New: Software for Agents, always up-to-date, delivered via MCP or web. Browse

    Browse The Skill Store

    20 skills found

    sast-configuration

    by LocoLoboZ

    $10

    Automate the setup and optimization of Semgrep, SonarQube, and CodeQL for high-signal security testing.

    2
    3
    appsecci-cddevsecops+2

    Security Vulnerability Triage Agent for Small Teams

    by Shandra

    $50

    Turns dependency scan reports and security alerts into prioritized remediation plans with severity, exploitability, affected area, safe fix strategy, and verification checklists.

    2
    dependabotdependency-scanningdevsecops+9

    Web Security Analyzer

    by Pietro Giovanni Vaccarello

    $10

    A specialized security architect skill for performing deep audits, compliance checks, and DevSecOps integrations.

    2
    auditcloud-securitycybersecurity+3

    attack-tree-construction

    by LocoLoboZ

    $10

    Generate structured, scored attack trees with AND/OR logic to visualize threat paths and identify security gaps.

    2
    architectureattack-treedevsecops+3

    incident-lessons-learned-review

    by LocoLoboZ

    $10

    Convert cyber incident evidence into blameless post-mortem reports, root cause analyses, and action trackers.

    1
    cybersecuritydevsecopsgovernance+2

    cve-2026-46243-cifswitch

    by Liam Romanis

    $5

    Automated detection and remediation auditing for the CVE-2026-46243 "CIFSwitch" Linux privilege escalation vulnerability.

    2
    securitycvelinux+6

    cve-2026-45185-dead-letter

    by Liam Romanis

    $5

    Detect and remediate CVE-2026-45185 "Dead.Letter" RCE vulnerabilities in Exim mail servers.

    2
    securitycveexim+6

    connected-device-security-assessment

    by LocoLoboZ

    $12

    Professional-grade security assessment framework for IoT, OT, and connected device ecosystems.

    2
    compliancecyber-governancecybersecurity+6

    cve-2026-31431-copy-fail

    by Liam Romanis

    $5

    Detect and assess CVE-2026-31431 "Copy Fail" vulnerability on Linux systems and Kubernetes clusters.

    2
    securitycvelinux+6

    AI Code Verification Gate

    by JustHandled Labs

    $19

    One-line summary description Stop your agent from claiming "done" before it's proven. A verification gate that classifies each change by risk (payment, auth, database, user-facing), picks the tests that actually cover it, demands evidence, maps regression risk, and outputs an honest pass/fail report. Turns "looks good to me" into "here's what I ran, and here's what's still unverified."

    1
    code-reviewqa-automationdevsecops+2

    Cloud & Infrastructure Config Security Gate — Catch Misconfigurations Before You terraform apply

    by PubsProToolkit

    $34

    An adversarial gate that audits cloud and infrastructure-as-code config — Terraform, Kubernetes, IAM, security groups, buckets — for the misconfigurations that cause real breaches, and returns a structured PASS/REVISE/BLOCK verdict with severities and exact fixes before anything reaches your environment.

    1
    cloud-securityinfrastructure-as-codedevsecops+2

    cve-2026-43284-dirty-frag

    by Liam Romanis

    $5

    Deep audit and detection of the Dirty Frag (CVE-2026-43284/43500) Linux privilege escalation exploit chain.

    2
    securitycvelinux+6

    🔳 QR Payload Auditor

    by JustHandled Labs

    $5

    Audit the decoded text a QR code carries before you print it on something. Flags URLs that are not absolute, link shorteners that hide the real destination, unsafe schemes (javascript:, data:, file:), payloads too long to scan reliably, malformed Wi-Fi or contact payloads, and exposed credentials like a Wi-Fi password or a token sitting in a URL. It audits the decoded payload you paste; it does not read images.

    1
    security-auditqr-codesdevsecops+2

    SAST Configuration Kit

    by Arnstein Larsen

    $7

    A DevSecOps engineer that stands up and tunes static analysis (Semgrep, SonarQube, CodeQL) for high-signal findings — picks the right tool for the stack, writes the config and rulesets, wires a sane CI gate, and tunes out the false positives that get scanners muted.

    1
    devsecopssecurity-scanningci-cd+3

    agent-skill-security-auditor

    by Timoranjes

    $9.9

    Evaluate third-party agent skills for command injection, prompt injection, and data exfiltration before installation.

    2
    securitydevsecopsauditing+2

    Agent Hooks Security and Quality Gate — Audit Your Pre and Post-Tool-Use Hooks Before They Ship

    by PubsProToolkit

    $12

    Adversarially audit your agent hooks before you trust them. Catches command injection, secret leakage, over-broad matchers, destructive actions, and blocking-logic mistakes in pre/post-tool-use, prompt, and stop hooks — with a PASS or REVISE verdict and severity-ranked fixes.

    2
    agent-hookssecurityclaude-code+6

    security-first

    by Roy Yuen

    Popular
    Free

    Prevent vulnerabilities before they happen by forcing early security framing and secure-by-default design patterns.

    2
    17
    appsecbackend-securitydevsecops-architecture+2

    devsecops-expert

    by Sinu

    Free

    Senior-level DevOps automation for CI/CD, IaC, Kubernetes, and production-ready GitOps pipelines.

    2
    7
    ci-cddevopsgithub-actions+3

    Cybersecurity Engine

    by Joker

    Free

    Enterprise security with NIST/ISO27001/zero-trust frameworks. Threat modeling, GDPR compliance, DevSecOps guidance.

    1
    0
    cybersecuritycompliancezero-trust+2

    agent-supply-chain-auditor

    by Timoranjes

    Free

    Structured security auditing for AI agent skills to detect prompt injection, data exfiltration, and malicious commands.

    2
    1
    securitydevsecopssupply-chain+3