attack surface AI Agent Skills

Browse 63 skills related to attack surface

vulnerability-scanner

21.8k
davila7davila7

Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.

132 days ago

openclaw-hardener

1.8k
openclawopenclaw

Harden OpenClaw (workspace + ~/.openclaw): run openclaw security audit, catch prompt-injection/exfil risks, scan for secrets, and apply safe fixes (chmod/exec-bit cleanup). Includes optional config.patch planning to reduce attack surface.

133 days ago

attack-surface-analyzer

1.5k
Jeremylongshore Claude Code Plugins Plus Skills Attack Surface AnalyzerJeremylongshore Claude Code Plugins Plus Skills Attack Surface Analyzer

Analyze attack surface analyzer operations. Auto-activating skill for Security Advanced. Triggers on: attack surface analyzer, attack surface analyzer Part of the Security Advanced skill category. Use when analyzing or auditing attack surface analyzer. Trigger with phrases like "attack surface analyzer", "attack analyzer", "analyze attack surface r".

133 days ago

security-hardening

296
ancolemanancoleman

Reduces attack surface across OS, container, cloud, network, and database layers using CIS Benchmarks and zero-trust principles. Use when hardening production infrastructure, meeting compliance requirements, or implementing defense-in-depth security.

133 days ago

Recon

99
Steffen025Steffen025

Security reconnaissance. USE WHEN recon, reconnaissance, bug bounty, attack surface. SkillSearch('recon') for docs.

133 days ago

web-application-mapping

43
transilienceaitransilienceai

Comprehensive web application reconnaissance and mapping coordinator that orchestrates passive browsing, active endpoint discovery, attack surface analysis, and headless browser automation for complete application coverage.

133 days ago

domain-assessment

43
transilienceaitransilienceai

Domain reconnaissance coordinator that orchestrates subdomain discovery and port scanning to build comprehensive domain attack surface inventory

133 days ago

ad-security-reviewer

39
404kidwiz404kidwiz

Use when user needs Active Directory security analysis, privileged group design review, authentication policy assessment, or delegation and attack surface evaluation across enterprise domains.

132 days ago

security-threat-model

31
lyndonkllyndonkl

Use when designing or reviewing systems handling sensitive data (PII, PHI, financial, auth credentials), building features with security implications (auth, payments, file uploads, APIs), preparing for security audits or compliance (PCI, HIPAA, SOC 2), investigating security incidents, integrating third-party services, or when user mentions "threat model", "security architecture", "STRIDE", "trust boundaries", "attack surface", or "security review".

133 days ago

supabase-audit-buckets-list

31
yoanbernabeuyoanbernabeu

List all storage buckets and their configuration to identify the storage attack surface.

132 days ago

supabase-audit-tables-list

31
yoanbernabeuyoanbernabeu

List all tables exposed via the Supabase PostgREST API to identify the attack surface.

132 days ago

security-review

30
mcouthonmcouthon

Security-focused code review with attack surface mapping and risk classification. Use when reviewing PRs for security, auditing code changes, or analyzing potential vulnerabilities. Triggers on: 'security review', 'use security mode', 'audit this', 'check for vulnerabilities', 'is this secure', 'attack surface', 'threat model', 'security check'. Read-only mode - identifies issues but doesn't fix them.

133 days ago

threat-modeling

29
hardw00thardw00t

Threat modeling skill for identifying security threats, attack surfaces, and designing mitigations. This skill should be used when performing threat assessments using STRIDE, PASTA, or Attack Trees, creating data flow diagrams, identifying trust boundaries, analyzing attack surfaces, or designing security controls for applications and systems. Triggers on requests to threat model, analyze attack surface, create DFD, apply STRIDE methodology, or assess security architecture.

133 days ago

vulnerability-scanner

28
hainamchunghainamchung

Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.

133 days ago

cybersecurity-analyst

28
rysweetrysweet

Analyzes events through a cybersecurity lens using threat modeling, attack surface analysis, defense-in-depth, zero-trust architecture, and risk-based frameworks (CIA triad, STRIDE, MITRE ATT&CK). Provides insights on vulnerabilities, attack vectors, defense strategies, incident response, and security posture. Use when: security incidents, vulnerability assessments, threat analysis, security architecture, compliance. Evaluates: confidentiality, integrity, availability, threat actors, attack patterns, controls, residual risk.

