Category · Security
Security tools
Every Security tool worth a solo builder's time - the skills, MCP servers, marketplaces and workflows in the Security category, ranked by community signal and filterable by phase, type and what you're building.
What's in the Security category
The Security category collects 1,238 curated tools including agent skills, MCP servers, marketplaces and plugins. Every one is screened against a single quality bar and ranked by real community signal, so the strongest tools surface first.
These tools show up across the build journey, including Idea, Validate, Build, Ship, Launch and Operate — use the filters below to narrow by phase, type or tool, or jump straight to a phase hub to see security tools in the context of everything else that phase needs.
TypeDescription
1Azure ComplianceSecurityskillRun Azure best-practice and compliance scans with azqr and audit Key Vault keys, secrets, and certificates before or after shipping workloads.373k1.2k
2Openclaw Secure Linux CloudSecurityskillDeploy OpenClaw on a hardened Linux cloud VPS with rootless Podman and SSH-tunneled control UI access.201k61
3Entra Agent IdSecurityskillProvision Microsoft Entra Agent Identity blueprints and per-instance agent principals, then configure OAuth fmi_path and OBO token exchange for production AI agents.99.1k1.2k
4Firebase Security Rules AuditorSecurityskillRed-team Firestore security rules after edits so solo builders catch update bypasses and authority bugs before production.40.3k345
5Firestore Security Rules AuditorSecurityskillRed-team Firestore security rules after edits so create/update gaps, authority spoofing, and abuse paths get caught before production.20.3k345
6Skill VetterSecurityskillRun a conservative, manual-first security checklist on OpenClaw SKILL.md packages before installing from ClawHub, GitHub, or shared files.19.2k62
7Gws ModelarmorSecurityskillWire Google Model Armor into your agent or SaaS so prompts and model outputs are sanitized through named templates before users see them.15.2k26.9k
8Gws Modelarmor Create TemplateSecurityskillCreate a Google Cloud Model Armor template via the gws CLI so prompts and responses can be sanitized against jailbreak and custom policies.15.1k26.9k
9Gws Modelarmor Sanitize PromptSecurityskillSanitize inbound user prompts through a Google Model Armor template before they reach your LLM or agent pipeline.14.9k26.9k
10Gws Modelarmor Sanitize ResponseSecurityskillRun Google Model Armor outbound sanitization on model-generated text before it reaches users via gws modelarmor +sanitize-response.14.9k26.9k
11Better Auth Security Best PracticesSecurityskillHarden authentication flows when shipping a SaaS or API that uses the Better Auth library.14.5k196
12Security Requirement ExtractionSecurityskillTurn product specs and compliance goals into structured security requirements with domains, priorities, and acceptance criteria before you build.13.6k36.5k
13Gdpr Data HandlingSecurityskillImplement GDPR-aligned consent records, audit trails, and data-handling patterns before shipping EU-facing SaaS or APIs.10.4k36.5k
14Security ReviewSecurityskillRun a structured security pass with FAIL/PASS patterns when you add auth, APIs, secrets, uploads, or payments.10k210k
15Secrets ManagementSecurityskillWire Vault, AWS Secrets Manager, Azure Key Vault, or GCP Secret Manager into CI/CD so API keys and DB passwords never live in repo or plain workflow YAML.8.3k36.5k
16Best PracticesSecurityskillApply Lighthouse-aligned security, HTTPS, CSP, and compatibility fixes when modernizing or auditing a web codebase.7.6k2.2k
17Protocol Reverse EngineeringSecurityskillCapture and dissect network traffic with Wireshark, tcpdump, and mitmproxy when you need to document proprietary protocols or debug API communication.7.5k36.5k
18Api Security Best PracticesSecurityskillDesign and harden REST, GraphQL, or WebSocket APIs with auth, validation, rate limits, and defenses against common injection and abuse patterns.7.4k40.1k
19Memory ForensicsSecurityskillRun structured Volatility 3 workflows on memory dumps to list processes, network activity, DLL loads, and injection indicators during incident response.7.2k36.5k
