Io.Github.Inkog Io/Inkog
Scan AI agents for security vulnerabilities. Audit MCP servers before installation.
narsil
Use narsil-mcp code intelligence tools effectively. Use when searching code, finding symbols, analyzing call graphs, scanning for security vulnerabilities, exploring dependencies, or performing static analysis on indexed repositories.
rails-audit-thoughtbot
Perform comprehensive code audits of Ruby on Rails applications based on thoughtbot best practices. Use this skill when the user requests a code audit, code review, quality assessment, or analysis of a Rails application. The skill analyzes the entire codebase focusing on testing practices (RSpec), security vulnerabilities, code design (skinny controllers, domain models, PORO with ActiveModel), Rails conventions, database optimization, and Ruby best practices. Outputs a detailed markdown audit report grouped by category (Testing, Security, Models, Controllers, Code Design, Views) with severity levels (Critical, High, Medium, Low) within each category.
SBOMApp - SBOM Generator & Vulnerability Scanner
Generate SBOMs, scan vulnerabilities, and analyze dependencies from local projects or Git repos.
solodit
Search Solodit for similar smart contract security findings. Use when reviewing vulnerabilities, comparing to known issues, or researching prior art from real audits.
Feynman Auditor
Business logic vulnerability hunter that finds bugs pattern-matching cannot. Uses the Feynman technique: if you cannot explain WHY a line exists, you do not understand the code â and where understanding breaks down, bugs hide.
Io.Github.VulnersCom/Vulners Mcp
MCP server for the Vulners.com API
api-security
API security best practices and common vulnerability prevention. Enforces security checks for authentication, input validation, SQL injection, XSS, and OWASP Top 10 vulnerabilities. Use when building or modifying APIs.
write-check-v2
Write security checks using the CheckDefinitionV2 system. Use when creating new checks, converting V1 checks to V2, or when the user asks to implement a vulnerability scanner check. Covers defineCheckV2, defineRegexCheck, CheckContext API, parameter injection, testing with testCheck/mockTarget, and registration.
Npm Plus
npm MCP — search packages, bundle sizes, vulnerabilities, compare downloads.
Promptrejectormcp
Security gateway for AI agents: detects prompt injections, jailbreaks, and common vulnerabilities.
Bright Security
AI-powered application security testing — scan APIs, discover endpoints, and find vulnerabilities.
Zenable
Zenable cleans up sloppy AI code and prevents vulnerabilities with deterministic guardrails
SecurityScan
Scan GitHub-hosted AI skills for vulnerabilities: prompt injection, malware, OWASP LLM Top 10.
Operant Mcp
Security testing MCP server for penetration testing, forensics, and vulnerability assessment
fix-dependabot-alerts
Fix Dependabot security alerts by updating vulnerable npm dependencies. Use when the user mentions "dependabot", "security alerts", "vulnerability", "CVE", or wants to update packages with security issues.
dep-check
Use when the user wants to check dependencies, find outdated packages, or audit for vulnerabilities.
Mcp Server Security Audit
Scan websites for security vulnerabilities, headers, TLS, and email security.
Io.Github.Lordbasilaiassistant Sudo/Contract Scanner
Smart contract security scanner — vulnerabilities, risk scores, and calldata decoding
Io.Github.FinishKit/Mcp
FinishKit MCP: scan GitHub repos for security vulnerabilities, deployment blockers, and quality
ipsw
Apple firmware and binary reverse engineering with the ipsw CLI tool. Use when analyzing iOS/macOS binaries, disassembling functions in dyld_shared_cache, dumping Objective-C headers from private frameworks, downloading IPSWs or kernelcaches, extracting entitlements, analyzing Mach-O files, or researching Apple security. Triggers on requests involving Apple RE, iOS internals, kernel analysis, KEXT extraction, or vulnerability research on Apple platforms.
Io.Github.Dynatrace Oss/Dynatrace Mcp
Access Dynatrace observability data: logs, metrics, problems, vulnerabilities via DQL and Davis AI
AI/ML Attack Surface
This skill should be used when the user asks about "AI security", "ML pipeline attacks", "prompt injection", "model deserialization", "unsafe model loading", "Jupyter injection", "LLM security", or needs to identify AI/ML-specific vulnerabilities in codebases that use machine learning frameworks.
owasp-security
Use when reviewing code for security vulnerabilities, implementing authentication/authorization, handling user input, or discussing web application security. Covers OWASP Top 10:2025, ASVS 5.0, and Agentic AI security (2026).
dep-audit
Audit and fix dependency vulnerabilities in Go and Node.js packages. Runs govulncheck for Go and npm audit for each package.json directory. Commits fixes directory by directory.
