security
vmaster
io.github.static-web-server/static-web-server/security
Review or implement security measures for the Static Web Server (SWS) project — path traversal prevention, TLS, security headers, CORS, and input validation
共 3,564 个资源 · Agent Skill 是带 SKILL.md 的指令包。安装后,AI 会根据 description 在匹配任务时自动加载,无需每次手动粘贴提示词。
“git” 共 3,564 个结果
vmaster
io.github.static-web-server/static-web-server/security
Review or implement security measures for the Static Web Server (SWS) project — path traversal prevention, TLS, security headers, CORS, and input validation
vmaster
io.github.static-web-server/static-web-server/testing
Write or review tests for the Static Web Server (SWS) project — unit tests, integration tests, test fixtures, and mocking strategies
vmaster
io.github.SRombauts/SQLiteCpp/sqlitecpp-workflow
SQLiteCpp change workflow checklists for API, tests, build files, and CHANGELOG updates. Use when adding a method or class, editing build files, or writing a CHANGELOG entry for a PR.
vmain
io.github.PrefectHQ/fastmcp/review-pr
Monitor and respond to automated PR reviews (Codex bot). Use when pushing a PR, checking review status, or responding to bot feedback. Handles the full cycle of push -> wait for review -> evaluate comments -> fix -> re-push.
vmain
io.github.imbhargav5/nextbase-nextjs-supabase-starter/nextjs-cache-components
Code generation and conversion for Next.js 16 applications using Cache Components (PPR). Use when the user requests to "convert to use cacheComponents" at project or page level, create new Next.js pages/components with proper caching directives, split pages into cached and dynamic sections with Suspense boundaries, or work with Next.js 16's new caching model including use cache, cacheLife, Suspense, and anonymous Supabase clients for cache-friendly data fetching.
vmain
io.github.sickn33/antigravity-awesome-skills/sql-sentinel
Audit SQL for the cost & performance anti-patterns that burn warehouse credits. Scores warehouse health 0-100 and outputs a prioritized cost-reduction plan for BigQuery, Snowflake, Redshift, and Postgres.
vmain
io.github.xberg-io/xberg/api-server-mcp
REST API server and MCP protocol integration
vmain
io.github.ruvnet/ruflo/security-scan
Run full security scans on the codebase using Ruflo security tools. Use when reviewing PRs for security regressions, auditing auth/input-handling code, before production deploys, or when the user asks for a security check at quick/standard/deep depth.
vmain
io.github.bdfinst/agentic-dev-team/docker-image-audit
Audit Docker images and Dockerfiles for security vulnerabilities, bloat, and best-practice violations using hadolint, Trivy, and Grype. Produces a structured severity report with actionable fixes. Use this skill whenever the user wants to check a Docker image for security issues, scan a container for vulnerabilities, audit a Dockerfile, harden a Docker image, reduce image size, minimize attack surface, check for CVEs in a container, or says things like "is this Dockerfile secure?", "scan my image", "check my container for vulnerabilities", "how can I make this image smaller?", "audit my Docker setup", or "harden this container". Also trigger when the user has just created or modified a Dockerfile and wants validation before shipping it.
vmain
io.github.bdfinst/agentic-dev-team/docker-image-create
Generate production-ready Dockerfiles from project source code. Detects language/framework automatically and produces multi-stage builds with minimal, distroless, or slim base images. Use this skill whenever the user wants to containerize an application, create a Dockerfile, dockerize a project, build a Docker image, or says things like "make this run in Docker", "create a container for this app", "I need a Dockerfile", "package this for deployment", or "containerize this service". Also trigger when the user has an existing Dockerfile and wants it rewritten for production use, or when they ask about Docker best practices for their project.
vmain
io.github.TheDecipherist/claude-code-mastery-project-starter-kit/css-structure
Where CSS should live. Claude defaults to dumping a giant <style> block or scattering style="..." attributes instead of putting styles in a .css file and linking it. Use when building or editing a web page or component, or whenever about to write a style attribute or an embedded style block. Covers defaulting to an external stylesheet, why inline style attributes are a trap, and the few cases where inline is actually correct (dynamic values via custom properties, critical CSS, single-file artifacts, email).
vmain
io.github.TheDecipherist/claude-code-mastery-project-starter-kit/docker-swarm
Production Docker Swarm deployment rules: what changes when a compose file goes from a single node to a multi-node Swarm. Use when writing or reviewing a stack file, a deploy block, an overlay network, or anything deployed with docker stack deploy. Covers the directives Swarm silently ignores, why fixed IPs and bind mounts break, the deploy orchestration block, and the exit-code and healthcheck discipline that Swarm self-healing depends on. Complements the docker skill, which covers writing the image and compose file itself.
