mobile-backend
vmaster
io.github.wgpsec/AboutSecurity/mobile-backend
移动 App 后端 API 安全测试。当目标是移动应用的后端接口、发现 /api/v1/ 等移动端 API 路径、或需要测试 App 与服务器之间的通信安全时使用。覆盖 API 端点发现、认证机制测试、业务逻辑漏洞、移动端特有的安全问题
共 451 个资源 · Agent Skill 是带 SKILL.md 的指令包。安装后,AI 会根据 description 在匹配任务时自动加载,无需每次手动粘贴提示词。
“security” 共 451 个结果
vmaster
io.github.wgpsec/AboutSecurity/mobile-backend
移动 App 后端 API 安全测试。当目标是移动应用的后端接口、发现 /api/v1/ 等移动端 API 路径、或需要测试 App 与服务器之间的通信安全时使用。覆盖 API 端点发现、认证机制测试、业务逻辑漏洞、移动端特有的安全问题
vmaster
io.github.wgpsec/AboutSecurity/mcp-security
MCP (Model Context Protocol) 协议安全测试方法论。当目标环境使用 MCP Server 集成外部工具、 需要评估 MCP 工具描述安全性、或测试 Agent 通过 MCP 调用工具时的安全边界时触发。 覆盖: 工具描述投毒、地毯式骗局(动态篡改)、指令覆盖(Shadow Tool)、隐藏指令(ANSI/Unicode)、 跨 Server 攻击、Token 窃取、Schema 操纵、上下文溢出。
vmaster
io.github.wgpsec/AboutSecurity/database-tactics
数据库服务攻击方法论。当发现 Redis(6379)、MSSQL(1433)、PostgreSQL(5432)、MySQL(3306)、MongoDB(27017) 等数据库端口时使用。覆盖未授权访问、弱口令爆破、命令执行、文件读写、提权。任何涉及数据库攻击、数据库提权、数据库利用的场景都应使用此技能
vmain
io.github.open-edge-platform/anomalib/fastapi-rest-api-design
Designs and reviews REST APIs for FastAPI services using consistent resource naming, HTTP semantics, validation, security, and error handling patterns. Use for backend API tasks, endpoint design/refactors, or API review requests in FastAPI/Python projects.
vdevelop
io.github.HoangNguyen0403/agent-skills-standard/typescript-security
Validate input, secure auth tokens, and prevent injection attacks in TypeScript. Use when validating input, handling auth tokens, sanitizing data, or managing secrets and sensitive configuration.
vdevelop
io.github.HoangNguyen0403/agent-skills-standard/typescript-security
Validate input, secure auth tokens, and prevent injection attacks in TypeScript. Use when validating input, handling auth tokens, sanitizing data, or managing secrets and sensitive configuration.
vdevelop
io.github.HoangNguyen0403/agent-skills-standard/nextjs-security
Secure Next.js App Router with middleware auth, Server Action validation, CSP headers, and taint APIs. Use when adding authentication middleware, validating Server Action inputs with Zod, or preventing secret leakage to client bundles.
vmain
io.github.getsentry/sentry-mcp/mcp-audit
Audit MCP servers for protocol compliance, metadata drift, and compatibility regressions. Use when reviewing tool annotations, tool/result schemas, structured output, lifecycle/init handshake, capabilities, prompts/resources support, transports, auth, security, version drift, or Warden/CI MCP compatibility checks. Trigger phrases include "audit MCP", "check MCP spec compliance", "review tool hints", "validate tools/list", "check initialize handshake", "review prompt or resource capabilities", and "check MCP compatibility in Warden".
vmain
io.github.nearai/ironclaw/security-review
Security audit for code changes and PRs — OWASP top 10, auth flows, data handling, secrets exposure, supply chain risks. Writes findings as actionable items.
vmain
io.github.gsd-build/gsd-2/security-review
Threat-model-driven security review of a change, feature, or subsystem. Runs a STRIDE-style pass (Spoofing, Tampering, Repudiation, Info disclosure, Denial of service, Elevation of privilege), examines the actual code, and produces a filing-ready report with severity, exploit scenario, and concrete remediation. Use when asked to "security review", "threat model", "check for vulnerabilities", "audit this for security", "secure this", or before shipping any change that touches auth, input handling, data access, or external surfaces.
vmain
skillsmp.s7safe-android-h1-skill-md
移动安全漏洞挖掘知识库,基于HackerOne公开报告提供Android和iOS应用的漏洞挖掘手法、技术细节和代码模式分析;用于安全研究人员和漏洞挖掘者学习参考、代码审计和漏洞检测指导。
vmaster
io.github.wgpsec/AboutSecurity/sqlmap-advanced
sqlmap 高级用法完整参考。当确认存在 SQL 注入需要用 sqlmap 自动化利用时使用。覆盖 POST/Cookie/Header 注入、tamper 脚本选择、--technique 精确控制、二次注入、OS shell/文件读写、数据库提取优化
vmain
io.github.nearai/ironclaw/code-review
Paranoid architect review of code changes for bugs, security, missing tests, and undocumented assumptions. Works on local git diffs OR a GitHub pull request (e.g. `owner/repo N`). For PRs, can post findings as line-level review comments.
vnext
io.github.webiny/webiny-js/security
API — Security & Auth — 53 abstractions. Authentication, API keys, roles, users, teams event handlers and use cases.
vmain
io.github.Tibsfox/gsd-skill-creator/kubernetes-patterns
Provides Kubernetes resource management, Helm chart patterns, service mesh configuration, and autoscaling strategies. Covers HPA, VPA, KEDA, operators, security contexts, and namespace isolation. Use when user mentions 'kubernetes', 'k8s', 'helm', 'istio', 'linkerd', 'service mesh', 'HPA', 'VPA', 'KEDA', 'pod security', 'resource quotas', 'operators'.
vmain
io.github.sickn33/antigravity-awesome-skills/codebase-cleanup-deps-audit
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies.
vmain
io.github.sickn33/antigravity-awesome-skills/codebase-audit-pre-push
Deep audit before GitHub push: removes junk files, dead code, security holes, and optimization issues. Checks every file line-by-line for production readiness.
vmain
io.github.sickn33/antigravity-awesome-skills/code-review-checklist
Comprehensive checklist for conducting thorough code reviews covering functionality, security, performance, and maintainability
vmain
io.github.sickn33/antigravity-awesome-skills/mobile-security-coder
Expert in secure mobile coding practices specializing in input validation, WebView security, and mobile-specific security patterns.
vmain
io.github.sickn33/antigravity-awesome-skills/backend-security-coder
Expert in secure backend coding practices specializing in input validation, authentication, and API security. Use PROACTIVELY for backend security implementations or security code reviews.
vmain
io.github.sickn33/antigravity-awesome-skills/frontend-mobile-security-xss-scan
You are a frontend security specialist focusing on Cross-Site Scripting (XSS) vulnerability detection and prevention. Analyze React, Vue, Angular, and vanilla JavaScript code to identify injection poi
vmain
io.github.sickn33/antigravity-awesome-skills/frontend-security-coder
Expert in secure frontend coding practices specializing in XSS prevention, output sanitization, and client-side security patterns.
vmain
io.github.sickn33/antigravity-awesome-skills/security-scanning-security-sast
Static Application Security Testing (SAST) for code vulnerability analysis across multiple languages and frameworks
vmain
io.github.sickn33/antigravity-awesome-skills/security-scanning-security-hardening
Coordinate multi-layer security scanning and hardening across application, infrastructure, and compliance controls.