Best skills for: Security audit
Security auditing in AI-assisted coding demands skills that go beyond surface-level checks. The most valuable ones help you map code to established security frameworks (Compliance Mapping), track the threat landscape dynamically (Threat Model Status), and harden the backend against exploits (Backend Application Security). When selecting a skill, look for actionable alerts rather than generic warnings. A common pitfall is trusting AI suggestions blindly—always cross-reference with your organization's policies. Another is neglecting backend security, assuming the AI handles it. Compliance Mapping should adapt to your specific framework (SOC2, ISO27001), not be hardcoded. Threat Model Status should surface known CVEs and behavioral anomalies. For a thorough audit, combine these with manual penetration testing and code reviews. This turns your audit from a checkbox exercise into genuine risk reduction. These skills amplify your expertise but require careful oversight.
9 skills selected
Compliance Mapping to Security Frameworks
Security
Maps threats and controls to compliance frameworks like OWASP Top 10, SOC2, PCI-DSS, HIPAA, and GDPR. Generates compliance reports with coverage percentages and identifies gaps. Use when checking compliance status, mapping to security frameworks, or generating audit documentation.
Go Vulnerability Scanner
Security
Runs a vulnerability scan for Go projects using govulncheck, detecting known vulnerabilities (CVEs) in both direct and indirect dependencies. Helps with regular security checks or CI/CD integration by reporting severity levels and suggesting update actions.
Kubernetes Security Policies
Security
This skill covers implementing Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security. Use it to enforce network segmentation, configure pod security standards, or set up least-privilege access controls.
Security Audit Phase 1
Security
First phase of the security audit pipeline that scans the codebase (src/app) for vulnerabilities like unprotected endpoints, missing input validation, authorization gaps, and exposed secrets. Outputs a prioritized findings list in SECURITY_PLAN.md. Use after /full-security-audit or invoke directly with '/1-security-audit'.
Dependency Vulnerability Scanning
Security
Scans project dependencies across ecosystems to identify known vulnerabilities, generates SBOMs, and suggests automated remediation. Helps during security audits or for supply chain compliance and risk assessment.
Better Auth JWT Authentication Setup
Security
This skill provides guidance for configuring Better Auth with JWT for secure user authentication. It covers JWT token creation, password hashing, user signup and login, and session management using FastAPI dependencies. Useful for implementing user authentication in web applications.
MEV Security
Security
Provides structured guidance on MEV (Miner Extractable Value) concepts, common attack patterns like sandwich/frontrunning/backrunning, and mitigation strategies such as private relays and MEV blockers. Helps organize relevant resources in README files under appropriate sections.
PHI Compliance Checker
Security
Scans code and data for Protected Health Information (PHI) to ensure HIPAA compliance. Use when reviewing code that handles patient data, healthcare records, or medical information. Checks for 18 HIPAA identifiers, logs, encryption, access controls, and flags PHI in comments, test data, or configuration files.
ClawGuard Security Layer
Security
Intercepts shell commands, file operations, and network requests before execution, enforcing a customizable security policy. Actions can be automatically allowed, blocked, or held for human approval. Use it to prevent accidental or malicious changes to your system.
How to choose
- How are these skills selected?
- Each skill is curated and verified by the Skills Guides editorial team. We run a security and quality review on every entry, so only verified skills appear in this selection.
- What do the security ratings mean?
- We label skills Safe, Caution or Risky based on our security analysis — checking for prompt-injection risks, requested permissions and other red flags. The rating gives you an at-a-glance sense of how much trust a skill warrants.
- How do I install a skill?
- Open any skill page and follow its install instructions for your tool — Claude Code, Cursor or Copilot. Each skill lists the exact steps so you can get it running in a couple of minutes.