security-guardian

Get step-by-step guidance to fix a specific security vulnerability

Run comprehensive security scan on codebase for OWASP vulnerabilities

Comprehensive API security for REST and GraphQL APIs. Use this skill when building or reviewing API endpoints, implementing authentication, or securing data transfer. Activate when: API security, REST security, GraphQL security, API authentication, API rate limiting, API versioning, secure endpoint, API design.

OWASP A09 - Using Components with Known Vulnerabilities. Use this skill when auditing dependencies, updating packages, or reviewing security advisories. Activate when: npm audit, dependency check, vulnerable package, CVE, security advisory, outdated packages, supply chain, package vulnerability, Dependabot, Snyk.

JSON Web Token security best practices. Use this skill when implementing JWT authentication, validating tokens, or reviewing JWT usage. Activate when: JWT, JSON Web Token, token authentication, bearer token, refresh token, token validation, JWT secret, token expiry.

Find and prevent leaked secrets, API keys, and credentials in code. Use this skill when reviewing code for exposed secrets, setting up pre-commit hooks, or auditing repositories. Activate when: leaked secret, API key exposed, credentials in code, hardcoded password, secret scanning, git secrets, pre-commit hook.

Systematic security code review methodology. Use this skill when reviewing pull requests for security issues, auditing critical code paths, or performing security assessments. Activate when: security review, code audit, secure code, review PR for security, find vulnerabilities, security assessment.

OWASP A05 - Broken Access Control Detection. Use this skill when implementing authorization, checking permissions, or auditing who can access what resources. Activate when: authorization, permissions, access control, RBAC, ABAC, admin access, privilege escalation, IDOR, direct object reference, role check, can user access.

OWASP A02 - Broken Authentication Detection. Use this skill when reviewing login systems, session management, password handling, or authentication flows. Activate when: login, authentication, password, session, token, JWT, OAuth, credentials, sign in, logout, remember me, forgot password, password reset, MFA, 2FA.

OWASP A01 - Injection Prevention. Use this skill when reviewing code for SQL injection, NoSQL injection, command injection, LDAP injection, or any user input that reaches databases, shells, or interpreters. Activate when: SQL query, database query, user input, command execution, shell command, exec, eval, system call, parameterized query.

OWASP A06 - Security Misconfiguration Detection. Use this skill when configuring servers, frameworks, cloud services, or deploying applications. Activate when: server config, nginx config, apache config, CORS, headers, debug mode, default credentials, error messages, directory listing, cloud security, S3 bucket, environment variables.

OWASP A07 - Cross-Site Scripting (XSS) Prevention. Use this skill when rendering user input in HTML, handling DOM manipulation, or building frontend components. Activate when: XSS, cross-site scripting, user input display, innerHTML, dangerouslySetInnerHTML, template injection, script injection, sanitize HTML, escape output.

Snyk for dependency vulnerability scanning

GitHub Security features - Dependabot, code scanning

Semgrep for static analysis and security rules

Trivy for container and IaC security scanning

HashiCorp Vault for secrets management