Find the perfect skill
Go Vulnerability Scanner
Security
Runs a vulnerability scan for Go projects using govulncheck, detecting known vulnerabilities (CVEs) in both direct and indirect dependencies. Helps with regular security checks or CI/CD integration by reporting severity levels and suggesting update actions.
MEV Security
Security
Provides structured guidance on MEV (Miner Extractable Value) concepts, common attack patterns like sandwich/frontrunning/backrunning, and mitigation strategies such as private relays and MEV blockers. Helps organize relevant resources in README files under appropriate sections.
TwinMind Security Basics
Security
Implement security best practices for TwinMind integrations, including secure API key management, environment configuration, webhook signature validation, and data encryption at rest. This skill helps when securing API keys, configuring privacy settings, or implementing data protection for meeting recordings.
Outbound Interaction & OOB Detection
Security
Security assessment skill focused on verifying outbound interactions and out-of-band (OOB) validation. Used for testing SSRF, blind XSS, XXE/OOB, webhook abuse, or DNS/HTTP callback correlation. It enables reliable confirmation of asynchronous server-side behavior through unique tokens, timestamp correlation, and noise filtering.
HTTP Request Smuggling
Security
Provides a methodology for detecting and exploiting HTTP request smuggling vulnerabilities, including CL.TE, TE.CL, and TE.TE variants, as well as HTTP/2 smuggling. Helps identify desynchronizations between front-end and back-end servers to bypass WAFs, poison caches, or hijack credentials.
Multi-Layer Security Hardening Orchestration
Security
Coordinates multi-layer security hardening using specialized agents for vulnerability scanning, threat modeling, architecture review, and remediation. It implements defense-in-depth controls across application, infrastructure, and CI/CD pipelines. Best for running a structured security hardening program with prioritized fixes and compliance validation.
Threat Model Status
Security
Displays a comprehensive overview of the threat model state, including asset counts, threat distribution by severity, control verification status, and compliance coverage. Use it to check threat model status, get an overview of security posture, or review the current state.
Embedding Hunt
Security
Uses embedding similarity to hunt for related behaviors across the environment. Starting from a confirmed malicious finding, it discovers behavior clusters, related entities, and variations of known attack patterns. Helps assess incident scope and detect coordinated or widespread threats.
OTTO - LGPD Privacy Guardian
Security
Scans code for LGPD (Brazilian Data Protection Law 13.709/18) violations: exposed personal data (CPF, RG, email, phone), logs containing PII, and tracking without consent. Use when code accesses personal data, implements analytics/tracking, or before commits that alter data collection.
Security Control Verification
Security
Verifies that security controls from a threat model are implemented in the codebase. Searches for control implementations using code patterns, validates configurations, and identifies missing or incomplete controls. Helps when validating a threat model against actual code or finding security gaps.
RLS Templates for Supabase
Security
Provides production-ready Row Level Security policy templates for Supabase applications. Covers multi-tenant patterns, user isolation, role-based access, and AI-specific patterns like chat and embedding security. Helps quickly implement and test RLS policies to secure user data in Supabase projects.
Abuselpdb Automation via Rube MCP
Security
Automate Abuselpdb operations (IP/domain abuse reporting) via Composio's toolkit through Rube MCP. Helps when you need to programmatically manage abuse reports, check IPs, or automate workflows without manual API calls.