vscode-extension-expert
This skill provides expert-level guidance for VS Code extension development. Use when implementing new extension features, debugging extension code, designing WebView UIs, implementing Language Server Protocol features, or optimizing extension performance. Covers activation events, contribution points, VS Code API patterns, security best practices, testing strategies, state persistence, file watchers, singleton webview pattern, and publishing workflows.
TokenOracle
Hosted MCP server for LLM cost estimation, model comparison, and budget-aware routing.
Slack MCP Server
Slack MCP for self-host or managed Cloud, with Gemini CLI and secure-default HTTP.
Io.Github.JnMetaCode/Shellward
AI agent security: 7 MCP tools for injection detection, PII scanning, command safety, DLP.
Io.Github.Tyox All/Mund
AI security scanner - secrets, PII, prompt injection, and exfiltration detection.
Io.Github.Inkog Io/Inkog
Scan AI agents for security vulnerabilities. Audit MCP servers before installation.
Defenter Proxy
Real-time semantic security for AI coding agents and MCP tools
MCP Workboard
Secure MCP server for WorkBoard OKR and strategy execution platform
ability-analysis
Trigger Pattern Always (Aptos Move) - foundational security check - Inject Into Breadth agents, depth agents
Arcjet
An MCP server for Arcjet - the runtime security platform that ships with your AI code.
narsil
Use narsil-mcp code intelligence tools effectively. Use when searching code, finding symbols, analyzing call graphs, scanning for security vulnerabilities, exploring dependencies, or performing static analysis on indexed repositories.
Egnyte Remote MCP Server
Egnyte's remote MCP server for secure AI access, search, upload and file management in your account.
Server
Create and manage your own Certificate Authority for internal HTTPS.
rails-audit-thoughtbot
Perform comprehensive code audits of Ruby on Rails applications based on thoughtbot best practices. Use this skill when the user requests a code audit, code review, quality assessment, or analysis of a Rails application. The skill analyzes the entire codebase focusing on testing practices (RSpec), security vulnerabilities, code design (skinny controllers, domain models, PORO with ActiveModel), Rails conventions, database optimization, and Ruby best practices. Outputs a detailed markdown audit report grouped by category (Testing, Security, Models, Controllers, Code Design, Views) with severity levels (Critical, High, Medium, Low) within each category.
Io.Github.Debu Sinha/Excalidraw
Security-hardened Excalidraw MCP server with auth, rate limiting, and 14 tools
Judges Panel
45 judges that evaluate AI-generated code for security, cost, and quality with built-in AST.
SkillsSafe Security Scanner
AI skill security scanner. Detects prompt injection, credential theft, ClawHavoc. Free, no signup.
pwa-review
Comprehensive 185-point PWA audit beyond Lighthouse - analyzes manifest, service worker, offline capabilities, security, iOS compatibility, and advanced PWA features
Io.Github.Aguantar/Vibescan Mcp Server
MCP server for VibeScan — scan projects for leaked secrets and security issues
AnnualReports
Security report aggregation. USE WHEN annual reports, security reports, threat reports.
Gossiper Shopify Admin MCP Server
Control Shopify Admin tasks with agents or via prompt. Ultra slim integration, fast and secure.
product-architect
Complete product development system with 31 specialized agents and 23 frameworks. Use when user asks to build a product, write a PRD, create a roadmap, plan an MVP, design an app, do a security audit, create a financial model, plan hiring, launch a product, set up operations, prepare for IPO, or write a compliance policy. Also triggers on help me plan, product strategy, go-to-market, fundraising, pitch deck, unit economics, competitive analysis, user personas, sprint planning, SOP, checklist for, or how do I start a company. Do NOT use for general knowledge questions, coding tutorials, or creative writing unrelated to product development.
solodit
Search Solodit for similar smart contract security findings. Use when reviewing vulnerabilities, comparing to known issues, or researching prior art from real audits.
Security guardrails for Claude Code, MCP tools, and Claude cowork workflows. Local-first modular YARA-style guard packs for secrets, exfiltration, prompt injection, MCP abuse, and risky agent actions.
Inspect the current Secure Claude Code posture, enabled protections, and recent audit events.
solskill
Create production grade smart contracts. Use this skill when the user asks to write smart contracts, specially if they are going to be deployed to production (to a mainnet, or used in a mainnet script).