20Threat Mitigation MappingSecurityskillMap threats to preventive, detective, and corrective controls with layers, effectiveness, and coverage scoring before release.7k36.5k
21Stride Analysis PatternsSecurityskillGenerate STRIDE threat-model documents with assets tables, per-category threat IDs, and mitigation checklists before shipping sensitive APIs or data stores.7k36.5k
22Anti Reversing TechniquesSecurityskillDeep-dive reference on packers, OEP finding, and anti-disassembly when analyzing or hardening native binaries—not for everyday web shipping.6.9k36.5k
23Sast ConfigurationSecurityskillStand up Semgrep, SonarQube, and CodeQL static analysis with custom rules, CI gates, and tuning so vulnerabilities are caught before every release.6.8k36.5k
24Binary Analysis PatternsSecurityskillLearn disassembly, calling conventions, and instruction patterns when reviewing native binaries, malware samples, or crash dumps during security work.6.8k36.5k
25Security ReviewSecurityskillReview Dockerfiles and container runtime patterns for root users, secret leakage, and unsafe base images before you deploy.6.8k776
26Pci ComplianceSecurityskillAdd PCI-minded access control and audit logging patterns when your solo SaaS stores or processes cardholder data.6.8k36.5k
27Mtls ConfigurationSecurityskillGenerate Istio PeerAuthentication and DestinationRule YAML so solo builders can enforce strict mTLS on service mesh traffic before production cutover.6.6k36.5k
28Springboot SecuritySecurityskillApply Spring Security checklists when adding auth, endpoints, validation, headers, secrets, rate limiting, or dependency CVE review in Spring Boot APIs.5.8k210k
29Django SecuritySecurityskillHarden a Django app before production by applying auth, CSRF, injection/XSS controls, and deployment-ready settings with your coding agent.5.8k210k
30Security ScanSecurityskillAudit a Claude Code `.claude/` tree for misconfigurations, injection risk, and secret leakage before you ship or share a repo.5.3k210k
31Ctf ReverseSecurityskillStudy CTF reverse-engineering writeups—signal handlers, trace inversion, and anti-analysis tricks—when unpacking protected binaries for research or hardening lessons.5k2.3k
32SemgrepSecurityskillRun Semgrep-oriented static analysis and security review patterns from Trail of Bits inside your agent before you ship code.4.9k5.6k
33Ctf WebSecurityskillInstall when you are solving or authoring CTF web challenges and need agent recall of auth bypass, collision, and injection patterns from real 2018-era writeups.4.8k2.3k
34Ctf PwnSecurityskillApply advanced CTF binary exploitation techniques (pwn) when analyzing or reproducing memory-corruption attack chains.4.6k2.3k
35CodeqlSecurityskillRun and extend CodeQL static analysis to find exploitable paths and security defects before release.4.6k5.6k
36Insecure DefaultsSecurityskillHave your coding agent hunt insecure default configurations and risky out-of-the-box settings before they ship to production.4.6k5.6k
37Google Cloud Waf SecuritySecurityskillReview a Google Cloud workload against the WAF Security pillar for IAM, network, data, and operational security recommendations.4.5k12.1k
38Ctf CryptoSecurityskillApply competition-grade crypto attack recipes (RSA, ECC, LLL, Coppersmith, padding oracles) when solving CTF challenges or auditing weak custom crypto.4.5k2.3k
39Ctf OsintSecurityskillRun structured open-source intelligence workflows during CTF geolocation and forensics challenges without ad-hoc tool hopping.4.5k2.3k
40Ctf ForensicsSecurityskillWork through CTF forensics challenges with one-liner techniques and install lists for disk, memory, PCAP, stego, blockchain, and Windows artifacts.4.4k2.3k
41Ctf MiscSecurityskillEscape bash jails and restricted shells during CTF misc challenges with documented bypass patterns, privilege escalation checklists, and minimal-command exfiltration tricks.4.3k2.3k
42Solve ChallengeSecurityskillInstall this skill when you have a CTF bundle, remote service, or mystery file and need the agent to triage category and route to the right specialized ctf-* skill instead of guessing techniques.4.3k2.3k
