Agent Skills
Instruction packs that give your AI agent know-how. Three different kinds — pick the right one below.
✦ Standalone skills2,933
Self-contained. Install one into any project and it works on its own — no other software needed.
🧰 Tool add-ons726
Come bundled with a specific tool and only work together with it — they teach your agent how to operate that tool.
firebase-auth-basics
✓★ 370by firebase
Set up Firebase Authentication with multiple identity providers and secure data access. Supports email/password, phone number, anonymous, federated providers (Google, Facebook, Twitter, GitHub, Microsoft, Apple), and custom auth integration Users are identified by unique UIDs with optional properties including email, display name, photo URL, and email verification status Authentication via CLI enables Google Sign In, anonymous auth, and email/password; other providers require Firebase...
🔌 Part of the agent-skills plugin
firebase-firestore
✓★ 370by firebase
Before setting up dependencies, writing data models, or configuring security rules, you MUST always identify the Firestore instance edition.
🔌 Part of the agent-skills plugin
AWS Cost & Operations
★ 326by zxkane
This skill provides AWS cost optimization, monitoring, and operational best practices with integrated MCP servers for billing analysis, cost estimation, observability, and security assessment.
llm-security
★ 232by semgrep
Security guidelines for LLM applications based on OWASP Top 10 for LLM 2025. Use when building LLM apps, reviewing AI security, implementing RAG systems, or…
semgrep
★ 232by semgrep
Run Semgrep static analysis scans and create custom detection rules. Use when asked to scan code with Semgrep, find security vulnerabilities, write custom YAML…
code-security
★ 232by semgrep
Security guidelines for writing secure code. Use when writing code, reviewing code for vulnerabilities, or asking about secure coding practices like 'check for…
azure-compliance
✓★ 226by Azure
Comprehensive Azure compliance and security auditing capabilities including best practices assessment, Key Vault expiration monitoring, and resource configuration validation.
azure-aigateway
✓★ 226by Azure
Configure Azure API Management (APIM) as AI Gateway to secure, observe, control AI models, MCP servers, agents. Helps with rate limiting, semantic caching, content safety, load balancing.
wp-plugin-development
★ 208by automattic
Use when developing WordPress plugins: architecture and hooks, activation/deactivation/uninstall, admin UI and Settings API, data storage, cron/tasks, security…
dv-security
✓★ 161by microsoft
Security-role assignment, user access, application users, business units, and admin self-elevation in Dataverse environments. Use when the user wants to give…
site-launch-checklist
★ 157by samber
Pre-launch checklist for shipping a new website. Orchestrates analytics setup (GA4, PostHog, Google Search Console, Ahrefs), legal compliance, security headers and audit, SEO and GEO with keyword research validated against Google Trends (robots.txt, sitemaps, llms.txt, AI policy, schema markup, hreflang), copywriting consistency via a TONE.md and a humanizer pass in the matching language, OpenGraph and social previews, full favicon set with manifest, quality gates (Lighthouse, Core Web...
🔌 Part of the cc-skills plugin
reviewing-security-architecture
★ 121by bitwarden
This skill should be used when the user asks to "review the security architecture", "check authentication patterns", "evaluate trust boundaries", "review…
threat-modeling
★ 121by bitwarden
This skill should be used when the user asks to "create a threat model", "define security goals", "generate a data flow diagram", "write security definitions",…
reviewing-claude-config
★ 121by bitwarden
Reviews Claude configuration files for security, structure, and prompt engineering quality. Use when reviewing changes to CLAUDE.md files (project-level or…
perform-security-review
★ 121by bitwarden
Performs a security-focused code review by launching multiple specialized agents and a verification agent to ensure comprehensive coverage and accurate…
triaging-security-findings
★ 121by bitwarden
This skill should be used when the user asks to "triage security findings", "fix a Checkmarx finding", "review SonarCloud results", "dismiss a false positive",…
analyzing-code-security
★ 121by bitwarden
This skill should be used when the user asks to "analyze code for security issues", "check for OWASP vulnerabilities", "review code against CWE Top 25", "find…
code-review
★ 120by coderabbitai
AI-powered code review using CodeRabbit, triggered on explicit request or autonomously when quality/security issues are detected. Identifies bugs, security vulnerabilities, and quality risks; groups findings by severity (Critical, Warning, Info) Supports reviewing staged, committed, or all changes; can compare against specific branches or commit hashes Offers two output modes: --plain for detailed feedback with fix suggestions, or --prompt-only for minimal agent-optimized output Enables...
