bolt

SkillForge

返回首页
🛡

安全与合规

涵盖漏洞扫描、渗透测试、代码审计、依赖安全、OWASP、合规检查等

子分类:
18 个 Skill
Security Audit

audit-context-building

by @trailofbits

Trail of Bits security audit methodology. Line-by-line code analysis using First Principles, 5 Whys, and 5 Hows. Identifies invariants, assumptions, and cross-function flows before writing findings.

漏洞发现数+140%
512
4.9(289)
4.9K
Dependency SecurityFeatured

snyk-fix

by @snyk

Seven-phase security workflow: scan with Snyk, analyze findings, fix vulnerabilities, validate fixes. Handles both code and dependency vulnerabilities automatically.

高危漏洞-100%
40
4.8(678)
33
Secret Detection

secrets-gitleaks

by @AgentSecOps

Hardcoded secret detection using Gitleaks. Scans commit history, staged files, and working tree for API keys, tokens, passwords. Integrates with pre-commit hooks.

密钥泄露事件-100%
3次/年0次/年
4.8(389)
0
Agent SecurityFeatured

agent-scan

by @snyk

Security scanner for AI agent skills and MCP servers. Detects prompt injection, sensitive data handling, malicious payloads, and supply chain compromise in SKILL.md files.

恶意 Skill 检出率+100%
0%97%
4.8(512)
33
Static Analysis

static-analysis

by @trailofbits

Static analysis toolkit with CodeQL, Semgrep, and SARIF parsing for automated vulnerability detection across codebases.

漏洞检出率+135%
40%94%
4.8(328)
8.2K
TDD

ok-tdd

by @mxyhi

Enforce writing tests before implementation. RED-GREEN-REFACTOR cycle with anti-pattern detection and coverage enforcement.

测试覆盖率+207%
30%92%
4.8(0)
1
SAST

sast-semgrep

by @AgentSecOps

Static Application Security Testing using Semgrep. Automated vulnerability detection mapped to OWASP Top 10 and CWE standards with inline fix suggestions.

漏洞拦截率+213%
30%94%
4.7(423)
0
Supply Chain

supply-chain-auditor

by @trailofbits

Audit supply-chain threat landscape of project dependencies. Detects typosquatting, compromised packages, and known CVEs.

风险依赖发现0%
012
4.7(260)
6.5K
OWASP

owasp-security

by @agamm

OWASP Top 10:2025 and ASVS 5.0 with code review checklists and language-specific security quirks for Python, Node.js, Go, and Java.

合规覆盖率+163%
35%92%
4.7(224)
0
Defense in Depth

defense-in-depth

by @obra

Implement multi-layered testing and security best practices. Defense layers for validation, authorization, rate limiting, and error handling.

攻击面-80%
25个暴露点5个暴露点
4.7(368)
9.2K
YARA

yara-authoring

by @trailofbits

YARA detection rule authoring with linting, atom analysis, and best practices for malware detection and threat hunting.

规则精度+46%
65%95%
4.7(140)
3.5K
LLM Security

llm-security-testing

by @Eyadkelleh

AI/ML security testing covering prompt injection, bias detection, data leakage, adversarial resistance, and model extraction prevention.

AI 安全评分+193%
30/10088/100
4.6(168)
0
OWASP

secure-code-guardian

by @wshobson

OWASP Top 10 protection implementation throughout the development lifecycle with language-specific security patterns.

安全缺陷-92%
12个/版本1个/版本
4.6(192)
4.8K
QA

dogfood-testing

by @mxyhi

Systematic exploratory testing with screenshots, video recording, and reproducible evidence. Structured test sessions with bug tracking.

Bug 发现数+400%
3个/session15个/session
4.6(0)
1
AzureFeatured

azure-rbac

by @microsoft

Azure RBAC (Role-Based Access Control) management: role assignments, custom roles, and least-privilege enforcement.

过度授权数-92%
252
4.6(205)
102.8K
SOC2

security-compliance

by @davila7

Determines and implements compliance frameworks: SOC2, ISO 27001, HIPAA, HITRUST for different organization types.

合规准备时间-92%
907
4.5(168)
0

security-best-practices

by @supercent-io

security-best-practices from supercent-io/skills-template

0.0(0)
11.9K

audit

by @pbakaus

Audit — Security & Compliance skill for AI coding agents.

0.0(0)
11.0K