Agent Skills
Instruction packs that give your AI agent know-how. Three different kinds — pick the right one below.
✦ Standalone skills2,933
Self-contained. Install one into any project and it works on its own — no other software needed.
🧰 Tool add-ons725
Come bundled with a specific tool and only work together with it — they teach your agent how to operate that tool.
ai-prompt-engineering-safety-review
✓★ 36,200by github
Comprehensive safety analysis and improvement framework for AI prompts with detailed assessment methodologies. Evaluates prompts across eight dimensions: safety, bias detection, security, effectiveness, best practices compliance, pattern analysis, technical robustness, and performance optimization Provides structured analysis reports with risk scoring, critical issue identification, and strength assessment across all evaluation criteria Delivers improved prompt versions with specific...
security-best-practices
✓★ 23,200by openai
Language and framework-specific security reviews with actionable vulnerability detection and fix guidance. Supports Python, JavaScript/TypeScript, and Go with framework-specific best practices loaded from a references directory Operates in three modes: secure-by-default code generation, passive vulnerability detection during development, and full security audit reports with severity prioritization Generates detailed markdown reports with line-number references, impact statements, and numeric...
security-ownership-map
✓★ 23,200by openai
Analyze git repositories to build a security ownership topology (people-to-file), compute bus factor and sensitive-code ownership, and export CSV/JSON for…
code-checklist
✓★ 2,700by github
Team code quality checklist - use for checking Python code quality, bugs, security issues, and best practices
native-data-fetching
✓★ 2,200by expo
Network requests, API calls, and data fetching for Expo apps with caching, error handling, and offline support. Covers fetch API, React Query, error handling patterns, token management with expo-secure-store, and retry logic with exponential backoff Includes offline-first strategies using NetInfo and React Query persistence, plus environment variable configuration with EXPO_PUBLIC_ prefix for client-side URLs Supports Expo Router data loaders ( useLoaderData ) for route-level data loading on...
owasp-agentic
✓★ 1,200by microsoft
OWASP Agentic Security Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in AI agent systems - Brought to you by…
owasp-mcp
✓★ 1,200by microsoft
OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments - Brought to…
auditing-skills
★ 605by dbt-labs
Use when checking skills for security or quality issues, reviewing audit results from skills.sh or Tessl, or remediating findings across published skills.
dv-security
✓★ 161by microsoft
Security-role assignment, user access, application users, business units, and admin self-elevation in Dataverse environments. Use when the user wants to give…
threat-modeling
★ 121by bitwarden
This skill should be used when the user asks to "create a threat model", "define security goals", "generate a data flow diagram", "write security definitions",…
triaging-security-findings
★ 121by bitwarden
This skill should be used when the user asks to "triage security findings", "fix a Checkmarx finding", "review SonarCloud results", "dismiss a false positive",…
analyzing-code-security
★ 121by bitwarden
This skill should be used when the user asks to "analyze code for security issues", "check for OWASP vulnerabilities", "review code against CWE Top 25", "find…
perform-security-review
★ 121by bitwarden
Performs a security-focused code review by launching multiple specialized agents and a verification agent to ensure comprehensive coverage and accurate…
reviewing-claude-config
★ 121by bitwarden
Reviews Claude configuration files for security, structure, and prompt engineering quality. Use when reviewing changes to CLAUDE.md files (project-level or…
reviewing-security-architecture
★ 121by bitwarden
This skill should be used when the user asks to "review the security architecture", "check authentication patterns", "evaluate trust boundaries", "review…
code-review
★ 120by coderabbitai
AI-powered code review using CodeRabbit, triggered on explicit request or autonomously when quality/security issues are detected. Identifies bugs, security vulnerabilities, and quality risks; groups findings by severity (Critical, Warning, Info) Supports reviewing staged, committed, or all changes; can compare against specific branches or commit hashes Offers two output modes: --plain for detailed feedback with fix suggestions, or --prompt-only for minimal agent-optimized output Enables...
vulnerability-validation
★ 90by factory-ai
Validate security findings from commit-security-scan by assessing exploitability, filtering false positives, and generating proof-of-concept exploits. Use…
security-review
★ 90by factory-ai
Scan code changes for security vulnerabilities using STRIDE threat modeling, validate findings for exploitability, and output structured results for downstream…
threat-model-generation
★ 90by factory-ai
Generate a STRIDE-based security threat model for a repository. Use when setting up security monitoring, after architecture changes, or for security audits.
commit-security-scan
★ 90by factory-ai
Analyze code changes for security vulnerabilities using LLM reasoning and threat model patterns. Use for PR reviews, pre-commit checks, or branch comparisons.
code-review
★ 49by coderabbitai
Reviews code changes using CodeRabbit AI. Use when user asks for code review, PR feedback, code quality checks, security issues, or wants autonomous fix-review…
auth0-fastify-api
★ 37by auth0
Use when securing Fastify API endpoints with JWT Bearer token validation, scope/permission checks, or stateless auth - integrates @auth0/auth0-fastify-api for…
find-skills
★ 11by agentspace-so
Discover, vet, and install agent skills by searching ACROSS every major registry at once — skills.sh, clawhub.ai, and GitHub — presenting each board on its own native metric (installs / stars) with the top entry per board, security-scanning the top candidates' real SKILL.md for risky patterns, and flagging what's already installed. Use when the user asks "how do I do X", "find a skill for X", "is there a skill that…", "what skill should I install for…", or wants to extend the agent with a...