Ship · Security

Security

The security tools a solo builder reaches for in the Ship phase - every AI-coding skill, MCP server and workflow Skillselion tracks for security, ranked by community signal so you can pick the right one fast.

302 shown of 1,146
Description
1Azure ComplianceSecuritymicrosoft/azure-skillsRun Azure best-practice and compliance scans with azqr and audit Key Vault keys, secrets, and certificates before or after shipping workloads.
373k1.2k
2Azure KubernetesAutomationmicrosoft/azure-skillsFix Kubernetes manifests for AKS Automatic compatibility constraints like resources, seccomp, and capabilities.
204k1.2k
3Openclaw Secure Linux CloudSecurityxixu-me/skillsDeploy OpenClaw on a hardened Linux cloud VPS with rootless Podman and SSH-tunneled control UI access.
201k61
4Secure Linux Web HostingMonitoring & Cloudxixu-me/skillsRoute secure Linux web hosting steps by distro family instead of copying Debian commands blindly.
200k61
5Entra Agent IdSecuritymicrosoft/azure-skillsProvision Microsoft Entra Agent Identity blueprints and per-instance agent principals, then configure OAuth fmi_path and OBO token exchange for production AI agents.
99.1k1.2k
6Firebase Security Rules AuditorSecurityfirebase/agent-skillsRed-team Firestore security rules after edits so solo builders catch update bypasses and authority bugs before production.
40.3k345
7Firestore Security Rules AuditorSecurityfirebase/agent-skillsRed-team Firestore security rules after edits so create/update gaps, authority spoofing, and abuse paths get caught before production.
20.3k345
8Skill VetterSecurityuseai-pro/openclaw-skills-securityRun a conservative, manual-first security checklist on OpenClaw SKILL.md packages before installing from ClawHub, GitHub, or shared files.
19.2k62
9Docker ExpertAutomationsickn33/antigravity-awesome-skillsHarden Dockerfiles, multi-stage builds, and container runtime settings before you ship or run a solo product in production.
18.7k40.1k
10Gws ModelarmorSecuritygoogleworkspace/cliWire Google Model Armor into your agent or SaaS so prompts and model outputs are sanitized through named templates before users see them.
15.2k26.9k
11Gws Modelarmor Create TemplateSecuritygoogleworkspace/cliCreate a Google Cloud Model Armor template via the gws CLI so prompts and responses can be sanitized against jailbreak and custom policies.
15.1k26.9k
12Gws Modelarmor Sanitize PromptSecuritygoogleworkspace/cliSanitize inbound user prompts through a Google Model Armor template before they reach your LLM or agent pipeline.
14.9k26.9k
13Gws Modelarmor Sanitize ResponseSecuritygoogleworkspace/cliRun Google Model Armor outbound sanitization on model-generated text before it reaches users via gws modelarmor +sanitize-response.
14.9k26.9k
14Better Auth Security Best PracticesSecuritybetter-auth/skillsHarden authentication flows when shipping a SaaS or API that uses the Better Auth library.
14.5k196
15Solidity SecurityBackend & Datawshobson/agentsHarden Solidity smart contracts with known vulnerability patterns, CEI ordering, and OpenZeppelin guards before mainnet or audit.
11.3k36.5k
16K8s Security PoliciesMonitoring & Cloudwshobson/agentsDrop ready-made Kubernetes NetworkPolicy YAML into your cluster so traffic is deny-by-default with explicit DNS, ingress, and monitoring paths.
10.6k36.5k
17Gdpr Data HandlingSecuritywshobson/agentsImplement GDPR-aligned consent records, audit trails, and data-handling patterns before shipping EU-facing SaaS or APIs.
10.4k36.5k
18Security ReviewSecurityaffaan-m/everything-claude-codeRun a structured security pass with FAIL/PASS patterns when you add auth, APIs, secrets, uploads, or payments.
10k210k
19Ai Prompt Engineering Safety ReviewAI & Agentsgithub/awesome-copilotRun a systematic safety, bias, security, and effectiveness review on any prompt before you ship it to users or agents.
9.5k34.6k
20Secrets ManagementSecuritywshobson/agentsWire Vault, AWS Secrets Manager, Azure Key Vault, or GCP Secret Manager into CI/CD so API keys and DB passwords never live in repo or plain workflow YAML.
8.3k36.5k
