Directory
Discover and filter AI agent skills. 27,776 active skills available.
Popular guides from the directory
Start with intent-focused guides, then come back to the full directory when you need broader coverage.
category guide
AI Agents for Marketing
Discover AI agents for marketing workflows, from SEO and content production to campaign research, outreach, and analytics.
category guide
AI Agents for Startups
Explore AI agent skills for startup validation, product research, growth experiments, documentation, and fast execution with small teams.
category guide
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
best guide
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
best guide
Top AI Agents for Productivity
See the top AI agent skills for productivity, workflow automation, operational systems, documentation, and everyday task execution.
category guide
AI Agents for Freelancers
Browse AI agent skills for freelancers handling client research, proposals, outreach, delivery systems, documentation, and repeatable admin work.
Results
Secret Scanning
This skill should be used when the user asks about "secret scanning", "find secrets", "hardcoded credentials", "leaked API keys", "git history secrets", "credential scanning", "detect passwords in code", or needs to identify secrets and credentials in source code or git history during whitebox security review.
Sandbox Escapes
This skill should be used when the user asks about "sandbox escape", "vm escape", "template injection to RCE", "SSTI exploitation", "vm2 bypass", "restricted execution bypass", "sandbox breakout", or needs to identify sandbox escape and template engine exploitation techniques during whitebox security review.
postmessage-xss
Detect postMessage handlers that trust unvalidated origins or write attacker-controlled data to dangerous DOM sinks.
OWASP API Security Top 10
This skill should be used when the user asks about "API security", "OWASP API Top 10", "BOLA", "broken object level authorization", "API authentication", "mass assignment", "GraphQL security", "gRPC security", "rate limiting", "API abuse", "REST API vulnerabilities", or needs to identify API-specific security issues during whitebox security review.
OWASP Category Mapping
Use this skill when the user asks for OWASP Top 10 mapping, CWE alignment, or standards-oriented reporting. The directory name stays `owasp-2025` for backward compatibility, but external reports should use official OWASP Top 10 names.
nextjs-react
This skill should be used when the user asks about "Next.js security", "React security", "Server Components", "Server Actions", "Route Handlers", "RSC vulnerabilities", "SSR security", or needs comprehensive Next.js/React security analysis during whitebox security review.
Mobile Payment Tokenization Patterns
Use this skill when reviewing mobile code that handles card data, payment tokenization, or third-party payment SDK integrations (Braintree, Stripe, Adyen, Google Pay, Apple Pay, FirstData-style iframe encryptors). The skill catalogues the high-signal attack patterns vuln-scout detects in mobile payment flows — server-controlled tokenization URLs, JavaScript-injection-into-WebView card-data exfiltration, JS-bridge token construction, and payment scope mismatches — and maps each to the detector that fires.
Mobile iOS Whitebox Audit
Use this skill when the user is auditing an iOS application — directory contains `.ipa`, `Info.plist`, `*.swift`, `*.m`, `*.mm`, or an `xcodeproj`. Also activates when the conversation mentions WKWebView, NSURLSession, Keychain, App Transport Security, or any `com.apple.*` / `bundleidentifier`-style iOS package name.
Logging Failures
This skill should be used when the user asks about "logging failures", "log injection", "insufficient logging", "audit logging", "security logging", "CWE-117", or needs to find logging-related vulnerabilities during whitebox security review.
framework-patterns
This skill should be used when the user asks about "framework vulnerabilities", "Next.js security", "Flask security", "Django security", "Rails security", "Spring security", "GraphQL security", "Server Actions", "render_template_string", "SSTI patterns", "redirect SSRF", "mass assignment", "actuator exposure", "SpEL injection", "introspection", or needs to identify framework-specific vulnerability patterns during whitebox security review.
Exploit Techniques
This skill should be used when the user asks to "write an exploit", "create PoC", "develop proof of concept", "exploit script", "automate exploitation", "build exploit", or needs guidance on developing working exploits during whitebox security review.
Exception Handling Vulnerabilities
This skill should be used when the user asks about "XXE", "XML External Entity", "error handling", "exception disclosure", "stack trace exposure", "improper error handling", or needs to find exception-related vulnerabilities during whitebox security review.
Data Flow Tracing
This skill should be used when the user asks to "trace data flow", "follow user input", "source to sink analysis", "track variable", "find input sources", "taint analysis", or needs to understand how user-controlled data flows through an application during whitebox security review.
Dangerous Functions
This skill should be used when the user asks about "dangerous functions", "security sinks", "what functions are dangerous in PHP/Java/Python", "find vulnerable functions", "code execution functions", "command injection sinks", "SQL injection functions", or needs to identify security-sensitive functions in source code during whitebox security review.
Cryptographic Failures
This skill should be used when the user asks about "cryptographic failures", "weak encryption", "hardcoded secrets", "insecure random", "MD5", "SHA1", "weak hashing", or needs to find crypto-related vulnerabilities during whitebox security review.
cross-component
This skill should be used when analyzing multi-service architectures, frontend-backend interactions, microservices, or when looking for vulnerabilities that span multiple components. Use when the user asks about "cross-component", "frontend to backend", "service interaction", "internal service access", or "multi-service vulnerabilities".
cpg-analysis
This skill should be used when the user asks about "Code Property Graph", "CPG analysis", "Joern queries", "CPGQL", "data flow verification", "taint tracking with Joern", "semantic code analysis", or needs to understand how CPG-based verification works for vulnerability detection.
Compliance Mapping
This skill should be used when the user asks about "compliance mapping", "PCI-DSS", "HIPAA", "SOC 2", "NIST CSF", "regulatory requirements", "compliance report", or needs to map security findings to compliance framework requirements.
Cloud-Native Security
This skill should be used when the user asks about "cloud security", "AWS security", "GCP security", "Azure security", "Kubernetes security", "IMDS", "instance metadata", "S3 bucket policy", "IAM", "serverless security", "Lambda security", "container security", "cloud misconfiguration", "SSRF to cloud metadata", or needs to identify cloud-native security issues during whitebox security review.
Cache Poisoning
This skill should be used when the user asks about "cache poisoning", "web cache deception", "CDN cache", "proxy cache", "nginx cache", "varnish", "cache key manipulation", "response caching", or needs to find cache-related vulnerabilities during whitebox security review.
Business Logic Analysis
This skill should be used when the user asks about "business logic", "workflow vulnerability", "trust boundary", "state machine", "authorization bypass", "multi-step process", "workflow bypass", "application logic flaw", or needs to identify business logic vulnerabilities during whitebox security review.
AI/ML Attack Surface
This skill should be used when the user asks about "AI security", "ML pipeline attacks", "prompt injection", "model deserialization", "unsafe model loading", "Jupyter injection", "LLM security", or needs to identify AI/ML-specific vulnerabilities in codebases that use machine learning frameworks.
workflow
High-velocity solo development workflow. Idea to production same-day. 10 commands: plan, spike, ship, fix, review, spec-review, focus, done, drop, workflow. Auto-activates on: "plan", "spec", "ship", "spike", "fix", "debug", "repair", "spec-review", "review spec", "analyze spec", "challenge spec", "focus", "what should i do", "prioritize", "overwhelmed", "what should i work on", "done", "finish", "complete", "drop", "abandon", "workflow", "what's next", "whats next", "next step", "what now".
tmux
Complete tmux terminal multiplexer management: sessions, windows, panes, layouts, scripting, and configuration. Auto-activates on: "tmux", "session", "window", "pane", "split", "attach", "detach", "multiplexer".