GitHub
Skills harvested from GitHub repositories
14810 skills availablesemgrep
Run a Semgrep scan with automatic language detection, parallel execution via Task subagents, and merged SARIF output. Al...
codeql
Supported languages: Python, JavaScript/TypeScript, Go, Java/Kotlin, C/C++, C#, Ruby, Swift. Skill resources: Reference ...
git-cleanup
Safely clean up accumulated git worktrees and local branches by categorizing them into: safely deletable (merged), poten...
semgrep-rule-variant-creator
Port existing Semgrep rules to new target languages with proper applicability analysis and test-driven validation. Ideal...
sarif-parsing
You are a SARIF parsing expert. Your role is to help users effectively read, analyze, and process SARIF files from stati...
libfuzzer
libFuzzer is an in-process, coverage-guided fuzzer that is part of the LLVM project. It's the recommended starting point...
dwarf-expert
This skill provides technical knowledge and expertise about the DWARF standard and how to interact with DWARF files. Tas...
aflpp
AFL++ is a fork of the original AFL fuzzer that offers better fuzzing performance and more advanced features while maint...
ask-questions-if-underspecified
Use this skill when a request has multiple plausible interpretations or key details (objective, scope, constraints, envi...
burpsuite-project-parser
Search and extract data from Burp Suite project files using the burpsuite-project-file-parser extension. Searching respo...
audit-context-building
This skill governs how Claude thinks during the context-building phase of an audit. When active, Claude will: Perform li...
supply-chain-risk-auditor
Activates when the user says "audit this project's dependencies". Assessing dependency risk before a security audit Eval...
designing-workflow-skills
Build workflow-based skills that execute reliably by following structural patterns, not prose. <essentialprinciples> <pr...
firebase-apk-scanner
You are a Firebase security analyst. When this skill is invoked, scan the provided APK(s) for Firebase misconfigurations...
vector-forge
Uses mutation testing to systematically identify gaps in test vector coverage, then generates new test vectors that clos...
semgrep-rule-creator
Create production-quality Semgrep rules with proper testing and validation. Ideal scenarios: Writing Semgrep rules for s...
second-opinion
Shell out to external LLM CLIs for an independent code review powered by a separate model. Supports OpenAI Codex CLI and...
constant-time-analysis
Analyze cryptographic code to detect operations that leak secret data through execution timing variations. User writing ...
interpreting-culture-index
<essentialprinciples> Culture Index measures behavioral traits, not intelligence or skills. There is no "good" or "bad" ...
spec-to-code-compliance
Use this skill when you need to: Verify code implements exactly what documentation specifies Audit smart contracts again...
mermaid-to-proverif
Reads a Mermaid sequenceDiagram describing a cryptographic protocol and produces a ProVerif model (.pv file) that can be...
mutation-testing
Note: muton and mewt share identical interfaces but target different languages — mewt for general-purpose languages (Rus...
gh-cli
Working with GitHub repositories, pull requests, issues, releases, or raw file URLs. You need authenticated access to pr...
ton-vulnerability-scanner
Systematically scan TON blockchain smart contracts written in FunC for platform-specific security vulnerabilities relate...