Ship agent workflows in 30 seconds. Browse 1,500+ expert-built and security scanned skills. Browse skills

    Browse The Skill Store

    22 skills found

    bypass macos file dialog

    by Fredrik Akerstrom

    $5

    Bypass OS-native file upload dialogs in browser automation using JavaScript interception and DataTransfer injection.

    2
    automationbrowser-automationjavascript+6

    nex agency followup cadence

    by Nex AI

    $5

    Automate 3-step email follow-up sequences with absolute stop-on-reply logic and GDPR-compliant footer injection.

    1
    cold-emailautomationgdpr-compliance+2

    skill hardening certifier

    by Nex AI

    $7

    A rule-based security scanner and auto-hardener for AI agent skills to detect injections and unsafe code.

    2
    securitydevopsprompt-engineering+2

    Skill Safety Scanner

    by karim hammoumi

    $29

    Scan AI agent skill definitions for malicious instructions, prompt injections, and security risks—locally.

    2
    ai-agentsauditdeveloper-tools+2

    🛡️ GuardrailDoctor

    by JustHandled Labs

    $29

    Penetration-test your Claude Code agent's guardrails before you deploy. Throws prompt-injection payloads, shell-chaining, and path-traversal attempts at your PreToolUse/PostToolUse hooks and sensitive-file protections, then returns a pass/fail report on 10+ attack vectors with copy-paste remediation for every gap.

    2
    claude-codedevopsllm-ops+2

    owasp top10 reviewer

    by Julian

    $15

    A rigorous security auditor that scans code for OWASP Top 10 vulnerabilities with severity ratings and concrete fixes.

    2
    api-securityappsecaudit+8

    📝 Prompt Template Linter

    by JustHandled Labs

    $12

    Lint a prompt template for the issues that cause injection and flaky output. Flags untrusted variables interpolated straight into the instructions (the injection surface), placeholders that are never provided or never used, contradictory instructions, a missing output-format spec where the result is parsed, unbounded context interpolation, and leftover placeholders. It detects problems; it does not write prompts.

    2
    prompt-engineeringsecurityllm-ops+2

    🛡️ Skill Injection Scanner

    by JustHandled Labs

    $15

    Scan a SKILL.md package for prompt injection and secret exfiltration before you install or publish an agent skill. Flags env-variable-to-URL exfiltration wording, conditional triggers with hidden side effects, imperative instructions buried in HTML comments, zero-width characters, base64 and long-token blobs, remote content treated as instructions, pipe-to-shell and recursive force-delete references, and overbroad tool requests (network plus browser plus file-write with no scope).

    1
    securityauditprompt-injection+2

    Database Schema & Query Review Gate — Catch Slow Queries, Missing Indexes & Risky Migrations Before Prod

    by PubsProToolkit

    $12

    Review a database schema, queries, or migration for the mistakes that get expensive in production — bad table design, missing or wrong indexes, slow and N+1 queries, SQL injection, and migrations that lock or break prod. Engine-aware (PostgreSQL, MySQL, SQLite, SQL Server), it runs an ordered review and returns a PASS/REVIEW/BLOCK verdict with prioritized fixes. Schema mistakes are the most expensive kind — this catches them before they ship.

    1
    sqldatabasepostgresql+7

    MCP Server Builder — Scaffold a Secure, Spec Compliant MCP Server (Tools, Resources, Auth) Without the Footguns

    by PubsProToolkit

    $24

    Scaffold a secure, spec-compliant MCP server from a description of the tools you want to expose. Sets up the official SDK (TypeScript or Python/FastMCP), defines tools/resources/prompts with strict JSON Schema, wires the right transport (stdio or Streamable HTTP), adds OAuth 2.1 for remote, and hardens against the MCP-specific footguns — prompt injection via tool output, token passthrough, over-broad scopes, command/path/SSRF injection, leaked secrets — before it ships. Returns a runnable skeleton plus a security checklist. Built by someone who's shipped production MCP servers.