21Best PracticesSecurityaddyosmani/web-quality-skillsApply Lighthouse-aligned security, HTTPS, CSP, and compatibility fixes when modernizing or auditing a web codebase.
7.6k2.2k
22Protocol Reverse EngineeringSecuritywshobson/agentsCapture and dissect network traffic with Wireshark, tcpdump, and mitmproxy when you need to document proprietary protocols or debug API communication.
7.5k36.5k
23Api Security Best PracticesSecuritysickn33/antigravity-awesome-skillsDesign and harden REST, GraphQL, or WebSocket APIs with auth, validation, rate limits, and defenses against common injection and abuse patterns.
7.4k40.1k
24Memory ForensicsSecuritywshobson/agentsRun structured Volatility 3 workflows on memory dumps to list processes, network activity, DLL loads, and injection indicators during incident response.
7.2k36.5k
25Threat Mitigation MappingSecuritywshobson/agentsMap threats to preventive, detective, and corrective controls with layers, effectiveness, and coverage scoring before release.
7k36.5k
26Stride Analysis PatternsSecuritywshobson/agentsGenerate STRIDE threat-model documents with assets tables, per-category threat IDs, and mitigation checklists before shipping sensitive APIs or data stores.
7k36.5k
27Anti Reversing TechniquesSecuritywshobson/agentsDeep-dive reference on packers, OEP finding, and anti-disassembly when analyzing or hardening native binaries—not for everyday web shipping.
6.9k36.5k
28Sast ConfigurationSecuritywshobson/agentsStand up Semgrep, SonarQube, and CodeQL static analysis with custom rules, CI gates, and tuning so vulnerabilities are caught before every release.
6.8k36.5k
29Binary Analysis PatternsSecuritywshobson/agentsLearn disassembly, calling conventions, and instruction patterns when reviewing native binaries, malware samples, or crash dumps during security work.
6.8k36.5k
30Security ReviewSecuritygetsentry/skillsReview Dockerfiles and container runtime patterns for root users, secret leakage, and unsafe base images before you deploy.
6.8k776
31Pci ComplianceSecuritywshobson/agentsAdd PCI-minded access control and audit logging patterns when your solo SaaS stores or processes cardholder data.
6.8k36.5k
32Mtls ConfigurationSecuritywshobson/agentsGenerate Istio PeerAuthentication and DestinationRule YAML so solo builders can enforce strict mTLS on service mesh traffic before production cutover.
6.6k36.5k
33Springboot SecuritySecurityaffaan-m/everything-claude-codeApply Spring Security checklists when adding auth, endpoints, validation, headers, secrets, rate limiting, or dependency CVE review in Spring Boot APIs.
5.8k210k
34Django SecuritySecurityaffaan-m/everything-claude-codeHarden a Django app before production by applying auth, CSRF, injection/XSS controls, and deployment-ready settings with your coding agent.
5.8k210k
35Terraform Style GuideMonitoring & Cloudhashicorp/agent-skillsGenerate Terraform HCL that follows HashiCorp security hardening—encryption, private networking, least-privilege SGs, logging, and no hardcoded secrets.
5.5k654
36Security ScanSecurityaffaan-m/everything-claude-codeAudit a Claude Code `.claude/` tree for misconfigurations, injection risk, and secret leakage before you ship or share a repo.
5.3k210k
37Ctf ReverseSecurityljagiello/ctf-skillsStudy CTF reverse-engineering writeups—signal handlers, trace inversion, and anti-analysis tricks—when unpacking protected binaries for research or hardening lessons.
5k2.3k
38SemgrepSecuritytrailofbits/skillsRun Semgrep-oriented static analysis and security review patterns from Trail of Bits inside your agent before you ship code.
4.9k5.6k
39Ctf WebSecurityljagiello/ctf-skillsInstall when you are solving or authoring CTF web challenges and need agent recall of auth bypass, collision, and injection patterns from real 2018-era writeups.
4.8k2.3k
40Laravel SecurityDev Toolsaffaan-m/everything-claude-codeHarden Laravel apps with middleware, policies, Form Requests, rate limiting, mass-assignment guards, and production config for auth and APIs.
4.8k210k
