These Claude Skills help security professionals identify vulnerabilities, conduct code security audits, build threat models, and navigate compliance requirements. Many are contributed by verified security researchers and organizations.
Audit AI-generated or rapidly iterated code for structural flaws, security risks, and production readiness across seven dimensions.
Audit GitHub Actions workflows for security vulnerabilities in AI agent integrations by detecting attack vectors where attacker-controlled input reaches CI/CD-deployed agents.
Implement authentication, authorization, input validation, CSRF protection, and secrets management in Spring Boot applications.
Execute systematic fuzzing attacks on REST, SOAP, and GraphQL APIs to discover vulnerabilities including IDOR, authentication bypass, and injection flaws.
Authenticate Rust applications to Azure using DeveloperToolsCredential, ManagedIdentityCredential, or ClientSecretCredential with Microsoft Entra ID.
Create, manage, and perform cryptographic operations on keys stored in Azure Key Vault using Rust SDK with complete code examples.
Authenticate and manage secrets in Azure Key Vault using Rust SDK with get, set, delete, and version control operations.
Decode compiled binaries using x86-64, ARM64, and ARM32 assembly patterns with calling conventions, control flow, and function structure recognition.
Test web applications for authentication vulnerabilities using systematic methodology across password policies, session handling, brute force, and credential stuffing attacks.
Extract and search HTTP traffic, headers, and audit findings from Burp Suite project files using regex patterns and targeted filters.
Review code for vulnerabilities across secrets, input validation, SQL injection, and authentication using domain-specific checklists and safe code patterns.
Analyze repository structure and generate safe Claude Code settings.json permissions for read-only bash commands.
Conduct risk-first security code reviews on PRs with evidence-based findings, blast radius analysis, and adversarial modeling.
Audit medical device software against 21 CFR Part 820, IEC 62304, and ISO 13485 with severity-ranked findings and corrective actions.
Execute advanced web fuzzing for penetration testing using FFUF with multi-wordlist modes, authenticated requests, and intelligent filtering.
Audit GitHub Actions workflows for exploitable vulnerabilities using real attack patterns, requiring concrete exploitation scenarios for every finding.
Identify and exploit HTML injection vulnerabilities in web applications using structured testing phases, payload examples, and remediation guidance.
Systematically identify and exploit Insecure Direct Object Reference vulnerabilities using parameter manipulation, enumeration, and Burp Suite techniques.
Review Bitcoin Lightning Network protocol designs, compare channel factory approaches, and analyze Layer 2 scaling tradeoffs with expert-level depth.
Write correct Odoo security rules: ir.model.access.csv entries, ir.rule record restrictions, and multi-company access patterns.
Execute comprehensive penetration tests using structured phases for scoping, preparation, execution, and remediation with specific task workflows.
Provide quick lookup for nmap, Metasploit, and exploitation commands during authorized security assessments.
Build privacy protections into app architecture from day one using GDPR, CCPA, LGPD principles—data minimization, consent, encryption, user rights.
Verify blockchain code implements exact specification requirements by comparing against whitepapers and design documents with evidence-based gap analysis.
Yes. The Security category includes skills for recon, attack surface mapping, vulnerability identification, and pentest report writing — all designed for authorized security testing contexts.
Several highly-rated skills in both Development and Security categories focus on identifying insecure code patterns: SQL injection, XSS, SSRF, auth flaws, and dependency vulnerabilities.
Security skills come from verified security researchers, pen testing firms, and organizations like Trail of Bits. Creator verification is shown on each skill page.
Looking for something specific?