Home · 首页/Categories · 品类榜/Security Audit

Category ranking· 品类排行

The best AI skills for security audit做安全审计最好用的

Skills that review risky code, API surfaces, permissions, and security-sensitive workflows.审查高风险代码、API 暴露面、权限边界和安全敏感工作流的 skill。

Editor rank · 编辑排名 Stars · 星标数 Updated · 最近更新

All Claude Code Codex Cursor Cline OpenClaw Hermes Anthropic Skills MCP Generic

All Low Medium

Editor's picks编辑精选榜单

2026-05-16 last re-ranked · 上次重排

#1Gold · 金

api-security-testing

★ Editor's Choice· 编辑首选

by Ed1s0nZ·updated 3w ago

API安全测试的专业技能和方法论

“

API安全测试的专业技能和方法论

Claude CodeCodexMedium risk · 中风险$

—

rating · 评分

3.7k

stars · 星标

View看详情 →

#2Silver · 银

aig-scanner

★ Runner-up· 次选

by Tencent·updated 3w ago

A.I.G Scanner — AI security scanning for infrastructure, AI tools / skills, AI Agents, and LLM jailbreak evaluation via

“

A.I.G Scanner — AI security scanning for infrastructure, AI tools / skills, AI Agents, and LLM jailbreak evaluation via Tencent Zhuque Lab AI-Infra-Guard. Uses built-in exec + Python script, no plugin required. Requires AIGBASEURL to be configured. Triggers on: scan AI service, AI vulnerability scan, scan AI infra, check CVE, audit AI service, scan MCP, scan skills, audit AI tools, scan agent, red-team LLM, jailbreak test, 扫描AI服务, 检查AI漏洞, 扫描AI工具, 检查MCP安全, 审计Agent, 越狱测试.

Claude CodeCodexMedium risk · 中风险$

—

rating · 评分

3.6k

stars · 星标

View看详情 →

#3Bronze · 铜

wooyun-legacy

★ Pair with #1· 推荐配套

by tanweai·updated 3w ago

WooYun business logic vulnerability methodology — 22,132 real cases across 6 domains (authentication bypass, authorizati

“

WooYun business logic vulnerability methodology — 22,132 real cases across 6 domains (authentication bypass, authorization bypass, payment tampering, information disclosure, logic flaws, misconfiguration) and 33 vulnerability classes. Use for ANY security testing, auditing, or code review of web apps, APIs, or business systems — even without explicit "security" keywords. Triggers: penetration testing, security audit, vulnerability, bug bounty, payment security, IDOR, password reset, weak credentials, unauthorized access, race condition, parameter tampering, code review, 渗透测试, 安全审计, 漏洞挖掘, 支付安全, 越权, 逻辑漏洞, 业务安全, SRC, 代码审计. Also triggers on implicit intent: "test this endpoint", "find bugs", "can I bypass this", "帮我测测这个接口", "这个参数能不能改", "帮我找bug".

Claude CodeCodexLow risk · 低风险$

—

rating · 评分

1.6k

stars · 星标

View看详情 →

soc2 compliance

by alirezarezvani·updated 2w ago

../../../ra-qm-team/skills/soc2-compliance/SKILL.md

“

../../../ra-qm-team/skills/soc2-compliance/SKILL.md

Claude CodeMedium risk · 中风险$

—

rating · 评分

14k

stars · 星标

View看详情 →

threat detection

by alirezarezvani·updated 2w ago

../../../engineering-team/skills/threat-detection/SKILL.md

“

../../../engineering-team/skills/threat-detection/SKILL.md

Claude CodeMedium risk · 中风险$

—

rating · 评分

14k

stars · 星标

View看详情 →

soc2 compliance

by alirezarezvani·updated 2w ago

Use when the user asks to prepare for SOC 2 audits, map Trust Service Criteria, build control matrices, collect audit e…

“

Use when the user asks to prepare for SOC 2 audits, map Trust Service Criteria, build control matrices, collect audit evidence, perform gap analysis, or assess SOC 2 Type I vs Type II readiness.

Claude CodeMedium risk · 中风险$

—

rating · 评分

14k

stars · 星标

View看详情 →

risk management specialist

by alirezarezvani·updated 2w ago

Medical device risk management specialist implementing ISO 14971 throughout product lifecycle. Provides risk analysis,…

“

Medical device risk management specialist implementing ISO 14971 throughout product lifecycle. Provides risk analysis, risk evaluation, risk control, and post-production information analysis. Use when user mentions risk management, ISO 14971, risk analysis, FMEA, fault tree anal…

Claude CodeMedium risk · 中风险$

—

rating · 评分

14k

stars · 星标

View看详情 →

risk management specialist

by alirezarezvani·updated 2w ago

../../../ra-qm-team/skills/risk-management-specialist/SKILL.md

“

../../../ra-qm-team/skills/risk-management-specialist/SKILL.md

Claude CodeMedium risk · 中风险$

—

rating · 评分

14k

stars · 星标

View看详情 →

insecure defaults

by trailofbits·updated 2w ago

Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecure…

“

Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.

Claude CodeMedium risk · 中风险$

—

rating · 评分

5.1k

stars · 星标

View看详情 →

#10

spec to code compliance

by trailofbits·updated 2w ago

Verifies code implements exactly what documentation specifies for blockchain audits. Use when comparing code against wh…

“

Verifies code implements exactly what documentation specifies for blockchain audits. Use when comparing code against whitepapers, finding gaps between specs and implementation, or performing compliance checks for protocol implementations.

Claude CodeMedium risk · 中风险$

—

rating · 评分

5.1k

stars · 星标

View看详情 →

Why we didn't pick these为什么没选这些

Also common, but didn't make the picks同样常见，但未入精选

supply chain risk auditor
Workflows that require stronger human review than this catalog entry documents.
需要比当前目录条目更严格人工复核的工作流。
tsa risk
Workflows that require stronger human review than this catalog entry documents.
需要比当前目录条目更严格人工复核的工作流。
tsa risk
Workflows that require stronger human review than this catalog entry documents.
需要比当前目录条目更严格人工复核的工作流。

Didn't find what you need?没看到合适的 skill？

Tell us your pain points and we'll go look.把你的痛点告诉我们，我们会去找。

Compare top 3对比 Top 3 →Request a skill提交需求 →