Redmine Mcp Server
Production-ready MCP server for Redmine with security, pagination, and enterprise features
Shrike Security
AI agent security scanner — prompt injection detection, SQL injection, PII isolation, threat intel.
diy-mcp-connector
Builds a dedicated MCP server for a single web app by walking through API discovery, tool design, security review, implementation, testing, and deployment. Use when the user asks to create an MCP server, connect a web app to Claude Code, or build a tool integration for any web app.
api-security
API security best practices and common vulnerability prevention. Enforces security checks for authentication, input validation, SQL injection, XSS, and OWASP Top 10 vulnerabilities. Use when building or modifying APIs.
Coderegistry
Enterprise code intelligence for M&A, security audits, and tech debt. Hosted server with 200k free.
write-check-v2
Write security checks using the CheckDefinitionV2 system. Use when creating new checks, converting V1 checks to V2, or when the user asks to implement a vulnerability scanner check. Covers defineCheckV2, defineRegexCheck, CheckContext API, parameter injection, testing with testCheck/mockTarget, and registration.
fastify-best-practices
Guides development of Fastify Node.js backend servers and REST APIs using TypeScript or JavaScript. Use when building, configuring, or debugging a Fastify application â including defining routes, implementing plugins, setting up JSON Schema validation, handling errors, optimising performance, managing authentication, configuring CORS and security headers, integrating databases, working with WebSockets, and deploying to production. Covers the full Fastify request lifecycle (hooks, serialization, logging with Pino) and TypeScript integration via strip types. Trigger terms: Fastify, Node.js server, REST API, API routes, backend framework, fastify.config, server.ts, app.ts.
Npm Mcp
MCP server for npm package management, security analysis, and compatibility checking
Docusign Navigator
Secure Docusign Navigator integration for AI assistants to access and analyze agreement data.
firewall-auditor
Audit UniFi firewall policies for conflicts, redundancies, security gaps, and best practices. Use when asked to review firewall rules, check for security issues, audit network policies, or optimize firewall configuration.
Website Search
Write better IR reports, improve security writing, and plan cybersecurity product strategy.
Ghost Mcp Server
Minimal MCP server for Ghost Security API - compatible with all MCP clients
Io.Github.SergioRico1/Thrd
Thrd MCP: agent email tools for events/threads, safe send/reply, usage, trust and security.
Transform Claude Code into a full development team. 11 specialized agents (Architect, Engineer, QA, Security, UX, DevOps, and more), persistent memory across sessions, and 25,000+ on-demand skills. Works immediately for solo devs—customizable with your team's standards, methodologies, and proprietary knowledge.
Validate and fix YAML frontmatter in markdown documentation
Promptrejectormcp
Security gateway for AI agents: detects prompt injections, jailbreaks, and common vulnerabilities.
convex-doctor
Run convex-doctor static analysis, interpret findings, and fix issues across security, performance, correctness, schema, and architecture categories. Use when running convex-doctor, fixing convex-doctor warnings or errors, improving the convex-doctor score, or when asked about Convex code quality, static analysis, or linting Convex functions.
agents-consilium
Query external AI agents (Codex, Gemini, OpenCode, Claude Code headless) in parallel for independent second opinions, code review, bug investigation, and consensus on high-stakes decisions. Agents and models are configurable in config.json. Use for architecture choices, security review, or ambiguous problems where independent perspectives matter. Not for simple questions answerable from docs or the codebase â use web search or repo exploration instead.
Bright Security
AI-powered application security testing — scan APIs, discover endpoints, and find vulnerabilities.
analysing-attack
Analyse Mitre ATT&CK tactics, techniques and sub-techniques. Use when performing analysis of threat detections, threat models, security risks or cyber threat intelligence
code-hygiene
Codebase health analysis: dead code, test quality, duplicates, complexity, security, architecture mapping. Tool-first, structured storage, forge integration.
Think Mcp
Intent security pre-flight checks for autonomous AI agents.
Io.Github.Ansvar Systems/Security Controls
1,451 security controls across 261 frameworks with bidirectional mapping
Egnyte Remote
Secure integration between AI tools and Egnyte content with search, analysis, and workflow tools.
ccs-delegation
Auto-activate CCS CLI delegation for deterministic tasks. Parses user input, auto-selects optimal profile (glm/kimi/custom) from ~/.ccs/config.json, enhances prompts with context, executes via `ccs {profile} -p "task"` or `ccs {profile}:continue`, and reports results. Triggers on "use ccs [task]" patterns, typo/test/refactor keywords. Excludes complex architecture, security-critical code, performance optimization, breaking changes.
MCP OpenClaw Extensions
138-tool MCP server for AI agent firms: security, A2A, Hebbian memory, fleet mgmt