Security Skills
Skills for security-conscious developers — OWASP scanning, secrets detection, dependency auditing, and threat modeling.
OWASP Scanner
Scans codebases against the OWASP Top 10 — injection flaws, broken auth, XSS, CSRF, and insecure deserialization with remediation guidance per finding.
Secrets Detector
Scans repositories for accidentally committed secrets — API keys, tokens, passwords, and private keys — with Git history analysis and rotation guidance.
Dependency Auditor
Audits npm, pip, cargo, and Maven dependencies for known CVEs — severity ratings, patch versions, and safe upgrade paths for each vulnerable package.
SQL Injection Checker
Detects SQL injection vulnerabilities in query construction — parameterized query rewrites, ORM alternatives, and input sanitization recommendations.
Security Review
Performs security-focused code reviews — authentication flaws, authorization bypasses, data exposure risks, and cryptographic misuse across any language.
Threat Modeler
Generates STRIDE threat models from architecture diagrams — data flow analysis, trust boundary identification, and mitigations mapped to attack vectors.