132 days ago

threat-modelling

22
willvelidawillvelida

Analyse repositories and deployed cloud infrastructure to produce STRIDE-based threat model documents with Mermaid architecture diagrams, prioritised threats, and recommendations. Use when a user asks to create a threat model, identify threats, assess attack surfaces, review an existing threat model, or update a threat model after system changes.

132 days ago

External Network Penetration Testing

14
zebbernzebbern

This skill should be used when the user asks to "perform external pentesting", "conduct external network assessment", "enumerate external attack surface", "perform OSINT reconnaissance", or "test perimeter security". It provides comprehensive external network penetration testing methodologies.

external-pentestosintreconnaissance+3
132 days ago

Threat Modeling

14
rjmurillorjmurillo

Structured security analysis using the OWASP Four-Question Framework and STRIDE methodology. Generates threat matrices with risk ratings, mitigations, and prioritization. Use for attack surface analysis, security architecture review, or when asking what can go wrong.

132 days ago

security-expert

8
mae616mae616

Assuming OWASP fundamentals, design, implement, and review without dropping secure-by-default controls (input validation/authorization/secrets/audit logs/SSR/CSRF, etc.). Identify threats and attack surfaces and use least privilege and safe-failure principles to protect.

132 days ago

repo-sentinel

6
Mathews-TomMathews-Tom

Full security audit and enforcement for public repositories across 12 attack surfaces: git history, source code, docs, config, .gitignore recon, CI/CD, containers, dependencies, binaries, metadata, platform-specific (GitHub/GitLab), license compliance, and community surface. Provides fast-path and full 20-check audits, pre-commit hooks, CI gates, .gitignore generation, and history scrubbing. Use whenever pushing to a public remote, open-sourcing a repo, writing README/docs, configuring CI/CD or Dockerfiles, adding dependencies, or checking license compliance. Trigger on: push to GitHub, make repo public, open source this, set up the repo, write README, add CI/CD, create Dockerfile, set up pre-commit, add license, write SECURITY.md, secret leaks, credential rotation, .claude/ tracking, repo hygiene, security scanning, or is this safe to push, pre-oss, open source readiness, release audit, or open source audit. This is the gatekeeper between internal and public.

132 days ago

vulnerability-scanner

5
agent-skills-hubagent-skills-hub

Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.

132 days ago

performing-reconnaissance

5
trilwutrilwu

Perform OSINT, subdomain enumeration, port scanning, web reconnaissance, email harvesting, and cloud asset discovery for initial access. Use when gathering intelligence or mapping attack surface.

132 days ago

vulnerability-scanner

4
ngxtmngxtm

Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.

132 days ago

pt-embedded-device-assessment

3
santosomarsantosomar

Performs authorized security assessment of embedded and IoT devices across hardware, firmware, interfaces, and update mechanisms. Use when testing device boot flows, debug interfaces, firmware integrity, and local/network attack surfaces.

132 days ago

hardening-linux-endpoint-with-cis-benchmark

2
mukul975mukul975

Hardens Linux endpoints using CIS Benchmark recommendations for Ubuntu, RHEL, and CentOS to reduce attack surface, enforce security baselines, and meet compliance requirements. Use when deploying new Linux servers, remediating audit findings, or establishing security baselines for Linux infrastructure. Activates for requests involving Linux hardening, CIS benchmarks for Linux, server security baselines, or Linux configuration compliance.

endpointhardeninglinux-security+3
132 days ago

conducting-external-reconnaissance-with-osint

2
mukul975mukul975

Conducts external reconnaissance using Open Source Intelligence (OSINT) techniques to map an organization's external attack surface without directly interacting with target systems. The tester gathers information from public sources including DNS records, certificate transparency logs, search engines, social media, code repositories, and data breach databases to build a comprehensive target profile. Activates for requests involving OSINT reconnaissance, external footprinting, attack surface mapping, or passive information gathering.

