security assessment AI Agent Skills
Browse 145 skills related to security assessment
AWS Penetration Testing
This skill should be used when the user asks to "pentest AWS", "test AWS security", "enumerate IAM", "exploit cloud infrastructure", "AWS privilege escalation", "S3 bucket testing", "metadata SSRF", "Lambda exploitation", or needs guidance on Amazon Web Services security assessment.
Cloud Penetration Testing
This skill should be used when the user asks to "perform cloud penetration testing", "assess Azure or AWS or GCP security", "enumerate cloud resources", "exploit cloud misconfigurations", "test O365 security", "extract secrets from cloud environments", or "audit cloud infrastructure". It provides comprehensive techniques for security assessment across major cloud platforms.
Metasploit Framework
This skill should be used when the user asks to "use Metasploit for penetration testing", "exploit vulnerabilities with msfconsole", "create payloads with msfvenom", "perform post-exploitation", "use auxiliary modules for scanning", or "develop custom exploits". It provides comprehensive guidance for leveraging the Metasploit Framework in security assessments.
API Fuzzing for Bug Bounty
This skill should be used when the user asks to "test API security", "fuzz APIs", "find IDOR vulnerabilities", "test REST API", "test GraphQL", "API penetration testing", "bug bounty API testing", or needs guidance on API security assessment techniques.
Pentest Checklist
This skill should be used when the user asks to "plan a penetration test", "create a security assessment checklist", "prepare for penetration testing", "define pentest scope", "follow security testing best practices", or needs a structured methodology for penetration testing engagements.
WordPress Penetration Testing
This skill should be used when the user asks to "pentest WordPress sites", "scan WordPress for vulnerabilities", "enumerate WordPress users, themes, or plugins", "exploit WordPress vulnerabilities", or "use WPScan". It provides comprehensive WordPress security assessment methodologies.
senior-security
Comprehensive security engineering skill for application security, penetration testing, security architecture, and compliance auditing. Includes security assessment tools, threat modeling, crypto implementation, and security automation. Use when designing security architecture, conducting penetration tests, implementing cryptography, or performing security audits.
Pentest Checklist
This skill should be used when the user asks to "plan a penetration test", "create a security assessment checklist", "prepare for penetration testing", "define pentest scope", "follow security testing best practices", or needs a structured methodology for penetration testing engagements.
Cloud Penetration Testing
This skill should be used when the user asks to "perform cloud penetration testing", "assess Azure or AWS or GCP security", "enumerate cloud resources", "exploit cloud misconfigurations", "test O365 security", "extract secrets from cloud environments", or "audit cloud infrastructure". It provides comprehensive techniques for security assessment across major cloud platforms.
AWS Penetration Testing
This skill should be used when the user asks to "pentest AWS", "test AWS security", "enumerate IAM", "exploit cloud infrastructure", "AWS privilege escalation", "S3 bucket testing", "metadata SSRF", "Lambda exploitation", or needs guidance on Amazon Web Services security assessment.
Metasploit Framework
This skill should be used when the user asks to "use Metasploit for penetration testing", "exploit vulnerabilities with msfconsole", "create payloads with msfvenom", "perform post-exploitation", "use auxiliary modules for scanning", or "develop custom exploits". It provides comprehensive guidance for leveraging the Metasploit Framework in security assessments.
WordPress Penetration Testing
This skill should be used when the user asks to "pentest WordPress sites", "scan WordPress for vulnerabilities", "enumerate WordPress users, themes, or plugins", "exploit WordPress vulnerabilities", or "use WPScan". It provides comprehensive WordPress security assessment methodologies.
API Fuzzing for Bug Bounty
This skill should be used when the user asks to "test API security", "fuzz APIs", "find IDOR vulnerabilities", "test REST API", "test GraphQL", "API penetration testing", "bug bounty API testing", or needs guidance on API security assessment techniques.
tech-stack-evaluator
Technology stack evaluation and comparison with TCO analysis, security assessment, and ecosystem health scoring. Use when comparing frameworks, evaluating technology stacks, calculating total cost of ownership, assessing migration paths, or analyzing ecosystem viability.
finding-security-misconfigurations
This skill enables Claude to identify potential security misconfigurations in various systems and configurations. It leverages the security-misconfiguration-finder plugin to analyze infrastructure-as-code, application configurations, and system settings, pinpointing common vulnerabilities and compliance issues. Use this skill when the user asks to "find security misconfigurations", "check for security vulnerabilities in my configuration", "audit security settings", or requests a security assessment of a specific system or file. This skill will assist in identifying and remediating potential security weaknesses.
scanning-database-security
This skill enables Claude to perform comprehensive database security scans using the database-security-scanner plugin. It is triggered when the user requests a security assessment of a database, including identifying vulnerabilities like weak passwords, SQL injection risks, and insecure configurations. The skill leverages OWASP guidelines to ensure thorough coverage and provides remediation suggestions. Use this skill when the user asks to 'scan database security', 'check database for vulnerabilities', 'perform OWASP compliance check on database', or 'assess database security posture'. The plugin supports PostgreSQL and MySQL.
openrouter-compliance-review
Execute conduct security and compliance review of OpenRouter integration. Use when preparing for audits or security assessments. Trigger with phrases like 'openrouter security review', 'openrouter compliance', 'openrouter audit', 'security assessment'.
