the exact value they just mocked, snapshot-only tests, tautological assertions (expect(true).toBe(true)), empty placeholders, and over-mocked tests with more setup than assertions. Works on Jest/Vitest and pytest/unittest.
One-line summary description Stop your agent from claiming "done" before it's proven. A verification gate that classifies each change by risk (payment, auth, database, user-facing), picks the tests that actually cover it, demands evidence, maps regression risk, and outputs an honest pass/fail report. Turns "looks good to me" into "here's what I ran, and here's what's still unverified."
An adversarial senior engineer review gate that audits AI-written code for security gaps and logic errors before shipping.
Map the blast radius of a code change before you run the whole suite. For the files and functions you changed, it lists what imports or calls them, which tests cover them, flags any change with no covering test, and warns when a file has a lot of dependents. It tells an agent what its edit might break instead of making it guess. Resolves Python and JavaScript/TypeScript.
by Roy Yuen
Structured, severity-aware code reviews focusing on security, bugs, and performance across all major languages.
Catch documentation that drifted from your code. Flags functions and methods named in your docs that are gone from the source, CLI flags documented but missing from the arg parser, env vars the docs mention but the code never reads, example imports of modules that no longer exist, and npm scripts or Make targets your docs reference but the project does not define. Cross-references your README and docs against Python and JS/TS source.
An adversarial reviewer for AI-written code changes. It pressure-tests a pull request or diff for untested branches, silent behavior changes, missing edge cases, over-confident code that only looks right, and weak tests, then returns a PASS / REVISE / BLOCK verdict before the change merges.
Flag the hidden and look-alike characters lurking in a handle or brand string. Catches zero-width characters, mixed-script look-alikes (a Cyrillic "а" passing as a Latin "a"), right-to-left and bidi override characters, unexpected non-ASCII, and stacked combining marks. These are the spoofing tricks and display bugs you cannot catch by reading.
A professional-grade toolkit for SAST code reviews, PII scanning, and automated compliance gap analysis.
Find the LLM integration code that breaks when a model blocks a response or falls back to a different model. Flags calls with no try/except or refusal branch, responses used or parsed with no guard for a blocked or empty answer, and hardcoded model ids with no fallback handling. Built for the Fable 5 era, where a high-risk call is blocked and silently falls back to Opus 4.8.
Audit a JavaScript or TypeScript frontend for missing translations and hardcoded UI strings before you ship a new locale. Flags hardcoded JSX text and UI props (title, placeholder, aria-label, label, alt) not wrapped in t(), i18n.t(), or <Trans>; keys present in the default locale but missing from other locale files; keys referenced in code but absent from the locales (the raw dotted keys that leak to users); unused locale keys; and unparseable locale JSON.
A structured WCAG 2.1 AA audit and fix agent for WordPress themes, organized by block theme, Gutenberg, forms, and navigation context, with scored findings and complete before-to-after code patches.
Systematically refactor large codebases, eliminate circular dependencies, and define clean module boundaries.
Audit the decoded text a QR code carries before you print it on something. Flags URLs that are not absolute, link shorteners that hide the real destination, unsafe schemes (javascript:, data:, file:), payloads too long to scan reliably, malformed Wi-Fi or contact payloads, and exposed credentials like a Wi-Fi password or a token sitting in a URL. It audits the decoded payload you paste; it does not read images.