Marketplace
Find the right skill for the job.
Browse the full catalog through outcome-first channels, technical facets, rating filters, and server-side pagination built for a large public marketplace.
code-review
Thorough code review for Rust/WebAssembly projects. Identifies bugs, security issues, performance problems, and maintainability concerns. Provides actionable feedback with specific suggestions.
security-review
当添加身份认证(authentication)、处理用户输入、使用凭据(secrets)、创建 API 端点或实现支付/敏感功能时,请使用此技能。提供全面的安全检查清单和模式。
examples
This Claude Skill provides a comprehensive project-level CLAUDE.md template for software development teams, covering code organization, style guidelines, testing practices, security measures, and development workflows.
springboot-security
Spring Security best practices for authn/authz, validation, CSRF, secrets, headers, rate limiting, and dependency security in Java Spring Boot services.
docker-deploy
Create Docker configurations and deployment workflows for Scrapy projects when containerizing spiders or deploying to production. Generates Dockerfiles, docker-compose setups, and orchestration configurations.
auth-system
Implement authentication and authorization systems including JWT, session-based, role-based access control (RBAC), and OAuth integration
deployment-guide
Production deployment guidance for Quart applications including Docker, Hypercorn configuration, environment management, monitoring, and performance tuning. Activates when deploying or optimizing for production.
managing-gitlab-pipelines
REQUIRED Python scripts for GitLab CI/CD pipeline automation. MUST be loaded before triggering pipelines, launching manual jobs, monitoring pipeline status, or collecting job logs. Contains authoritative documentation on batch operations, pattern matching, watch mode, and failure analysis workflows. Invoked by gitlab-cicd-specialist agent.
backend-development
Build robust backend systems with modern technologies (Node.js, Python, Go, Rust), frameworks (NestJS, FastAPI, Django), databases (PostgreSQL, MongoDB, Redis), APIs (REST, GraphQL, gRPC), authentication (OAuth 2.1, JWT), testing strategies, security best practices (OWASP Top 10), performance optimization, scalability patterns (microservices, caching, sharding), DevOps practices (Docker, Kubernetes, CI/CD), and monitoring. Use when designing APIs, implementing authentication, optimizing database queries, setting up CI/CD pipelines, handling security vulnerabilities, building microservices, or developing production-ready backend systems.
skill-security-analyzer
Comprehensive security risk analysis for Claude skills. Use when asked to analyze security risks, review security stance, audit skills for vulnerabilities, check security before deployment, or evaluate safety of skill files. Triggers include "analyze security," "security risks," "security audit," "security review," "is this skill safe," or "check for vulnerabilities."
code-quality-gate
Enforces automated quality checks before every deploy. Prevents production failures through a 5-stage Quality Gate System (Pre-Commit, PR-Check, Preview, E2E, Production). Activate on code changes, deployments, PR reviews, build failures.
security-best-practices
Implement security best practices for web applications and infrastructure. Use when securing APIs, preventing common vulnerabilities, or implementing security policies. Handles HTTPS, CORS, XSS, SQL Injection, CSRF, rate limiting, and OWASP Top 10.
security-dependency-scanning
Guide for conducting comprehensive web dependency security scans to identify outdated libraries, CVEs, and security misconfigurations. Use when analyzing deployed websites for dependency vulnerabilities.
kube-audit-kit
Performs read-only Kubernetes security audits by exporting resources, sanitizing metadata, grouping applications by topology, and generating PSS/NSA-compliant audit reports. Use when the user requests auditing Kubernetes clusters, Namespaces, security reviews, or configuration analysis.
physical-security-agent
Imported from https://github.com/starwreckntx/IRP__METHODOLOGIES-.
wireless-security-agent
Imported from https://github.com/starwreckntx/IRP__METHODOLOGIES-.
security-auth
Imported from https://github.com/ajianaz/skills-collection.
stripe-skill
Guide for integrating Stripe payments into an existing project. Covers one-time payments, subscriptions, and advanced patterns with security best practices.
security-audit
Imported from https://github.com/terraphim/opencode-skills.
full-stack-optimizer
Multi-agent orchestration for comprehensive frontend + backend improvements. Use when user requests "improve the app", "optimize functionality", "make it perfect", or "enhance the system". Deploys specialized agents for parallel analysis and implementation.
security-scanner
Scans code for security vulnerabilities using Snyk, Trivy, Bandit (Python), ESLint security plugins, or CodeQL. Detects SQL injection, XSS, CSRF, hardcoded secrets (API keys, passwords), dependency vulnerabilities (CVEs), insecure configurations, and OWASP Top 10 issues. Generates security reports with severity ratings and remediation steps. Use during code review, before deployment, in CI/CD pipelines, investigating security issues, passing security audits, or enforcing security best practices.
devops
Imported from https://github.com/terraphim/opencode-skills.
reverse-engineering-quick
A security analysis skill for fast binary triage, extracting indicators of compromise, and initial malware assessment through static disassembly and string reconnaissance.
code-review-assistant
A multi-agent code review skill that provides systematic PR analysis with specialized reviewers for security, performance, style, tests, and documentation, offering detailed feedback and auto-fix suggestions.