Auditing Security
Identify and remediate vulnerabilities through systematic code analysis. Use when performing security assessments, pre-deployment reviews, compliance validation (OWASP, PCI-DSS, GDPR), investigating known vulnerabilities, or post-incident analysis.
vendor-security-questionnaire
Automated vendor security assessment through questionnaire generation, response parsing, and risk scoring
tech-stack-scanner
Automated technical architecture review, security assessment, scalability analysis
cloud-security-testing
Multi-cloud security assessment and penetration testing capabilities. Execute Prowler/ScoutSuite assessments, analyze IAM policies, identify cloud misconfigurations, test permissions, and enumerate cloud resources across AWS/GCP/Azure.
aws-cost-operations
This skill provides AWS cost optimization, monitoring, and operational best practices with integrated MCP servers for billing analysis, cost estimation, observability, and security assessment.
aws-cost-operations
This skill provides AWS cost optimization, monitoring, and operational best practices with integrated MCP servers for billing analysis, cost estimation, observability, and security assessment.
WebAssessment
Web security assessment. USE WHEN web assessment, pentest, security testing, vulnerability scan. SkillSearch('webassessment') for docs.
PromptInjection
Prompt injection testing. USE WHEN prompt injection, jailbreak, LLM security, AI security assessment, pentest AI application, test chatbot vulnerabilities.
recon-nmap
Network reconnaissance and security auditing using Nmap for port scanning, service enumeration, and vulnerability detection. Use when: (1) Conducting authorized network reconnaissance and asset discovery, (2) Enumerating network services and identifying running versions, (3) Detecting security vulnerabilities through NSE scripts, (4) Mapping network topology and firewall rules, (5) Performing compliance scanning for security assessments, (6) Validating network segmentation and access controls.
crack-hashcat
Advanced password recovery and hash cracking tool supporting multiple algorithms and attack modes. Use when: (1) Performing authorized password auditing and security assessments, (2) Recovering passwords from captured hashes in forensic investigations, (3) Testing password policy strength and complexity, (4) Validating encryption implementations, (5) Conducting security research on cryptographic hash functions, (6) Demonstrating password weakness in penetration testing reports.
pentest-metasploit
Penetration testing framework for exploit development, vulnerability validation, and authorized security assessments using Metasploit Framework. Use when: (1) Validating vulnerabilities in authorized security assessments, (2) Demonstrating exploit impact for security research, (3) Testing defensive controls in controlled environments, (4) Conducting authorized penetration tests with proper scoping and authorization, (5) Developing post-exploitation workflows for red team operations.
webapp-nikto
Web server vulnerability scanner for identifying security issues, misconfigurations, and outdated software versions. Use when: (1) Conducting authorized web server security assessments, (2) Identifying common web vulnerabilities and misconfigurations, (3) Detecting outdated server software and known vulnerabilities, (4) Performing compliance scans for web server hardening, (5) Enumerating web server information and enabled features, (6) Validating security controls and patch levels.
authenticating
Authentication testing skill — automates account signup, login, 2FA bypass, CAPTCHA solving, and bot-detection evasion using Playwright MCP. Evaluates authentication security controls and includes behavioral biometrics simulation, OTP handling, and automated account creation for security assessments.
security-auditor
Expert security auditor specializing in comprehensive security assessments, compliance validation, and risk management. Masters security frameworks, audit methodologies, and compliance standards with focus on identifying vulnerabilities and ensuring regulatory adherence.
penetration-tester
Expert penetration tester specializing in ethical hacking, vulnerability assessment, and security testing. Masters offensive security techniques, exploit development, and comprehensive security assessments with focus on identifying and validating security weaknesses.
ios-pentest
Comprehensive iOS mobile application penetration testing skill with Frida/Objection integration for jailbroken and non-jailbroken devices. This skill should be used when performing security assessments on iOS applications including static analysis, dynamic analysis, runtime manipulation, traffic interception, keychain analysis, and vulnerability identification. Triggers on requests to pentest iOS apps, test iPhone/iPad security, analyze IPAs, bypass security controls, or perform OWASP MASTG iOS assessments.