🔌 Part of the skills plugin
threat-model-generation
★ 90by factory-ai
Generate a STRIDE-based security threat model for a repository. Use when setting up security monitoring, after architecture changes, or for security audits.
graphql-schema
★ 90by apollographql
Industry best practices guide for designing intuitive, performant, and maintainable GraphQL schemas. Covers core design principles including client-centric type organization, explicit nullability patterns, and backwards-compatible evolution strategies Provides reference documentation on types, naming conventions, cursor-based pagination, error modeling, and security considerations Includes practical patterns for interfaces, unions, input types, mutations, and ID strategies with code examples...
🔌 Part of the skills plugin
commit-security-scan
★ 90by factory-ai
Analyze code changes for security vulnerabilities using LLM reasoning and threat model patterns. Use for PR reviews, pre-commit checks, or branch comparisons.
security-review
★ 90by factory-ai
Scan code changes for security vulnerabilities using STRIDE threat modeling, validate findings for exploitability, and output structured results for downstream…
vulnerability-validation
★ 90by factory-ai
Validate security findings from commit-security-scan by assessing exploitability, filtering false positives, and generating proof-of-concept exploits. Use…
redis-development
✓★ 82by redis
Redis performance optimization across data structures, query engines, vector search, and semantic caching. Covers 29 prioritized rules across 11 categories including data modeling, memory management, Redis Query Engine (RQE), vector search with RedisVL, and LangCache semantic caching Provides structured guidance for connection pooling, JSON document handling, streams, clustering, security (ACLs), and observability Each rule includes explanations, correct examples, anti-patterns or usage...
secure-linux-web-hosting
★ 70by xixu-me
Use when setting up, hardening, or reviewing a cloud server for self-hosting, including DNS, SSH, firewalls, Nginx, static-site hosting, reverse-proxying an app, HTTPS with Let's Encrypt or ACME clients, safe HTTP-to-HTTPS redirects, or optional post-launch network tuning such as BBR.
openclaw-secure-linux-cloud
★ 70by xixu-me
Use when self-hosting OpenClaw on a cloud server, hardening a remote OpenClaw gateway, choosing between SSH tunneling, Tailscale, or reverse-proxy exposure, or reviewing Podman, pairing, sandboxing, token auth, and tool-permission defaults for a secure personal deployment.
github-actions-docs
★ 70by xixu-me
Use when users ask how to write, explain, customize, migrate, secure, or troubleshoot GitHub Actions workflows, workflow syntax, triggers, matrices, runners, reusable workflows, artifacts, caching, secrets, OIDC, deployments, custom actions, or Actions Runner Controller, especially when they need official GitHub documentation, exact links, or docs-grounded YAML guidance.
opensource-guide-coach
★ 70by xixu-me
Use when a user wants guidance on starting, contributing to, growing, governing, funding, securing, or sustaining an open source project, or asks about contributor onboarding, community health, maintainer burnout, code of conduct, metrics, legal basics, or open source project adoption.
mapbox-token-security
★ 68by mapbox
Security best practices for Mapbox access tokens, including scope management, URL restrictions, rotation strategies, and protecting sensitive data. Use when…
🔌 Part of the mapbox-agent-skills plugin
code-review
★ 49by coderabbitai
Reviews code changes using CodeRabbit AI. Use when user asks for code review, PR feedback, code quality checks, security issues, or wants autonomous fix-review…
🔌 Part of the claude-plugin plugin