By sickn33
Conduct comprehensive security assessments across web applications, APIs, cloud infrastructure, and Linux systems. Covers the full penetration testing lifecycle, SAST/DAST integration, OWASP Top 10 testing, threat modeling, and privilege escalation enumeration.
API security testing workflow for REST and GraphQL APIs covering authentication, authorization, rate limiting, input validation, and security best practices.
Execute comprehensive web application security testing using Burp Suite's integrated toolset, including HTTP traffic interception and modification, request analysis and replay, automated vulnerability scanning, and manual testing workflows.
Conduct comprehensive security assessments of cloud infrastructure across Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).
Master the complete penetration testing lifecycle from reconnaissance through reporting. This skill covers the five stages of ethical hacking methodology, essential tools, attack techniques, and professional reporting for authorized security assessments.
Execute systematic privilege escalation assessments on Linux systems to identify and exploit misconfigurations, vulnerable services, and security weaknesses that allow elevation from low-privilege user access to root-level control.
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Local, deterministic skill-stack composition for coding agents—from an explicit project profile to a reviewable plan before any target change.
Current release: V15.0.0. This release includes AAS Core under the Agent-First Preview claim for local search, inspection, recommendation, manifest validation, planning, and diagnosis. Apply and recovery remain experimental and outside the supported preview path.
Codex or Claude inspects your project using its own capabilities; AAS does not scan it. The agent sends the local, read-only AAS MCP an explicit project profile. AAS Core evaluates that profile and your policy against a verified local catalog, returns an explainable recommendation, and lets the agent propose aas-stack.json. The aas CLI validates that desired state and creates an immutable per-target plan before any skill changes are made.
Read the AAS Core preview guide →
Project
-> inspected by Codex or Claude (not by AAS)
-> explicit, allowlisted project profile
-> AAS MCP (local stdio, read-only)
-> deterministic AAS Core + verified local catalog
-> recommendation with evidence, exclusions, coverage, and unknowns
-> agent proposes aas-stack.json
-> AAS CLI validate + immutable plan preview
-> human review (optionally in Workbench)
The 1,967+ reusable SKILL.md playbooks, specialized plugins, bundles, workflows, and direct installers remain important. They are the content, curation, distribution, and compatibility layers around AAS Core—not competing primary products.
This is an independent community project. It is not affiliated with, sponsored by, endorsed by, or authorized by Google. Google, Antigravity, Gemini, and related product names are referenced only to describe compatibility and install targets. The GitHub repository is canonical; the hosted catalog and browser-local Workbench are companion discovery and review surfaces, not a hosted control plane.
The agent composes. You control. AAS keeps the stack reproducible.
AAS Core gives the repository one product model:
search_skills, get_skill, recommend_stack, inspect_stack, and diff_stack; it does not install skills, scan source files, call a remote model, or write to the project.aas-stack.json. The manifest pins catalog identity, targets, goals, policy, and exact skill IDs without storing repository source or model reasoning.aas stack validate checks the proposal, while aas stack plan produces an immutable, per-target plan without applying it.Editorial "AAS Agent & MCP Builder" bundle for Claude Code from Agentic Awesome Skills.
Editorial "AAS API Platform Builder" bundle for Claude Code from Agentic Awesome Skills.
Editorial "Security Developer" bundle for Claude Code from Agentic Awesome Skills.
Editorial "DDD & Evented Architecture" bundle for Claude Code from Agentic Awesome Skills.
Editorial "Mobile Developer" bundle for Claude Code from Agentic Awesome Skills.
npx claudepluginhub sickn33/agentic-awesome-skills --plugin agentic-bundle-aas-security-engineerEditorial "Security Engineer" bundle for Claude Code from Agentic Awesome Skills.
Cybersecurity skills for AI agents — code audit, cloud, recon, IR, AI security, and more
Professional security tools for Claude Code: vulnerability scanning, compliance, cryptography audit, container & API security
Compliance and security skills for HIPAA, GDPR, SOC2, PCI-DSS audits, infrastructure hardening, incident planning, and secrets management.
A team of AI security specialists embedded in your coding workflow. 8 agents covering every phase of the Secure SDLC: requirements, threat modelling, code review, IaC security, compliance, and release gating. Works with Claude Code, Cursor, Windsurf, and any MCP-compatible tool.
OWASP Top 10 2025 기반 보안 리뷰 및 취약점 분석 스킬