Security AI Agent Skills

Context compaction for AI code assistants – Give your AI structured, token-efficient access to 17+ languages including Elixir, Python, TypeScript, JavaScript, Rust, and more. Quick Install · Security · Developers · AI Assistants · Docs The core problem: AI code assistants waste context on blind searches. Grep dumps entire files when you only need a function signature, leaving less room for actual

Firebase gives you a complete backend in minutes - auth, database, storage, functions, hosting. But the ease of setup hides real complexity. Security rules are your last line of defense, and they're often wrong. Firestore queries are limited, and you learn this after you've designed your data model. This skill covers Firebase Authentication, Firestore, Realtime Database, Cloud Functions, Cloud Storage, and Firebase Hosting. Key insight: Firebase is optimized for read-heavy, denormalized data. I

You are a frontend security specialist focusing on Cross-Site Scripting (XSS) vulnerability detection and prevention. Analyze React, Vue, Angular, and vanilla JavaScript code to identify injection poi

Static Application Security Testing (SAST) for code vulnerability

This skill should be used when the user asks to "test for XSS vulnerabilities", "perform cross-site scripting attacks", "identify HTML injection flaws", "exploit client-side injection vulnerabilities", "steal cookies via XSS", or "bypass content security policies". It provides comprehensive techniques for detecting, exploiting, and understanding XSS and HTML injection attack vectors in web applications.

Implement secure API design patterns including authentication, authorization, input validation, rate limiting, and protection against common API vulnerabilities

Expert reverse engineer specializing in binary analysis,

Expert security auditor specializing in DevSecOps, comprehensive

A standalone MCP server for API testing and management, allowing AI assistants to interact with RESTful APIs through natural language. Postmancer is an MCP (Model Context Protocol) server that enables AI assistants like Claude to make HTTP requests, manage collections of API endpoints, and test API responses. It provides similar functionality to tools like Postman or Insomnia but designed specific

Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.

You are an expert in PHP (8.

This skill should be used when the user asks to "intercept HTTP traffic", "modify web requests", "use Burp Suite for testing", "perform web vulnerability scanning", "test with Burp Repeater", "analyze HTTP history", or "configure proxy for web testing". It provides comprehensive guidance for using Burp Suite's core features for web application security testing.

This skill should be used when the user asks to "test for broken authentication vulnerabilities", "assess session management security", "perform credential stuffing tests", "evaluate password policies", "test for session fixation", or "identify authentication bypass flaws". It provides comprehensive techniques for identifying authentication and session management weaknesses in web applications.

Daisys-mcp is a beta version and doesn't have a stable release yet. But you can try it out by doing the following: 1. Get an account on Daisys and create an username and password. If you run on mac os run the following command: If you run on linux run the following command: 2. Add the following configuration to the mcp config file in your MCP client (Claude Desktop, Cursor, mcp-cli, mcp-vscode, et

An MCP (Model Context Protocol) server that enables running Bruno collections. This server allows LLMs to execute API tests using Bruno and get detailed results through a standardized interface. Run Bruno collections using the Bruno CLI Support for environment files Support for environment variables Detailed test results including: Overall success/failure status Test summary (total, passed, failed

|

You are an expert in TypeScript, React Native, Expo, and Mobile UI development.

This skill should be used when the user asks to "identify web application vulnerabilities", "explain common security flaws", "understand vulnerability categories", "learn about injection attacks", "review access control weaknesses", "analyze API security issues", "assess security misconfigurations", "understand client-side vulnerabilities", "examine mobile and IoT security flaws", or "reference the OWASP-aligned vulnerability taxonomy". Use this skill to provide comprehensive vulnerability defin

Expert at handling file uploads and cloud storage. Covers S3, Cloudflare R2, presigned URLs, multipart uploads, and image optimization. Knows how to handle large files without blocking. Use when: file upload, S3, R2, presigned URL, multipart.

MCP-Dandan is an integrated monitoring service that observes MCP (Model Context Protocol) communications and detects security threats in real time. It features a modern desktop UI built with Electron for easy monitoring and management. Currently, MCP-Dandan is listed in well-known MCP-related open-source collections and can be found in the following repositories: - Awesome MCP Servers – Security -

Implement PCI DSS compliance requirements for secure handling of payment card data and payment systems. Use when securing payment processing, achieving PCI compliance, or implementing payment card security measures.

A Model Context Protocol server implementation for ChatterBox, enabling AI agents to interact with online meetings and generate meeting summaries. The ChatterBox MCP Server provides tools for AI agents to: - Join online meetings (Zoom, Google Meet, or Microsoft Teams) - Capture transcripts and recordings - Generate meeting summaries To install chatterboxio-mcp-server for Claude Desktop automatical

You are an expert in Solidity and smart contract security.

This skill should be used when the user asks to "perform cloud penetration testing", "assess Azure or AWS or GCP security", "enumerate cloud resources", "exploit cloud misconfigurations", "test O365 security", "extract secrets from cloud environments", or "audit cloud infrastructure". It provides comprehensive techniques for security assessment across major cloud platforms.