forge-security
This skill uses Claude hooks which can execute code automatically in response to events. Review carefully before installing.
Forge Security
Cross-Platform AI Agent Skill This skill works with any AI agent platform that supports the skills.sh standard.
Security Audit
OWASP Top 10 2021 focused security audit for SaaS applications. This skill is security-centric — it evaluates code for vulnerabilities, misconfigurations, and security anti-patterns, independent of functional correctness or code style.
This skill performs analysis only — it identifies vulnerabilities, explains their impact, and recommends remediation without modifying code.
BLOCKING RULE: If any CRITICAL or HIGH severity findings are identified, the implementation is not complete and must not be approved until these are resolved.
Anti-Hallucination Guidelines
CRITICAL: Security findings must be grounded in actual code evidence:
- Read before reporting — Never report a vulnerability in code you have not read
- Exact references — Every finding must include
file:lineand a code excerpt - No invented CVEs — Only reference real vulnerabilities when citing external context
More from mgiovani/cc-arsenal
find-skills
Discover and install third-party agent skills from the skills.sh ecosystem.
36agent-browser
Headless browser automation CLI optimized for AI agents. Uses snapshot + refs system for 93% less context overhead vs Playwright. Purpose-built for web testing, form automation, screenshots, and data extraction.
12jira-cli
Interactive CLI for Atlassian Jira issue, epic, and sprint management.
9git-commit
Generate conventional commits following conventionalcommits.org specification.
8inject-docs
Inject framework-specific best practices into CLAUDE.md. Supports Next.js
7refactor
Safe codebase refactoring with characterization tests, incremental changes, and continuous verification. Automatically activates when users want to refactor code, extract methods/classes, simplify logic, reduce duplication, improve naming, restructure modules, or clean up technical debt.
7