Labsco

Agent Skills

Instruction packs that give your AI agent know-how. Three different kinds — pick the right one below.

Security

86 standalone skills
bitwarden logo

auditing-hackerone-vulns

121

by bitwarden

Audit all open HackerOne-sourced VULN Jira tickets and their linked engineering child items to identify what needs action. Use this skill whenever the user wants to: check VULN ticket status, see which HackerOne findings need status updates, identify vulnerabilities ready to verify or close, run a remediation audit, check "what do I need to do on my VULN tickets today", or get a prioritized view of open vulnerabilities. Outputs a sorted action table with emoji tokens. Always use this skill for H

bitwarden logo

detecting-secrets

121

by bitwarden

This skill should be used when the user asks to "find hardcoded secrets", "audit for credential leaks", "check for API keys in code", "review secret scanning alerts", "rotate a leaked secret", or needs to detect hardcoded credentials, review secret handling patterns, or remediate exposed secrets.

🔥🔥🔥🔥✓ VerifiedFreeQuick setup
bitwarden logo

reviewing-claude-config

121

by bitwarden

Reviews Claude configuration files for security, structure, and prompt engineering quality. Use when reviewing changes to CLAUDE.md files (project-level or .claude/), skills (SKILL.md), agents, prompts, commands, or settings. Validates YAML frontmatter, progressive disclosure patterns, token efficiency, and security best practices. Detects critical issues like committed settings.local.json, hardcoded secrets, malformed YAML, broken file references, oversized skill files, and insecure agent tool

🔥🔥🔥✓ VerifiedFreeQuick setup
bitwarden logo

analyzing-code-security

121

by bitwarden

This skill should be used when the user asks to "analyze code for security issues", "check for OWASP vulnerabilities", "review code against CWE Top 25", "find injection vulnerabilities", "do a security code review", or needs manual security analysis against OWASP Top 10, API Top 10, Mobile Top 10, or CWE/SANS frameworks.

🔥🔥🔥🔥✓ VerifiedFreeQuick setup
bitwarden logo

architecting-solutions

121

by bitwarden

Framework for architecting solutions inside a team's domain while staying coherent with Bitwarden's holistic architecture. Covers security mindset, blast radius assessment, architectural judgment, Bitwarden-specific constraints, working with the architecture group, and working with initiative shepherds. Use when planning a solution, reviewing architecture within a team's scope, assessing blast radius, evaluating trade-offs, or deciding whether a choice needs architecture-group input.

🔥🔥🔥🔥✓ VerifiedFreeQuick setup
bitwarden logo

threat-modeling

121

by bitwarden

This skill should be used when the user asks to "create a threat model", "define security goals", "generate a data flow diagram", "write security definitions", "perform an initial security assessment", or needs to produce threat model artifacts for new features or architecture changes.

🔥🔥🔥🔥✓ VerifiedFreeQuick setup
bitwarden logo

perform-security-review

121

by bitwarden

Performs a security-focused code review by launching multiple specialized agents and a verification agent to ensure comprehensive coverage and accurate findings. Use this skill when the user asks for a "perform-security-review", "bitwarden-security-review", "execute a security review", "run a comprehensive security audit", "perform an end-to-end security assessment", or needs to coordinate multiple security checks across code, dependencies, secrets, and configurations. The skill manages the work

🔥🔥🔥🔥✓ VerifiedFreeQuick setup
bitwarden logo

reviewing-dependencies

121

by bitwarden

This skill should be used when the user asks to "review Dependabot alerts", "check for vulnerable dependencies", "audit third-party packages", "assess supply chain risk", "run Grype scan", or needs to evaluate dependency health, transitive risk, or supply chain security.

🔥🔥🔥🔥✓ VerifiedFreeQuick setup
bitwarden logo

reviewing-dependency-changes

121

by bitwarden

Use this skill when a PR diff contains changes to dependency manifest files (package.json, .csproj, Cargo.toml, go.mod, requirements.txt, etc.) or when reviewing Renovate/Dependabot bot PRs. Evaluates new dependencies for AppSec approval process compliance, major version bump significance, lock file hygiene, and dependency removal completeness. Does NOT perform deep security or license analysis — that is handled by the bitwarden-security-engineer plugin's reviewing-dependencies skill.

🔥🔥🔥✓ VerifiedFreeQuick setup
bitwarden logo

triaging-security-findings

121

by bitwarden

This skill should be used when the user asks to "triage security findings", "fix a Checkmarx finding", "review SonarCloud results", "dismiss a false positive", "check code scanning alerts", or needs to work with GitHub Advanced Security alerts, scanner annotations on PRs, or Grype vulnerability results.

