Skills
The open registry for AI agent skills — structured prompts and workflows with recommended models, example prompts, and compatible tools.
Skills
6
Categories
9
Compatible tools
5
Contributors
1
Showing 1–6 of 6 skills
Decodes and reviews JSON Web Tokens and their surrounding auth flow for correctness and security. Explains header and claims, checks algorithm and key handling, validates expiration and audience/issuer claims, and flags common pitfalls such as the alg:none attack, weak secrets, missing validation, and over-long token lifetimes. Never treats token contents as trusted secrets to echo back.
Generates and validates Software Bills of Materials in CycloneDX or SPDX formats. Covers dependency inventory, transitive resolution, license and vulnerability annotation, VEX statements, container image SBOMs, and CI integration for supply-chain compliance. Helps teams meet regulatory requirements and track what is actually shipped.
Scans code, configuration, and git history for leaked credentials such as API keys, tokens, private keys, and connection strings. Classifies findings by severity and false-positive likelihood, and provides safe remediation steps including rotation, history scrubbing, and pre-commit prevention.
Configures HTTP security headers to harden web applications. Covers Content-Security-Policy (including nonces and strict-dynamic), HSTS, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP/COEP/CORP, and cookie flags. Produces server/CDN configuration, explains tradeoffs, and provides a rollout plan using report-only mode to avoid breakage.
Detects and redacts personally identifiable information (PII) and sensitive data from text, logs, and structured datasets. Recommends anonymization techniques such as masking, tokenization, pseudonymization, k-anonymity, and differential privacy, and generates reusable redaction code while preserving analytical utility and referential integrity.
Audits project dependencies for security vulnerabilities, license compliance, maintenance status, and bundle size impact. Identifies outdated packages, suggests alternatives for abandoned libraries, and flags risky transitive dependencies.
Skills vs MCP servers
what's the difference?Skillsthe “what to do”
A skillA reusable, structured prompt/workflow with recommended models, an example prompt, and compatible tools. packages know-how — instructions, an example promptA ready-to-use prompt template that demonstrates how to invoke the skill., and recommended models — so an agent performs a task consistently. Skills add knowledge, not new connections.
MCP serversthe “how to connect”
An MCP serverModel Context Protocol server — a standard way to expose tools, resources, and prompts to AI agents and IDEs. gives an agent new capabilities by connecting it to real systems (databases, APIs, files) over a transportHow the client talks to the server: stdio (local process), SSE, or HTTP streaming.. MCP adds connections and actions, not task instructions.
Rule of thumb: reach for a skill when you need the model to do a task well, and an MCP server when you need it to reach a tool or system. They compose — a skill can rely on tools an MCP server provides.
Built a useful skill?
Submit a SKILL.md — it's open source and community-maintained.