security-auditor
Automatic detection of OWASP Top 10 vulnerabilities and insecure code patterns across your codebase.
- Scans for SQL injection, XSS, hardcoded secrets, weak authentication, broken access control, and insecure deserialization with severity-based alerts
- Activates automatically on code file changes, dependency updates, configuration modifications, and before deployments
- Provides specific remediation guidance with code examples and references to OWASP and CWE standards
- Integrates with dependency auditing tools (npm audit, pip-audit) and pairs with the @code-reviewer sub-agent for deeper threat modeling
Security Auditor Skill
Automatic security vulnerability detection.
When I Activate
- ✅ Code files modified (especially auth, API, database)
- ✅ User mentions security or vulnerabilities
- ✅ Before deployments or commits
- ✅ Dependency changes
- ✅ Configuration file changes
What I Scan For
OWASP Top 10 Patterns
1. SQL Injection
// CRITICAL: SQL injection
More from ovachiever/droid-tings
react-hook-form-zod
|
458nextjs-shadcn-builder
Build new Next.js applications or migrate existing frontends (React, Vue, Angular, vanilla JS, etc.) to Next.js + shadcn/ui with systematic analysis and conversion. Enforces shadcn design principles - CSS variables for theming, standard UI components, no hardcoded values, consistent typography/colors. Use for creating Next.js apps, migrating frontends, adopting shadcn/ui, or standardizing component libraries. Includes MCP integration for shadcn documentation and automated codebase analysis.
226deep-reading-analyst
Comprehensive framework for deep analysis of articles, papers, and long-form content using 10+ thinking models (SCQA, 5W2H, critical thinking, inversion, mental models, first principles, systems thinking, six thinking hats). Use when users want to: (1) deeply understand complex articles/content, (2) analyze arguments and identify logical flaws, (3) extract actionable insights from reading materials, (4) create study notes or learning summaries, (5) compare multiple sources, (6) transform knowledge into practical applications, or (7) apply specific thinking frameworks. Triggered by phrases like 'analyze this article,' 'help me understand,' 'deep dive into,' 'extract insights from,' 'use [framework name],' or when users provide URLs/long-form content for analysis.
190playwright browser automation
Complete browser automation with Playwright. Auto-detects dev servers, writes clean test scripts to /tmp. Test pages, fill forms, take screenshots, check responsive design, validate UX, test login flows, check links, automate any browser task. Use when user wants to test websites, automate browser interactions, validate web functionality, or perform any browser-based testing.
145threejs-graphics-optimizer
Performance optimization rules for THREE.js and graphics programming. Covers mobile-first optimization, fallback patterns, memory management, render loop efficiency, and general graphics best practices for smooth 60fps experiences across devices.
107react-native-expo
|
99