43Secure Workflow GuideSecurityskillRun a structured Solidity smart-contract security workflow with Slither scans, upgradeability and ERC20 conformance checks, and a consolidated report before you ship on-chain code.4.3k5.6k
44Ctf MalwareSecurityskillAnalyze obfuscated malware, C2 traffic, and binaries in CTF-style challenges using YARA, Volatility, and common RE tooling workflows.4.2k2.3k
45Security And HardeningSecurityskillApply security-first constraints while building auth, input handling, integrations, and data storage so agents do not ship obvious vulnerabilities.4.2k49.1k
46Code Maturity AssessorSecurityskillRun a structured maturity review of your codebase and security practices before release or during hardening sprints.4.2k5.6k
47Perl SecuritySecurityskillInstall when you write or review Perl (CGI, Mojolicious, Dancer2, Catalyst) and need taint mode, injection defenses, and safe DBI/process patterns.4k210k
48Golang SecuritySecurityskillInstall this when your solo Go API needs agent-guided fixes for sessions, password hashing, and other common backend security traps before you ship.4k2k
49Supply Chain Risk AuditorSecurityskillAudit third-party dependencies, build artifacts, and CI inputs for supply-chain risk before you ship or add new packages.3.9k5.6k
50Differential ReviewSecurityskillRun a security-focused differential review on PRs, commits, or diffs with blast-radius context and a written report before merge.3.9k5.6k
51Fp CheckSecurityskillTurn a suspected vulnerability report into a documented TRUE POSITIVE or FALSE POSITIVE verdict with evidence instead of panicking or ignoring noisy scanner output.3.7k5.6k
52Agentic Actions AuditorSecurityskillAudit autonomous agent workflows and action surfaces (tools, CI, integrations) for unsafe or over-privileged behavior before you ship agent features.3.7k5.6k
53Sharp EdgesSecurityskillSurface language- and API-level footguns so you fix sharp edges before they become exploits in shipped code.3.5k5.6k
54Healthcare Phi ComplianceSecurityskillApply PHI/PII classification, access control, encryption, audit logging, and leak-review patterns when building or reviewing healthcare-related features.3.5k210k
55Ctf WriteupSecurityskillProduce a fast, organizer-ready CTF solve writeup with reproducible steps and artifacts after a challenge is solved.3.4k2.3k
56Safety GuardSecurityskillBlock destructive shell and git commands and optionally confine writes when agents run against production or sensitive deploy windows.3.4k210k
57Security Best PracticesSecurityskillRun language- and framework-specific secure-by-default reviews when you explicitly want a security report or hardening guidance for Python, JavaScript/TypeScript, or Go.3.4k21.7k
58Ctf Ai MlSecurityskillRun adversarial ML playbooks—FGSM, PGD, C&W, patches, poisoning, and backdoor checks—when solving CTF or red-team ML challenges.3.3k2.3k
59Variant AnalysisSecurityskillHunt for additional instances of a known bug or vulnerability pattern across a repo after one finding, so fixes are comprehensive before ship.3.3k5.6k
60Security ReviewerSecurityskillWire infrastructure and CI security scanning—Semgrep, Gitleaks, Trivy, Checkov, and cloud hardening—before you ship or operate cloud workloads.3.3k9.7k
Showing the top 999 of 1,238 tools · search to find the rest.
Explore more
Security tools — common questions
What counts as a Security tool?
It's any agent skill, MCP server, marketplace or workflow whose job is security work. Skillselion groups the whole catalog into a handful of canonical categories so a single page collects every security tool across all four types in one place.
How are Security tools ranked?
By real community signal — installs, GitHub stars and votes — not paid placement. Sponsored slots, when present, are labelled and kept out of the ranking.
Are these Security tools free?
The listings are open-source skills, MCP servers, marketplaces and workflows, installable with a single command. Skillselion is an independent directory, not the vendor.