container-security
Container and Kubernetes security assessment skill for Docker, Kubernetes, and container orchestration platforms. This skill should be used when scanning container images for vulnerabilities, auditing Kubernetes cluster security, testing container escape scenarios, reviewing Docker configurations, or performing container runtime security analysis. Triggers on requests to scan Docker images, audit Kubernetes security, test container configurations, or assess container orchestration security.
llm-security-audit
Comprehensive security auditing framework for LLM applications covering OWASP Top 10 for LLMs, threat modeling, penetration testing, and compliance with NIST AI RMF and ISO 42001Use when "security audit, llm pentest, ai security assessment, compliance audit, vulnerability assessment, security, audit, compliance, penetration-testing, owasp, llm" mentioned.
android-pentest
Comprehensive Android mobile application penetration testing skill with full ADB shell access to rooted devices. This skill should be used when performing security assessments on Android applications including static analysis, dynamic analysis, runtime manipulation, traffic interception, and vulnerability identification. Triggers on requests to pentest Android apps, test mobile security, analyze APKs, bypass security controls, or perform OWASP Mobile Top 10 assessments. (user)
cloud-security
Multi-cloud security assessment skill for AWS, Azure, and GCP. This skill should be used when performing cloud security audits, scanning for misconfigurations, testing IAM policies, auditing storage permissions, and identifying privilege escalation paths. Triggers on requests to audit cloud security, scan AWS/Azure/GCP, check cloud misconfigurations, or perform cloud penetration testing.
senior-security
Comprehensive security engineering skill for application security, penetration testing, security architecture, and compliance auditing. Includes security assessment tools, threat modeling, crypto implementation, and security automation. Use when designing security architecture, conducting penetration tests, implementing cryptography, or performing security audits.
computer-scientist-analyst
Analyzes events through computer science lens using computational complexity, algorithms, data structures, systems architecture, information theory, and software engineering principles to evaluate feasibility, scalability, security. Provides insights on algorithmic efficiency, system design, computational limits, data management, and technical trade-offs. Use when: Technology evaluation, system architecture, algorithm design, scalability analysis, security assessment. Evaluates: Computational complexity, algorithmic efficiency, system architecture, scalability, data integrity, security.
aws-cost-operations
This skill provides AWS cost optimization, monitoring, and operational best practices with integrated MCP servers for billing analysis, cost estimation, observability, and security assessment.
appsec-expert
Elite Application Security engineer specializing in secure SDLC, OWASP Top 10 2025, SAST/DAST/SCA integration, threat modeling (STRIDE), and vulnerability remediation. Expert in security testing, cryptography, authentication patterns, and DevSecOps automation. Use when securing applications, implementing security controls, or conducting security assessments.
AWS Penetration Testing
This skill should be used when the user asks to "pentest AWS", "test AWS security", "enumerate IAM", "exploit cloud infrastructure", "AWS privilege escalation", "S3 bucket testing", "metadata SSRF", "Lambda exploitation", or needs guidance on Amazon Web Services security assessment.
solana-security
Audit Solana programs (Anchor or native Rust) for security vulnerabilities. Use when reviewing smart contract security, finding exploits, analyzing attack vectors, performing security assessments, or when explicitly asked to audit, review security, check for bugs, or find vulnerabilities in Solana programs.
Network Ports Reference
The assistant provides comprehensive network port and protocol reference information for security assessments and penetration testing. Activate when users ask about "port numbers," "common ports," "service ports," "TCP/UDP ports," "what runs on port X," or "protocol identification."
analyze
Analyze codebase architecture, security posture, or code quality through guided multi-step investigation. Use when performing architecture reviews, security assessments, quality evaluations, or deep technical investigations. Produces prioritized findings with evidence.
Pentest Checklist
The assistant provides a structured penetration testing checklist covering scope definition, environment preparation, monitoring, and remediation. Activate when users ask about "pentest planning," "security assessment checklist," "penetration test preparation," "pentest scope," or "security testing best practices."
JWT Security Testing
This skill should be used when the user asks to "test JWT security", "hack JWT tokens", "bypass JWT authentication", "crack JWT secrets", or "exploit JWT vulnerabilities". It provides comprehensive JSON Web Token attack techniques and security assessment methodologies.
Metasploit Framework
This skill should be used when the user asks to "use Metasploit for penetration testing", "exploit vulnerabilities with msfconsole", "create payloads with msfvenom", "perform post-exploitation", "use auxiliary modules for scanning", or "develop custom exploits". It provides comprehensive guidance for leveraging the Metasploit Framework in security assessments.