By role

Top Skills for Security

Audit, threat modeling, vuln scanning, compliance — defensive and offensive.

7 skills indexed · ranked by composite score

Top 6 Security skills

  1. 1.agent-email-inboxGive an agent a webhook-driven inbox with the sender-allowlist and content-filtering patterns that block prompt injection from inbound email.
  2. 2.workosFull-stack WorkOS implementation with auth provider migration paths.
  3. 3.security-reviewPre-merge security sweep on the current branch's diff.
  4. 4.trail-of-bitsSecurity audits run by a real security firm. CodeQL + Semgrep + audit workflows.
  5. 5.k8s-security-policiesKubernetes hardening by the book. NetworkPolicies, RBAC, OPA, service mesh.
  6. 6.shannonReal exploits, no false positives. 96.15% exploit success across 50+ vuln types.

About Security

Security vertical Skills are the toolkit for security engineers, AppSec leads, and platform teams whose job is to keep the surface defensible — threat modeling, audit, vulnerability scanning, compliance documentation, incident response, secure-code review. The category overlaps the primary security-auditing group but is organized by role and includes governance and compliance work.

The common workflows include running a structured pre-merge security review, building a STRIDE threat model from an architecture diagram, auditing a Kubernetes cluster for hardening gaps, generating a SOC 2 or ISO 27001 evidence trail, responding to a security incident with proper triage and communication, and writing customer-facing security documentation. Several pair with Snyk, GitHub Advanced Security, AWS, and PagerDuty MCPs for live scanner and alert data.

Security engineers, AppSec leads, CTOs, compliance leads, and DevSecOps teams use these Skills. Composite scoring weights provenance (Trail of Bits, GitHub Security Lab, well-known security orgs), install count, and how clearly the Skill documents the threat model — vague Skills rank below those that name the specific attack surface they cover.

Ranked by score

Best Security Skills

Skills with strong fit for security workflows.

Give an agent a webhook-driven inbox with the sender-allowlist and content-filtering patterns that block prompt injection from inbound email.

Inbound EmailAgent SecurityWebhooks
Code

Full-stack WorkOS implementation with auth provider migration paths.

WorkOSAuthSSO
Code

Pre-merge security sweep on the current branch's diff.

SecurityReviewOWASP
Code

Security audits run by a real security firm. CodeQL + Semgrep + audit workflows.

CodeQLSemgrepAudit
Code

Kubernetes hardening by the book. NetworkPolicies, RBAC, OPA, service mesh.

KubernetesRBACOPA
Code

Real exploits, no false positives. 96.15% exploit success across 50+ vuln types.

PentestExploitationAction-taking
Code

ffuf web fuzzing for authorized pentests. Common modes, payloads, and gotchas.

ffufPentestFuzzing
Code

FAQ

Frequently asked

Are offensive-security Skills listed?

We rank Skills for defensive security, authorized pentesting, CTF, and security research. Destructive techniques, mass-targeting, supply-chain compromise and detection evasion are out of scope.

Do these Skills cover compliance evidence?

Yes — several Skills generate the evidence artifacts that SOC 2 / ISO 27001 / HIPAA audits require, mapping controls to existing system behaviors.

Can a Skill replace a real security audit?

No — they catch mechanical issues. Real audits cover architecture, key management, business logic and threat-model accuracy that no Skill can model.

Are incident-response Skills useful?

Yes — they walk through triage, severity assessment, status communication, and the blameless postmortem template. They work best paired with PagerDuty MCP for alert context.

How do threat-modeling Skills work?

They take an architecture diagram or system description and produce a STRIDE or LINDDUN model. The output is a starting point; real threat models need iteration with the engineering team.

Other categories

Browse other roles