OSINTreconnaissanceattack-surface+2
132 days ago

hardening-windows-endpoint-with-cis-benchmark

2
mukul975mukul975

Hardens Windows endpoints using CIS (Center for Internet Security) Benchmark recommendations to reduce attack surface, enforce security baselines, and meet compliance requirements. Use when deploying new Windows workstations or servers, remediating audit findings, or establishing organization-wide security baselines. Activates for requests involving Windows hardening, CIS benchmarks, GPO security baselines, or endpoint configuration compliance.

endpointhardeningwindows-security+3
132 days ago

testing-android-intents-for-vulnerabilities

2
mukul975mukul975

Tests Android inter-process communication (IPC) through intents for vulnerabilities including intent injection, unauthorized component access, broadcast sniffing, pending intent hijacking, and content provider data leakage. Use when assessing Android app attack surface through exported components, testing intent-based data flows, or evaluating IPC security. Activates for requests involving Android intent security, IPC testing, exported component analysis, or Drozer assessment.

mobile-securityandroidintents+3
132 days ago

conducting-mobile-app-penetration-test

2
mukul975mukul975

Conducts penetration testing of iOS and Android mobile applications following the OWASP Mobile Application Security Testing Guide (MASTG) to identify vulnerabilities in data storage, network communication, authentication, cryptography, and platform-specific security controls. The tester performs static analysis of application binaries, dynamic analysis at runtime, and API security testing to evaluate the complete mobile attack surface. Activates for requests involving mobile app pentest, iOS security assessment, Android security testing, or OWASP MASTG assessment.

mobile-pentestOWASP-MASTGAndroid-security+2
132 days ago

implementing-application-whitelisting-with-applocker

2
mukul975mukul975

Implements application whitelisting using Windows AppLocker to restrict unauthorized software execution on endpoints, reducing attack surface from malware, unauthorized tools, and shadow IT. Use when enforcing application control policies, meeting compliance requirements for software restriction, or preventing execution of unsigned or untrusted binaries. Activates for requests involving AppLocker, application whitelisting, software restriction, or executable control.

endpointAppLockerapplication-whitelisting+2
132 days ago

shift-camouflage

2
pjt222pjt222

Implement cuttlefish-inspired adaptive interfaces — polymorphic APIs, context-aware behavior, feature flags, and attack surface reduction. Covers environmental assessment, chromatophore mapping, dynamic interface generation, behavioral polymorphism, and pattern disruption for systems that must present different faces to different observers. Use when a system must present different interfaces to different consumers, when reducing attack surface by exposing only what each observer needs, when implementing feature flags or progressive rollouts at the interface level, or when adapting behavior to environmental context without core changes.

132 days ago

exploiting-deeplink-vulnerabilities

2
mukul975mukul975

Tests and exploits deep link (URL scheme and App Link) vulnerabilities in Android and iOS mobile applications to identify unauthorized access, data injection, intent hijacking, and redirect manipulation. Use when assessing mobile app attack surface through custom URI schemes, Android App Links, iOS Universal Links, or intent-based navigation. Activates for requests involving deep link security testing, URL scheme exploitation, mobile intent abuse, or link hijacking.

mobile-securityandroidios+3
132 days ago

configuring-network-segmentation-with-vlans

2
mukul975mukul975

Designs and implements VLAN-based network segmentation on managed switches to isolate network zones, enforce access control between segments, and reduce the attack surface by limiting lateral movement paths in enterprise network environments.

network-securityvlannetwork-segmentation+2
132 days ago

performing-api-inventory-and-discovery

2
mukul975mukul975

Performs API inventory and discovery to identify all API endpoints in an organization's environment including documented, undocumented, shadow, zombie, and deprecated APIs. The tester uses passive traffic analysis, active scanning, DNS enumeration, JavaScript analysis, and cloud resource inventory to build a comprehensive API catalog. Maps to OWASP API9:2023 Improper Inventory Management. Activates for requests involving API discovery, shadow API detection, API inventory audit, or attack surface mapping.

api-securityowaspapi-discovery+3
132 days ago

performing-ot-network-security-assessment

2
mukul975mukul975

This skill covers conducting comprehensive security assessments of Operational Technology (OT) networks including SCADA systems, DCS architectures, and industrial control system communication paths. It addresses the Purdue Reference Model layers, identifies IT/OT convergence risks, evaluates firewall rules between zones, and maps industrial protocol traffic (Modbus, DNP3, OPC UA, EtherNet/IP) to detect misconfigurations, unauthorized connections, and attack surfaces in critical infrastructure.

ot-securityicsscada+3
132 days ago

performing-subdomain-enumeration-with-subfinder

2
mukul975mukul975

Enumerate subdomains of target domains using ProjectDiscovery's Subfinder passive reconnaissance tool to map the attack surface during security assessments.

subdomain-enumerationreconnaissancebug-bounty+4
132 days ago

performing-dns-enumeration-and-zone-transfer

2
mukul975mukul975

Enumerates DNS records, attempts zone transfers, brute-forces subdomains, and maps DNS infrastructure during authorized reconnaissance to identify attack surface, misconfigurations, and information disclosure in target domains.