    1
    mcpmodel-context-protocolmcp-server+7

    WordPress Security Code Auditor

    by Arnstein Larsen

    $27.99

    A senior WordPress security auditor that reasons about WP-API taint flow — not regex hits — to find the 8 real plugin/theme vulnerability classes a generic scanner misses, and returns scored findings with ready-to-merge before→after patches.

    1
    wordpresssecurityaudit+10

    MCP Security Review

    by Ifásola

    $5

    Specialized static security scanner for MCP servers and Python tool handlers to prevent injection and data leaks.

    2
    security-auditmcp-serverstatic-analysis+7

    agent skill security auditor

    by Timoranjes

    $9.9

    Evaluate third-party agent skills for command injection, prompt injection, and data exfiltration before installation.

    2
    securitydevsecopsauditing+2

    Agent Hooks Security and Quality Gate — Audit Your Pre and Post Tool Use Hooks Before They Ship

    by PubsProToolkit

    $12

    Adversarially audit your agent hooks before you trust them. Catches command injection, secret leakage, over-broad matchers, destructive actions, and blocking-logic mistakes in pre/post-tool-use, prompt, and stop hooks — with a PASS or REVISE verdict and severity-ranked fixes.

    2
    agent-hookssecurityclaude-code+6

    ai security auditor

    by Timoranjes

    Free

    Comprehensive security auditing for AI agents, covering prompt injection, tool permissions, and data leakage risks.

    2
    8
    securityai-agentsowasp+3

    prompt injection auditor

    by Timoranjes

    Free

    The security auditor for AI agents. Detect prompt injection, secret leaks, and unsafe tool access in SKILL.md files.

    1
    3
    prompt-injectionsecurityagent-safety+3

    prompt failure mode auditor

    by ALBERTO “TRAlbert”

    Free

    Hardens AI prompts and agent workflows against logic errors, tool-misuse, and prompt injection.

    1
    1
    prompt-engineeringsecurityllm-ops+2

    agent supply chain auditor

    by Timoranjes

    Free

    Structured security auditing for AI agent skills to detect prompt injection, data exfiltration, and malicious commands.

    2
    1
    securitydevsecopssupply-chain+3

    prompt injection auditor v2

    by Kaymue

    Free

    Audit prompts and MCP tools for prompt injection. 47 attack patterns, OWASP LLM Top 10, generates adversarial tests. CVSS-scored.

    1
    0
    securityllmprompt-injection+5

    nex accent contrast ext

    by Nex AI

    $5

    Ship a Manifest V3 Chrome extension that applies a custom accent color theme across any website.

    2
    chrome-extensionjavascriptmanifest-v3+2

    Prompt Injection & Agent Security Gate — Block Hidden Instructions Before Your Agent Acts

    by PubsProToolkit

    $14

    An adversarial security gate that audits untrusted content — web pages, tool outputs, documents, emails — for embedded instructions, exfiltration, and authority spoofing, then returns a SAFE/REVIEW/BLOCK verdict.

    2
    prompt-injectionagent-securityai-safety+2

    AI Prompt Injection Defense Shield & LLM Jailbreak Security Auditor Code Review Agent

    by Brandon DeVries

    Free

    Stop leaving your AI startup exposed to malicious users trying to steal your proprietary system prompts or bypass your paywalls. The AI Prompt Injection Defense Shield is an automated code review agent that deeply analyzes your Next.js or Python backend, instantly detecting insecure LLM input fields, un-sanitized API data streams, and weak prompt boundaries. By automatically generating the exact copy-paste code patches required to harden your AI wrapper against the latest OWASP top 10 LLM vulnerabilities, this skill allows solo developers and indie hackers to confidently launch their SaaS without the fear of massive, unexpected API billing spikes or catastrophic data leaks.

    1
    1
    ai-prompt-injection-defensechatgpt-jailbreak-preventionllm-wrapper-security-audit+10