Find the perfect skill
Compliance Manager Guardian
Security
Enforces non-negotiable compliance rules when editing core/security/compliance-manager.js, preserving PCI card masking, GDPR consent/encryption, PSD2 strong customer authentication, SOX audit trails, and HIPAA health data protection. Use this skill when modifying compliance validators, security handling, or audit flows to prevent accidental weakening of regulatory controls.
StackHawk Security Onboarding
Security
Automatically analyzes a repository to determine if it's a candidate for API security testing with StackHawk. If appropriate, generates a pull request with a stackhawk.yml configuration, GitHub Actions workflow, and documentation. Helps development teams set up automated security testing for their APIs.
Web Dependency Security Scan
Security
Scan a deployed website to detect outdated frontend libraries, CMS platforms, and security header misconfigurations. It interactively collects the target URL and scan scope, then triggers a specialized agent to identify known CVEs and generate a detailed security report without requiring source code access.
XSS Injection and Client-Side Attacks
Security
Executes Cross-Site Scripting (XSS) and client-side injection attacks such as clickjacking. Helps identify and exploit vulnerabilities where malicious scripts can be injected into web pages viewed by other users. Works with Burp Suite, Dalfox, and XSStrike to test reflected, stored, and DOM-based XSS.
ClawGuard Security Layer
Security
Intercepts shell commands, file operations, and network requests before execution, enforcing a customizable security policy. Actions can be automatically allowed, blocked, or held for human approval. Use it to prevent accidental or malicious changes to your system.
Compliance Mapping to Security Frameworks
Security
Maps threats and controls to compliance frameworks like OWASP Top 10, SOC2, PCI-DSS, HIPAA, and GDPR. Generates compliance reports with coverage percentages and identifies gaps. Use when checking compliance status, mapping to security frameworks, or generating audit documentation.
Authentication & Authorization Review
Security
Reviews authentication and authorization designs—including JWT, OAuth, RBAC/ABAC—by tracing login flows, token management, route protection, and privilege escalation risks. Helps security engineers audit auth modules for misconfigurations and hardcoded vulnerabilities.
Outbound Interaction & OOB Detection
Security
Security assessment skill focused on verifying outbound interactions and out-of-band (OOB) validation. Used for testing SSRF, blind XSS, XXE/OOB, webhook abuse, or DNS/HTTP callback correlation. It enables reliable confirmation of asynchronous server-side behavior through unique tokens, timestamp correlation, and noise filtering.
Better Auth JWT Authentication Setup
Security
This skill provides guidance for configuring Better Auth with JWT for secure user authentication. It covers JWT token creation, password hashing, user signup and login, and session management using FastAPI dependencies. Useful for implementing user authentication in web applications.
Authentication Flow Builder
Security
Implement secure authentication flows with JWT, OAuth2, OIDC, and multi-factor authentication.
Azure Role Selector
Security
Helps users select the most appropriate Azure role with least privilege for their desired permissions. Uses Azure documentation to find built-in roles or generates a custom role, then provides CLI commands and a Bicep snippet to assign the role.
Abuselpdb Automation via Rube MCP
Security
Automate Abuselpdb operations (IP/domain abuse reporting) via Composio's toolkit through Rube MCP. Helps when you need to programmatically manage abuse reports, check IPs, or automate workflows without manual API calls.