Claude Skills

This skill enables Claude to perform automated accessibility audits on web applications, checking for WCAG compliance, ARIA validity, and keyboard/screen reader compatibility. Use it when a user requests an accessibility scan or mentions terms like "WCAG" or "a11y" to get actionable insights for fixing issues.

This skill automates creating structured GitHub issues from web research results. It extracts key information from searches and formats it into actionable tickets for tracking and collaboration. Use it when you need to research a topic and immediately generate a corresponding development task.

This skill enables Claude to automatically scan code for reflected, stored, and DOM-based XSS vulnerabilities. It analyzes HTML, JavaScript, CSS, and URL contexts to detect exploits and suggests safe proof-of-concept payloads. Use it during code reviews, security audits, and before deploying web applications.

This skill enables automated security scanning of codebases using the vulnerability-scanner plugin. It triggers on commands like "scan for vulnerabilities" or "/scan" to perform static analysis, dependency checks, and CVE detection. Use it to get a detailed report on code flaws, vulnerable dependencies, and insecure configurations.

This skill enables Claude to manage SSL/TLS certificates via the ssl-certificate-manager plugin. Use it when users request actions like checking expiry dates, renewing, or listing certificates. Key capabilities include listing, monitoring, and renewing certificates to maintain secure connections.

This skill enables Claude to detect SQL injection vulnerabilities in code by using a dedicated plugin to analyze codebases. It identifies potential SQL injection flaws and provides remediation guidance. Use it when a developer asks to scan for SQLi or check code for injection risks.

This skill automates SOC2 audit preparation by using the soc2-audit-helper plugin to gather evidence, generate reports, and identify compliance gaps. It's designed for developers needing help with initial audit tasks like security control checks and evidence collection. Use it when prompted about SOC2 compliance, audit preparation, or related security controls.

This skill analyzes codebases to identify session security vulnerabilities like insecure session IDs, improper expiration, or fixation attacks. Use it when auditing session handling or reviewing implementation against security best practices. It leverages the session-security-checker plugin to automatically scan for issues during code review.

This skill enables Claude to analyze infrastructure-as-code, application configs, and system settings to identify security vulnerabilities and compliance issues. Use it when you need to audit configurations, check for security weaknesses, or assess specific files for misconfigurations. It leverages a dedicated plugin to pinpoint common problems and assist with remediation.

This skill guides developers through the security incident response lifecycle, from initial classification to post-incident analysis. It helps with creating response playbooks, collecting evidence, and generating remediation steps. Use it when responding to incidents like data breaches, ransomware, or DDoS attacks.

This skill automatically analyzes a website's HTTP security headers to identify vulnerabilities and misconfigurations. It provides a detailed report with a grade, score, and actionable recommendations for improvement. Developers should use it when performing security audits or when users request checks for security headers or website vulnerabilities.

This skill generates comprehensive security audit reports from security data to assess vulnerabilities, compliance, and create remediation roadmaps. It is triggered by commands like `/audit-report` when users need a vulnerability assessment or security posture analysis. The skill produces detailed reports in various formats to help developers identify and track security issues.

This skill scans your codebase for exposed secrets like API keys and passwords using pattern matching and entropy analysis. It helps developers proactively identify and remediate security vulnerabilities before code is committed or deployed. Use it by triggering phrases like "scan for secrets" or "check for exposed credentials".

This skill automates web application penetration testing using the penetration-tester plugin to identify OWASP Top 10 vulnerabilities and suggest exploits. It triggers when users request a pentest, vulnerability assessment, or ask to exploit a web app, providing comprehensive security reports. Developers should use it for automated vulnerability scanning and security flaw identification.

This skill scans codebases and infrastructure configurations using the pci-dss-validator plugin to identify security vulnerabilities and deviations from PCI DSS standards. Use it when you need to validate PCI compliance, check PCI DSS controls, or assess the security of systems handling payment card data. It automates compliance checks to help ensure necessary security controls are met.

This skill automatically scans your codebase for OWASP Top 10 (2021) security vulnerabilities and generates a compliance report with remediation guidance. Use it to audit your application, identify critical security gaps, and adhere to industry standards. Trigger it by asking Claude to "check OWASP compliance" or using the `/owasp` shortcut.

This skill automatically scans source code to identify missing or weak input validation, helping prevent vulnerabilities like SQL injection and XSS. It's designed for use during code reviews and security audits to harden applications. The analysis is performed by leveraging a dedicated input-validation-scanner plugin.

This skill automatically scans codebases, infrastructure, and documentation for potential HIPAA violations using a dedicated compliance-checker plugin. It identifies issues related to data privacy, security, and access controls when handling protected health information (PHI). Use it when developers explicitly request compliance checks, scans, or readiness assessments for projects requiring HIPAA adherence.

This skill scans applications and data systems to identify GDPR compliance issues like data protection violations and consent management gaps. It's triggered by user requests to audit for GDPR or data privacy and leverages a dedicated plugin to perform the assessment. The scan generates a detailed report with actionable findings for developers.

This skill enables Claude to encrypt and decrypt data and files using various algorithms via the encryption-tool plugin. Use it when a user requests data encryption, decryption, or needs to secure sensitive information. It supports multiple encryption methods to ensure data confidentiality for general security tasks.

This skill scans project dependencies across npm, pip, composer, gem, and Go modules to detect security vulnerabilities, outdated packages, and license compliance issues. Use it via trigger phrases like "check dependencies" or "/depcheck" to identify risks in your codebase. It's ideal for developers needing automated dependency audits during project reviews or maintenance.

This skill scans code and configuration files for data privacy vulnerabilities like sensitive data exposure and compliance violations (e.g., GDPR, PII leaks). Use it for privacy audits or when checking projects that handle personal, financial, or health data. It automatically identifies risks using the data-privacy-scanner plugin with file access tools.

This skill analyzes web applications to identify CSRF vulnerabilities by validating protection mechanisms like synchronizer tokens and SameSite attributes. Use it to assess your application's security posture against CSRF attacks when prompted to test or check for CSRF protection. It examines endpoints and provides insights into weaknesses and remediation.

This skill validates CORS policies to identify security vulnerabilities and misconfigurations. It's triggered by requests to check, analyze, or validate CORS headers and configurations. Using a dedicated plugin, it helps developers ensure proper implementation to prevent unauthorized cross-origin requests.