Security AI Agent Skills
AI agent skills for application security. Vulnerability scanning, secure coding patterns, authentication, and audit workflows.
199 listings
Broken Authentication Testing
This skill should be used when the user asks to "test for broken authentication vulnerabilities", "assess session management security", "perform credential stuffing tests", "evaluate password policies", "test for session fixation", or "identify authentication bypass flaws". It provides comprehensive techniques for identifying authentication and session management weaknesses in web applications.
Burp Suite Web Application Testing
This skill should be used when the user asks to "intercept HTTP traffic", "modify web requests", "use Burp Suite for testing", "perform web vulnerability scanning", "test with Burp Repeater", "analyze HTTP history", or "configure proxy for web testing". It provides comprehensive guidance for using Burp Suite's core features for web application security testing.
Auth Implementation Patterns
Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.
Postmancer
A standalone MCP server for API testing and management, allowing AI assistants to interact with RESTful APIs through natural language. Postmancer is an MCP (Model Context Protocol) server that enables AI assistants like Claude to make HTTP requests, manage collections of API endpoints, and test API responses. It provides similar functionality to tools like Postman or Insomnia but designed specific
Solidity Security
Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.
Deployment Engineer
Expert deployment engineer specializing in modern CI/CD pipelines,
Metasploit Framework
This skill should be used when the user asks to "use Metasploit for penetration testing", "exploit vulnerabilities with msfconsole", "create payloads with msfvenom", "perform post-exploitation", "use auxiliary modules for scanning", or "develop custom exploits". It provides comprehensive guidance for leveraging the Metasploit Framework in security assessments.