Best AI agent skills for Security Professionals
These AI agent skills help security professionals identify vulnerabilities, conduct code security audits, build threat models, and navigate compliance requirements. Many are contributed by verified security researchers and organizations.
Top Security AI agent skills
Security Review
Identify vulnerabilities and enforce security best practices across authentication, input validation, and sensitive operations.
Semgrep Rule Language Porter
Port existing Semgrep security rules to new target languages with applicability analysis and test-driven validation.
Binary Assembly Analysis Patterns
Decode compiled binaries using x86-64, ARM64, and ARM32 assembly patterns with calling conventions, control flow, and function structure recognition.
SAST Code Vulnerability Scanner
Scan source code across 7 languages for injection, secrets, and framework vulnerabilities using Bandit, ESLint, Semgrep with triage workflow.
Shodan Reconnaissance For Pentesting
Systematically discover exposed services, vulnerable systems, and IoT devices using Shodan's API, CLI, and search filters during authorized penetration testing.
Spec-to-Code Compliance Auditor
Verify blockchain code implements exact specification requirements by comparing against whitepapers and design documents with evidence-based gap analysis.
Smart Contract Guidelines Advisor
Analyzes smart contract codebases against Trail of Bits best practices, generating documentation and security recommendations.
Django Security Best Practices
Implement Django authentication, authorization, CSRF protection, and secure production configurations
Web Vulnerabilities Reference Guide
Reference 100+ critical web vulnerabilities organized by category with root causes, impacts, and specific mitigations for systematic security testing.
Variant Analysis for Security
Find similar vulnerabilities across codebases using pattern-based analysis with ripgrep, Semgrep, and CodeQL after identifying an initial issue.
Burp Suite Project Parser
Extract and search HTTP traffic, headers, and audit findings from Burp Suite project files using regex patterns and targeted filters.
Laravel Security Best Practices
Implement authentication, authorization, CSRF protection, validation, and secure deployment in Laravel applications.
Laravel Security Best Practices
Implement authentication, authorization, CSRF protection, input validation, and secure deployment for Laravel applications.
Substrate Pallet Vulnerability Scanner
Scan Substrate/FRAME pallets for 7 critical vulnerabilities: arithmetic overflow, panic DoS, weight miscalculation, unsafe storage writes, unsigned validation gaps, bad randomness, and origin checks.
CISO Advisor
Quantify security risks in dollars, build compliance roadmaps, and architect zero-trust strategies for growth companies.
Differential Security Code Review
Perform risk-focused security analysis of code changes with blast radius calculation, test coverage assessment, and comprehensive markdown reports.
Ransomware Leak Site Intelligence Analysis
Monitor and analyze ransomware group data leak sites to extract threat intelligence on victim patterns, group tactics, and sector-specific risk.
Semgrep Rule Creator
Create production-quality Semgrep rules for detecting security vulnerabilities and code patterns with mandatory testing and validation.
Fuzzing Coverage Analysis
Measure code coverage during fuzzing to assess harness effectiveness and identify fuzzing blockers.
Security Scan with AgentShield
Scan Claude Code configurations for security vulnerabilities, misconfigurations, and injection risks.
Semgrep Security Scan
Run parallel Semgrep static analysis with automatic language detection, Pro support, and merged SARIF output.
AddressSanitizer Memory Error Detection
Configure and deploy AddressSanitizer to detect buffer overflows and memory corruption bugs during C/C++ fuzzing campaigns.
Wycheproof Cryptographic Testing
Validate cryptographic implementations against Google's test vectors for known attacks and edge cases.
Bypass Fuzzing Obstacles
Patch code with conditional compilation to overcome checksums, global state, and validation barriers during fuzzing.
Frequently Asked Questions
Can AI agent skills help with penetration testing?
Yes. The Security category includes skills for recon, attack surface mapping, vulnerability identification, and pentest report writing - all designed for authorized security testing contexts.
Are there AI agent skills for code security review?
Several highly-rated skills in both Development and Security categories focus on identifying insecure code patterns: SQL injection, XSS, SSRF, auth flaws, and dependency vulnerabilities.
Who creates the security AI agent skills?
Security skills come from verified security researchers, pen testing firms, and organizations like Trail of Bits. Creator verification is shown on each skill page.
Looking for something specific?