network-securitydnsenumeration+2
132 days ago

performing-container-image-hardening

2
mukul975mukul975

This skill covers hardening container images by minimizing attack surface, removing unnecessary packages, implementing multi-stage builds, configuring non-root users, and applying CIS Docker Benchmark recommendations to produce secure production-ready images.

devsecopscicdcontainer-hardening+3
132 days ago

performing-graphql-introspection-attack

2
mukul975mukul975

Performs GraphQL introspection attacks to extract the full API schema including types, queries, mutations, subscriptions, and field definitions from GraphQL endpoints. The tester uses introspection queries to map the attack surface, identifies sensitive fields and mutations, tests for query depth and complexity limits, and exploits GraphQL-specific vulnerabilities including batching attacks, alias-based brute force, and nested query DoS. Activates for requests involving GraphQL security testing, introspection attack, GraphQL enumeration, or GraphQL API penetration testing.

api-securitygraphqlintrospection+2
132 days ago

shift-camouflage

2
pjt222pjt222

Implement cuttlefish-inspired adaptive interfaces — polymorphic APIs, context-aware behavior, feature flags, and attack surface reduction. Covers environmental assessment, chromatophore mapping, dynamic interface generation, behavioral polymorphism, and pattern disruption for systems that must present different faces to different observers. Use when a system must present different interfaces to different consumers, when reducing attack surface by exposing only what each observer needs, when implementing feature flags or progressive rollouts at the interface level, or when adapting behavior to environmental context without core changes.

132 days ago

configuring-windows-defender-advanced-settings

2
mukul975mukul975

Configures Microsoft Defender for Endpoint (MDE) advanced protection settings including attack surface reduction rules, controlled folder access, network protection, and exploit protection. Use when hardening Windows endpoints beyond default Defender settings, deploying enterprise-grade endpoint protection, or meeting compliance requirements for advanced malware defense. Activates for requests involving Windows Defender configuration, ASR rules, MDE tuning, or Microsoft endpoint security.

endpointwindows-securityMicrosoft-Defender+3
132 days ago

None

2
mukul975mukul975

Hardening Docker containers for production involves applying security best practices aligned with CIS Docker Benchmark v1.8.0 to minimize attack surface, prevent privilege escalation, and enforce leas

containersdockersecurity+2
132 days ago

implementing-container-image-minimal-base-with-distroless

2
mukul975mukul975

Reduce container attack surface by building application images on Google distroless base images that contain only the application runtime with no shell, package manager, or unnecessary OS utilities.

distrolesscontainer-imagesminimal-base+5
132 days ago

vulnerability-scanner

1
rootcastlecorootcastleco

Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.

132 days ago

physical-sca-skill

1
dtsongdtsong

Use this skill when analyzing physical side-channel and fault injection attack surfaces — power analysis, electromagnetic emanation, voltage/clock/laser glitching, or combined attacks. Triggers on "DPA assessment", "fault injection resistance", "power side-channel review", "EM leakage analysis", "TVLA evaluation". Includes JIL scoring and ISO 17825 mapping. Do NOT use for microarchitectural side-channels (use microarch-attack-skill) or software-level isolation (use kernel-security-skill).

132 days ago

microarch-attack-skill

1
dtsongdtsong

Use this skill when analyzing microarchitectural attack surfaces — transient execution, cache side-channels, branch predictor attacks, or shared-resource contention. Triggers on "Spectre analysis", "cache side-channel review", "check for Meltdown variants", "microarchitectural isolation audit". Covers CPU/GPU/accelerator components. Do NOT use for physical side-channels (use physical-sca-skill) or kernel-level privilege escalation (use kernel-security-skill).

132 days ago

network-hardening-port-security

smkssmart1smkssmart1

Enterprise-grade skill for hardening network exposure and securing ports on OpenClaw AI agent deployments. Use whenever configuring network security for AI agents, changing default ports, reducing attack surface, hardening service exposure, protecting against port scanning, or designing network architecture for autonomous AI systems. Also trigger for firewall tuning, service binding, TLS configuration, reverse proxy setup, or any network-layer security for bot/agent infrastructure.

132 days ago

vulnerability-scanner

haniakrim21haniakrim21

Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.

132 days ago
ClawiskillClawiskill
Network
Building with
?

Join Clawiskill today. The decentralized skill network for AI Agents.

Registry
70K+
Agent Joins
120K+
Explore Network