41Okx SecurityBackend & Dataokx/onchainos-skillsRun Onchain OS security commands to scan tokens, DApps, transactions, signatures, and token approvals before a solo builder signs or ships Web3 features.
4.6k284
42Ctf PwnSecurityljagiello/ctf-skillsApply advanced CTF binary exploitation techniques (pwn) when analyzing or reproducing memory-corruption attack chains.
4.6k2.3k
43CodeqlSecuritytrailofbits/skillsRun and extend CodeQL static analysis to find exploitable paths and security defects before release.
4.6k5.6k
44Insecure DefaultsSecuritytrailofbits/skillsHave your coding agent hunt insecure default configurations and risky out-of-the-box settings before they ship to production.
4.6k5.6k
45Google Cloud Waf SecuritySecuritygoogle/skillsReview a Google Cloud workload against the WAF Security pillar for IAM, network, data, and operational security recommendations.
4.5k12.1k
46Ctf CryptoSecurityljagiello/ctf-skillsApply competition-grade crypto attack recipes (RSA, ECC, LLL, Coppersmith, padding oracles) when solving CTF challenges or auditing weak custom crypto.
4.5k2.3k
47Ctf OsintSecurityljagiello/ctf-skillsRun structured open-source intelligence workflows during CTF geolocation and forensics challenges without ad-hoc tool hopping.
4.5k2.3k
48Ctf ForensicsSecurityljagiello/ctf-skillsWork through CTF forensics challenges with one-liner techniques and install lists for disk, memory, PCAP, stego, blockchain, and Windows artifacts.
4.4k2.3k
49Ctf MiscSecurityljagiello/ctf-skillsEscape bash jails and restricted shells during CTF misc challenges with documented bypass patterns, privilege escalation checklists, and minimal-command exfiltration tricks.
4.3k2.3k
50Secure Workflow GuideSecuritytrailofbits/skillsRun a structured Solidity smart-contract security workflow with Slither scans, upgradeability and ERC20 conformance checks, and a consolidated report before you ship on-chain code.
4.3k5.6k
51Ctf MalwareSecurityljagiello/ctf-skillsAnalyze obfuscated malware, C2 traffic, and binaries in CTF-style challenges using YARA, Volatility, and common RE tooling workflows.
4.2k2.3k
52Security And HardeningSecurityaddyosmani/agent-skillsApply security-first constraints while building auth, input handling, integrations, and data storage so agents do not ship obvious vulnerabilities.
4.2k49.1k
53Code Maturity AssessorSecuritytrailofbits/skillsRun a structured maturity review of your codebase and security practices before release or during hardening sprints.
4.2k5.6k
54Perl SecuritySecurityaffaan-m/everything-claude-codeInstall when you write or review Perl (CGI, Mojolicious, Dancer2, Catalyst) and need taint mode, injection defenses, and safe DBI/process patterns.
4k210k
55Golang SecuritySecuritysamber/cc-skills-golangInstall this when your solo Go API needs agent-guided fixes for sessions, password hashing, and other common backend security traps before you ship.
4k2k
56Supply Chain Risk AuditorSecuritytrailofbits/skillsAudit third-party dependencies, build artifacts, and CI inputs for supply-chain risk before you ship or add new packages.
3.9k5.6k
57Fp CheckSecuritytrailofbits/skillsTurn a suspected vulnerability report into a documented TRUE POSITIVE or FALSE POSITIVE verdict with evidence instead of panicking or ignoring noisy scanner output.
3.7k5.6k
58Agentic Actions AuditorSecuritytrailofbits/skillsAudit autonomous agent workflows and action surfaces (tools, CI, integrations) for unsafe or over-privileged behavior before you ship agent features.
3.7k5.6k
59Sharp EdgesSecuritytrailofbits/skillsSurface language- and API-level footguns so you fix sharp edges before they become exploits in shipped code.
3.5k5.6k
60Healthcare Phi ComplianceSecurityaffaan-m/everything-claude-codeApply PHI/PII classification, access control, encryption, audit logging, and leak-review patterns when building or reviewing healthcare-related features.
3.5k210k

Showing the top 302 of 1,146 tools · search to find the rest.

Explore more
By type
By category
By what you're building

This week for builders

Five minutes, every Monday — the tools, releases and tactics for shipping solo.

unsubscribe anytime.