Dependency Security Audit
Scan all project dependencies for known security vulnerabilities.
Io.Github.Lordbasilaiassistant Sudo/Base Security Scanner Mcp
MCP server to scan smart contracts on Base for honeypots, rug pulls, and vulnerabilities.
Exploit Intelligence Platform — CVE, Vulnerability and Exploit Database
Real-time CVE, exploit, and vulnerability intelligence for AI assistants (350K+ CVEs, 115K+ PoCs)
security-audit-rlm
Run and troubleshoot privacy-preserving, local DSPy RLM security audits for large legacy .NET codebases. Use when asked to scan repositories for vulnerabilities, tune RLM/tool limits, fix truncation/stall issues, or produce actionable markdown/json audit outputs without loading entire codebases into model context.
Io.Github.Bajuzjefe/Aikido Mcp
Security analysis for Aiken smart contracts on Cardano. 75 vulnerability detectors.
Cargo Audit Triage
This skill should be used when the user asks to "run cargo audit", "triage cargo audit", "fix audit vulnerabilities", "update audit.toml", "check cargo audit ignores", "clean up audit ignore list", "review audit.toml", "remove stale audit ignores", or mentions resolving Rust security advisories or RUSTSEC identifiers. Provides a systematic workflow for analyzing each vulnerability, attempting updates, and writing motivated ignore entries when updates are not possible.
code-analysis
Code review and debugging assistant. Identifies bugs, performance issues, security vulnerabilities, and suggests optimizations.
vuln-scan
Run a repository vulnerability audit with lint, tests, and govulncheck. Use this when asked for security scanning or CVE triage in this repo.
skill-security-auditor
Security auditing for code, configs, and infrastructure. Use when the user wants to audit or improve security: scan for vulnerabilities (SQL injection, XSS, command injection, path traversal), detect hardcoded secrets and credentials, review auth and authorization, check dependencies for known CVEs, audit config files for insecure defaults, or generate security reports. Trigger on "security audit", "vulnerability scan", "code review for security", "find secrets", "check for vulnerabilities", "OWASP", "CVE", or questions about code security.
Synapse Audit
AI-Powered Security Scanner for LLMs. Detects vulnerabilities and syncs with SynapseAudit.
mcp-security-scan
Scans MCP servers, tools, prompts, and resources for security vulnerabilities using YARA rules, LLM analysis, and Cisco AI Defense API. Use this skill when the user wants to check MCP servers for security issues, detect prompt injection, tool poisoning, or analyze MCP configurations for threats.
Security Code Review
Identify security vulnerabilities and suggest secure coding practices
security-scanning-security-sast
Static Application Security Testing (SAST) for code vulnerability analysis across multiple languages and frameworks
offensive-business-logic
Business logic vulnerability testing for web/mobile/API engagements. Covers workflow bypass, state machine violations, multi-step process abuse, price/quantity/discount manipulation, currency confusion, coupon stacking, refund/chargeback abuse, race conditions on logic boundaries, parameter tampering for hidden flows, role/tenant boundary violations, time-of-check vs use, anti-automation defeat, fraud-detection evasion, and subscription/quota abuse. Use when scoping an application after surface-level OWASP Top 10 has been covered, or when the asset is a transactional/marketplace/fintech/e-commerce/SaaS app where logic flaws produce direct financial impact.
bump-transitive-dependency
Bump a transitive dependency to a patched version using pnpm. Use when Dependabot reports a security vulnerability in a transitive dependency and cannot auto-update it, or when the user mentions bumping, upgrading, or patching a transitive dependency.
Fetter MCP
Real-time Python package and vulnerability data for AI coding agents.
audit-dependencies
Use when fixing dependency vulnerabilities, running pnpm audit, or when the audit-dependencies CI check fails
Agent Security Scanner Mcp
Security layer for AI agents: blocks prompt injection, detects fake packages, scans vulnerabilities.
MCP Fortress
Security scanner for MCP servers. Detect vulnerabilities, prompt injection, and tool poisoning.
Startup Competitors
Deep competitive intelligence that goes beyond surface-level profiles. Produces actionable battle cards, pricing landscape analysis, and strategic vulnerability mapping using real web data.