From kagents
OWASP Top 10 for .NET and PowerShell — injection (SQL, XSS, Invoke-Expression), broken access control ([Authorize], CORS), cryptographic failures (bcrypt, no MD5/SHA1), vulnerable dependencies (dotnet audit), SecureString, TLS 1.2+. USE FOR: reviewing code for security vulnerabilities, auditing dependencies, checking OWASP compliance. DO NOT USE FOR: general code quality review (use code-reviewer agent) or dependency updates (use security-auditor agent).
npx claudepluginhub grexyloco/k.agents --plugin kagentsThis skill uses the workspace's default tool permissions.
- [ ] `[Authorize]` auf allen nicht-öffentlichen Endpoints
Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.
Guides building MCP servers enabling LLMs to interact with external services via tools. Covers best practices, TypeScript/Node (MCP SDK), Python (FastMCP).
Share bugs, ideas, or general feedback.
[Authorize] auf allen nicht-öffentlichen EndpointsAllowAny)UseHttpsRedirection)FromSqlRaw mit Parametern)MarkupString mit User-InputProcess.Start mit User-InputInvoke-Expression mit User-InputASPNETCORE_ENVIRONMENT nicht Development in Proddotnet list package --vulnerable --include-transitive
dotnet audit
SecureString für Passwörter[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12Invoke-RestMethod