vmain
io.github.TheDecipherist/claude-code-mastery-project-starter-kit/docker
Production Docker best practices for writing Dockerfiles, Compose files, and Swarm stacks. Use whenever creating or editing a Dockerfile, a docker-compose / compose.yaml, or a stack file, or building and optimizing an image. Fixes the handful of things Claude reliably gets wrong: multi-stage builds, layer-cache ordering, exec-form ENTRYPOINT for correct signals and exit codes, init:true, keeping secrets and env out of the image, non-root users, and healthchecks. From production, not defaults.
vmain
io.github.EveryInc/compound-engineering-plugin/ce-doc-review
Review requirements, plans, or specs with role-specific lenses. Use when the user wants to improve an existing planning document.
vmain
io.github.mono/SkiaSharp/security-audit
Audit SkiaSharp's native dependencies for security vulnerabilities and CVEs, including Component Governance (CG) alerts from the SkiaSharp-Native and SkiaSharp Azure DevOps pipelines. Read-only investigation that produces a status report with recommendations. Use when user asks to: - Audit security issues or CVEs - Check CVE status across dependencies - Find security-related issues and their PR coverage - Get an overview of open vulnerabilities - See what security work is pending - Check Component Governance alerts - Review CG alerts from the native build pipeline Triggers: "security audit", "audit CVEs", "CVE status", "what security issues are open", "check vulnerability status", "security overview", "what CVEs need fixing", "CG alerts", "component governance", "check container CVEs". This skill is READ-ONLY. To actually fix issues, use the `native-dependency-update` skill.
vmain
io.github.elastic/kibana/review-connector
Review connector spec changes (spec, docs). Use when reviewing a PR involving connector specs, doing post-creation review after create-connector or build-connector, or preparing a connector PR checklist.
vdev
io.github.ethereum/ethereum-org-website/design-system
Use when building, refactoring, or styling any UI in the ethereum.org Next.js site (`src/components/`, `app/`, `src/styles/`, `public/content/`, or any `.tsx`/`.mdx`/`.css` change that affects the rendered UI). Provides canonical component choices, design tokens, RTL/i18n rules, server/client guidance, and the "use a variant, not a new component" pattern for the project's Tailwind v4 + Radix + shadcn-style design system.
vmaster
io.github.SRombauts/SQLiteCpp/sqlitecpp-coding-standards
SQLiteCpp coding standards and API rules for core edits, public headers, style, and Doxygen.
vnext
io.github.ComposioHQ/composio/python-testing
Select and run Python SDK verification with nox, Makefile targets, Ruff, mypy, pytest markers, sanity tests, type inference checks, and build checks. Use when adding Python tests, diagnosing Python CI, or validating Python SDK/provider changes. Do not use for TypeScript-only checks.
vnext
io.github.ComposioHQ/composio/python-sdk
Implement or modify Python SDK behavior under python/composio, including tools, toolkits, sessions, auth configs, connected accounts, client integration, and shared Python models. Use for Python core runtime/API work; pair with python-testing and cross-sdk-parity when TypeScript must match.
vnext
io.github.ComposioHQ/composio/python-release
Handle Python SDK release, build, bump, packaging metadata, PyPI client pin, uv.lock, nox/build workflow, and publish verification changes. Use for Python release process work or dependency pin bumps; do not use for ordinary Python feature implementation.
vnext
io.github.ComposioHQ/composio/python-providers
Create, modify, test, or package Python provider adapters under python/providers, including framework-specific dependencies, public imports, type inference, and provider metadata. Use for Python provider work only; use python-sdk for core SDK changes.
vnext
io.github.ComposioHQ/composio/typescript-testing
Select and run TypeScript SDK verification for packages, examples, type checks, linting, builds, Vitest suites, and runtime E2E tests. Use when adding tests, diagnosing TypeScript CI, choosing a focused test command, or validating TypeScript package changes. Do not use for Python-only checks.
vnext
io.github.ComposioHQ/composio/typescript-sdk
Implement or modify TypeScript SDK behavior in @composio/core or shared TypeScript packages, including tools, toolkits, sessions, auth configs, connected accounts, modifiers, and generated SDK surfaces. Use for TS runtime/API work; pair with typescript-testing for verification and cross-sdk-parity when Python must match.