Find the perfect skill
Security Audit Scanner
Security
Analyzes code to detect OWASP Top 10 vulnerabilities.
OWASP Security Checklist
Security
Generates application security checklists based on the OWASP Top 10.
Threat Model Generator
Security
Generates threat model documents with STRIDE analysis.
Attack Tree Construction
Security
Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.
Threat Analysis (STRIDE/PASTA)
Security
Systematically identifies and analyzes threats using STRIDE or PASTA frameworks. Generates a threat catalog, attack trees, abuse cases, and a prioritized risk register. Useful when modeling security threats or performing risk assessments.
Perplexity Policy & Guardrails
Security
Implements ESLint rules, pre-commit hooks, and CI policy checks to enforce Perplexity best practices (API key handling, error handling, strict typing). Useful when setting up code quality controls for Perplexity integrations.
Ffind - Advanced File Finder
Security
Tool that analyzes files and directories, identifies file types, and extracts embedded filesystems like ext2/3/4 and F2FS. Useful for firmware analysis and IoT device security assessments. It can output results in text or JSON format.
Security Audit Phase 1
Security
First phase of the security audit pipeline that scans the codebase (src/app) for vulnerabilities like unprotected endpoints, missing input validation, authorization gaps, and exposed secrets. Outputs a prioritized findings list in SECURITY_PLAN.md. Use after /full-security-audit or invoke directly with '/1-security-audit'.
Vulnerability Scanning with Tekton and Trivy
Security
Generate a Tekton Task that uses Trivy to scan a container image for critical and high vulnerabilities, failing the pipeline if any are found. The task takes the image name as a parameter and runs the trivy command with exit code 1. Useful for integrating vulnerability scanning into CI/CD pipelines built with Tekton.
Dynamic JavaScript Security Audit
Security
Performs a comprehensive security audit of dynamically loaded JavaScript dependencies in a web application. It scans the codebase for script injection patterns, dynamic imports, third-party scripts, iframes, and service workers, then evaluates supply chain risks, XSS vectors, and best practices like CSP and SRI. Helps developers identify and fix security issues without breaking existing functionality.
RBAC Permission System Designer
Security
Design and implement role-based access control systems with fine-grained permissions and policy enforcement.
Abuselpdb Automation via Rube MCP
Security
Automate Abuselpdb operations (IP/domain abuse reporting) via Composio's toolkit through Rube MCP. Helps when you need to programmatically manage abuse reports, check IPs, or automate workflows without manual API calls.