🛡️ GitHub Actions Permission Hardener
Audit and harden GitHub Actions workflows against overbroad permissions, secrets exposure, and supply-chain risks.
Ship agent workflows in 30 seconds. Browse 2,000+ expert-built and security scanned skills. Browse skills
THE AGENSI STORE
13 skills found
Audit and harden GitHub Actions workflows against overbroad permissions, secrets exposure, and supply-chain risks.
by Roy Yuen
Secure encrypted secret management with automated health checks, expiration tracking, and rotation reminders.
by Echo Rose
Config Manager Pro - AI agent skill
by Timoranjes
Automatically generate, audit, and repair .gitignore files to prevent secrets leakage and repository pollution.
Locally scan your repository for leaked API keys, tokens, and secrets before committing or publishing code.
by Shandra
Audits Dockerfiles and Compose setups for production readiness, security risks, image size, build speed, health checks, secrets handling, and deployment compatibility.
Audit a Helm chart for insecure defaults before you deploy to Kubernetes. Flags privileged containers, allowPrivilegeEscalation, missing CPU/memory limits and requests, hostPath volumes, hostNetwork/hostPID/hostIPC sharing, readOnlyRootFilesystem not set, runAsNonRoot not enforced (or runAsUser 0), plaintext secrets in values.yaml, missing NetworkPolicy, and NodePort/LoadBalancer services exposed without restriction.
An adversarial security gate to detect and redact PII, secrets, and confidential data before sending prompts.
An adversarial reviewer for Dockerfiles and container builds. It flags root users, image bloat, unpinned or cache-busting layers, leaked secrets, and missing hardening, then returns a PASS / FIX / BLOCK verdict — before you build or push the image.
Scaffold a secure, spec-compliant MCP server from a description of the tools you want to expose. Sets up the official SDK (TypeScript or Python/FastMCP), defines tools/resources/prompts with strict JSON Schema, wires the right transport (stdio or Streamable HTTP), adds OAuth 2.1 for remote, and hardens against the MCP-specific footguns — prompt injection via tool output, token passthrough, over-broad scopes, command/path/SSRF injection, leaked secrets — before it ships. Returns a runnable skeleton plus a security checklist. Built by someone who's shipped production MCP servers.
Check your app for the security mistakes that leak data before you launch, explained in plain English. Flags API keys and secrets sitting in your code, a committed .env file, data with no login protecting it, database tables anyone can read, debug mode left on, wide-open sharing (CORS), hardcoded admin passwords, and public storage buckets. Built for non-technical founders shipping AI-built apps: every finding tells you what is wrong, why it matters, and how to fix it.
Scan your OpenClaw config for the settings that quietly hand your agent too much power: unrestricted exec, open inbound DMs, secrets committed in config, the deny-write bypass, sandbox turned off, dangerous Docker binds, and elevated tools. Read-only, plain-English findings, grounded in the OpenClaw docs.
by Timoranjes
Teaches AI coding agents to audit their own CLAUDE.md, cursor rules, and project config files for structural flaws that cause rule non-compliance. Diagnoses WHY agents ignore rules (ambiguity, contrad