deployment-pipeline-design
558Design multi-stage CI/CD pipelines with approval gates, security checks, and deployment orchestration. Use this skill when designing zero-do
stride-analysis-patterns
544Apply STRIDE methodology to systematically identify threats. Use when analyzing system security, conducting threat modeling sessions, or cre
attack-tree-construction
542Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating se
threat-mitigation-mapping
541Map identified threats to appropriate security controls and mitigations. Use when prioritizing security investments, creating remediation pl
solidity-security
540Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing sma
skill-vetter
537Security-first vetting for OpenClaw skills. Use before installing any skill from ClawHub, GitHub, or other sources. Checks for red flags, pe
Kubernetes Security Policies
537Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security. Use when securing
sast-configuration
521Configure Static Application Security Testing (SAST) tools for automated vulnerability detection in application code. Use when setting up se
Kubernetes Manifest Generator
520Create production-ready Kubernetes manifests for Deployments, Services, ConfigMaps, and Secrets following best practices and security standa
code-review
509Review code changes for security, performance, and correctness. Trigger with a PR URL or diff, "review this before I merge", "is this code s
linkerd-patterns
507Implement Linkerd service mesh patterns for lightweight, security-focused service mesh deployments. Use when setting up Linkerd, configuring
Semgrep Security Scan
447Run Semgrep static analysis scan on a codebase using parallel subagents. Supports two scan modes - "run all" (full ruleset coverage) and "im
Query Token Audit Skill
392Query token security audit to detect scams, honeypots, and malicious contracts before trading. Returns comprehensive security analysis inclu
kubernetes-specialist
361Use when deploying or managing Kubernetes workloads. Invoke to create deployment manifests, configure pod security policies, set up service
sql-code-review
352Universal SQL code review assistant that performs comprehensive security, maintainability, and code quality analysis across all SQL database
code-review-expert
293Expert code review of current git changes with a senior engineer lens. Detects SOLID violations, security risks, and proposes actionable imp
spring-boot-engineer
206Generates Spring Boot 3.x configurations, creates REST controllers, implements Spring Security 6 authentication flows, sets up Spring Data J
api-security-best-practices
149Implement secure API design patterns including authentication, authorization, input validation, rate limiting, and protection against common
Java Spring Boot Skill
134Build production Spring Boot applications - REST APIs, Security, Data, Actuator
AI Prompt Engineering Safety Review & Improvement
92Comprehensive AI prompt engineering safety review and improvement prompt. Analyzes prompts for safety, bias, security vulnerabilities, and e
Windsurf: System Architecture Expert
Architecture-focused IDE rules for scalable, secure applications.
Cursor: Backend API & Database Expert
Backend/API expert with security and database optimization focus.
Cursor: Python Cybersecurity Tool Development Assistant
IDE rule for Python Cybersecurity Tool Development Assistant