SKILL.md files package domain expertise into something any AI agent can use. Drop one into your project and your agent learns how to process PDFs, design interfaces, write tests, or whatever the skill teaches.
83 skills
Stop pasting API keys into AI chat. When you paste sk-proj-xxx into Claude Code, that secret is now in your conversation history, Anthropic's logs, and potentially exposed to prompt injection attacks. secretctl fixes this. Your AI gets command results, never secret values. Every day, developers paste secrets into AI coding assistants: This is a security incident waiting to happen. - Secrets in con
Apply STRIDE methodology to systematically identify threats. Use when analyzing system security, conducting threat modeling sessions, or creating security documentation.
Create a new App Store Connect app record via browser automation. Use when there is no public API for app creation and you need an agent to drive the New App form.
Expert patterns for HubSpot CRM integration including OAuth authentication, CRM objects, associations, batch operations, webhooks, and custom objects. Covers Node.js and Python SDKs. Use when: hubspot, hubspot api, hubspot crm, hubspot integration, contacts api.
Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist and patterns.
Expert in secure frontend coding practices specializing in XSS
Master network protocol reverse engineering including packet analysis, protocol dissection, and custom protocol documentation. Use when analyzing network traffic, understanding proprietary protocols, or debugging network communication.
Expert network engineer specializing in modern cloud networking,
For the best experience, use Pipedream's hosted MCP server which provides: - 2,800+ APIs and 10,000+ tools through a single server - Built-in authentication: no manual token management required - Multiple tool modes: sub-agent and full configuration - Automatic app discovery - Enterprise-grade reliability and security 🚀 Get started: Pipedream MCP Documentation This reference implementation shows
Build Slack apps using the Bolt framework across Python, JavaScript, and Java. Covers Block Kit for rich UIs, interactive components, slash commands, event handling, OAuth installation flows, and Workflow Builder integration. Focus on best practices for production-ready Slack apps. Use when: slack bot, slack app, bolt framework, block kit, slash command.
A powerful Microsoft SQL Server MCP (Model Context Protocol) server that enables Claude Desktop to interact with SQL Server databases through natural language queries. - 🤖 AI-Ready: Seamless integration with Claude Desktop and MCP protocol - 🔍 Smart Queries: Execute SQL queries in CSV or JSON format through natural language - 🔐 Secure Authentication: Support for SQL Server Auth, Windows Auth, a
Production-ready Rust SDK for the Model Context Protocol (MCP) with zero-boilerplate development and progressive enhancement. Build MCP servers in seconds with automatic schema generation, type-safe handlers, and multiple transport protocols. - Rust 1.89.0+ (Edition 2024) - Check with rustc --version - Tokio async runtime Add to your Cargo.toml: Or with cargo: TurboMCP uses feature flags for progr
Understand anti-reversing, obfuscation, and protection techniques encountered during software analysis. Use when analyzing protected binaries, bypassing anti-debugging for authorized analysis, or understanding software protection mechanisms.
Enterprise-grade Chrome automation for AI agents with compliance-ready logging Enterprise Features • Compliance Logging • Security Features • Quick Start • Docker Deploy Built for corporate environments where security, compliance, and auditability are non-negotiable. SIEM-ready logging in industry-standard formats. Every tool execution, credential access, and security event is logged. - authentica
Map identified threats to appropriate security controls and mitigations. Use when prioritizing security investments, creating remediation plans, or validating control effectiveness.
Implement PCI DSS compliance requirements for secure handling of payment card data and payment systems. Use when securing payment processing, achieving PCI compliance, or implementing payment card security measures.
Build communication features with Twilio: SMS messaging, voice calls, WhatsApp Business API, and user verification (2FA). Covers the full spectrum from simple notifications to complex IVR systems and multi-channel authentication. Critical focus on compliance, rate limits, and error handling. Use when: twilio, send SMS, text message, voice call, phone verification.
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies.
A personal MCP (Model Context Protocol) server for securely storing and accessing API keys across projects using the macOS Keychain. ServeMyAPI allows you to store API keys securely in the macOS Keychain and access them through a consistent MCP interface. This makes it easy to: - Store API keys securely (they're never visible in .env files or config files) - Access the same keys across multiple pr
Use when you need to address review or issue comments on an open GitHub Pull Request using the gh CLI.
This skill should be used when the user asks to "perform vulnerability scanning", "scan networks for open ports", "assess web application security", "scan wireless networks", "detect malware", "check cloud security", or "evaluate system compliance". It provides comprehensive guidance on security scanning tools and methodologies.
Triggers on stock/market analysis, investment research, earnings, valuations, sentiment queries.
This skill should be used when the user asks to "identify web application vulnerabilities", "explain common security flaws", "understand vulnerability categories", "learn about injection attacks", "review access control weaknesses", "analyze API security issues", "assess security misconfigurations", "understand client-side vulnerabilities", "examine mobile and IoT security flaws", or "reference the OWASP-aligned vulnerability taxonomy". Use this skill to provide comprehensive vulnerability defin
This skill should be used when the user asks to "analyze network traffic with Wireshark", "capture packets for troubleshooting", "filter PCAP files", "follow TCP/UDP streams", "detect network anomalies", "investigate suspicious traffic", or "perform protocol analysis". It provides comprehensive techniques for network packet capture, filtering, and analysis using Wireshark.