🔥🔥🔥✓ VerifiedFreeQuick setup
warpdotdev logo

validate-changes-match-specs

119

by warpdotdev

Validate that a branch or pull request implementation matches introduced product, technical, security, and related specs. Use when reviewing or finishing a spec-driven change and resolving mismatches between checked-in specs and implementation.

webflow logo

webflow-cli:troubleshooter

100

by webflow

Diagnose and fix Webflow CLI issues including installation problems, authentication failures, build errors, and bundle problems. Uses CLI diagnostic flags (--version, --help, --verbose, --debug-bundler) for troubleshooting.

🔥🔥FreeQuick setup
Factory-AI logo

threat-model-generation

90

by factory-ai

Generate a STRIDE-based security threat model for a repository. Use when setting up security monitoring, after architecture changes, or for security audits.

🔥🔥🔥🔥✓ VerifiedFreeQuick setup
Factory-AI logo

review

90

by factory-ai

Review code changes and identify high-confidence, actionable bugs. Use when the user wants to: - Review a pull request or branch diff - Find bugs, security issues, or correctness problems in code changes - Get a structured summary of review findings

🔥🔥🔥✓ VerifiedFreeQuick setup
Factory-AI logo

vulnerability-validation

90

by factory-ai

Validate security findings from commit-security-scan by assessing exploitability, filtering false positives, and generating proof-of-concept exploits. Use after running commit-security-scan to confirm vulnerabilities.

🔥🔥🔥✓ VerifiedFreeQuick setup
Factory-AI logo

commit-security-scan

90

by factory-ai

Analyze code changes for security vulnerabilities using LLM reasoning and threat model patterns. Use for PR reviews, pre-commit checks, or branch comparisons.

🔥🔥🔥🔥✓ VerifiedFreeQuick setup
Factory-AI logo

security-review

90

by factory-ai

Scan code changes for security vulnerabilities using STRIDE threat modeling, validate findings for exploitability, and output structured results for downstream patch generation. Supports PR review, scheduled scans, and full repository audits.

🔥🔥🔥🔥✓ VerifiedFreeQuick setup
pulumi logo

pulumi-best-practices

61

by pulumi

Load when the user is writing, reviewing, or debugging Pulumi TypeScript/Python programs; asks about Output<T> or apply() usage; wants to create ComponentResource classes; needs to refactor resources without destroying them (aliases); is setting up secrets or config; or is configuring a pulumi preview/up CI workflow. Also load for questions about resource dependency order, parent/child resource relationships, or pulumi.interpolate.

🔥🔥🔥🔥✓ VerifiedFreeQuick setup
clerk logo

clerk

54

by clerk

Clerk authentication router. Use when user asks about Clerk CLI operations,

🔥🔥🔥🔥✓ VerifiedFreeQuick setup
clerk logo

clerk-setup

54

by clerk

Add Clerk authentication to any project by following the official quickstart

🔥🔥🔥🔥✓ VerifiedFreeQuick setup
encoredev logo

encore-go-secret

25

by encoredev

Manage API keys, credentials, and other secrets in Encore Go using a package-level `secrets` struct.

encoredev logo

encore-go-auth

25

by encoredev

Protect Encore Go endpoints with authentication and authorize callers. Covers `auth.AuthHandler`, `auth.UserID`, the `Authorization` header, and `//encore:api auth`.

🔥🔥🔥✓ VerifiedFreeQuick setup
encoredev logo

encore-secret

25

by encoredev

Manage API keys, credentials, and other secrets in Encore.ts using `secret(...)` from `encore.dev/config`.

encoredev logo

encore-auth

25

by encoredev

Protect Encore.ts endpoints with authentication and authorize callers. Covers `authHandler`, `Gateway`, `getAuthData`, and `auth: true`.

🔥🔥🔥✓ VerifiedFreeQuick setup
agentspace-so logo

find-skills

12

by agentspace-so

Discover, vet, and install agent skills by searching ACROSS every major registry at once — skills.sh, clawhub.ai, and GitHub — presenting each board on its own native metric (installs / stars) with the top entry per board, security-scanning the top candidates' real SKILL.md for risky patterns, and flagging what's already installed. Use when the user asks "how do I do X", "find a skill for X", "is there a skill that…", "what skill should I install for…", or wants to extend the agent with a capabi

🔥🔥🔥🔥✓ VerifiedFreeQuick setup
semgrep logo

setup-semgrep-plugin

by semgrep

Set up the Semgrep plugin by installing Semgrep, authenticating, and verifying compatibility

🔥🔥✓ VerifiedFreeQuick setup
← PrevPage 3 of 3