Vibe Index
🎯

security-best-practices

🎯Skill

from aleister1102/skills

VibeIndex|
What it does

Provides actionable security recommendations and guidelines for identifying and mitigating potential vulnerabilities in software development and system design.

πŸ“¦

Part of

aleister1102/skills(54 items)

security-best-practices

Installation

πŸ“‹ No install commands found in docs. Showing default command. Check GitHub for actual instructions.
Quick InstallInstall with npx
npx skills add aleister1102/skills --skill security-best-practices
Need more details? View full documentation on GitHub β†’
2Installs
-
AddedFeb 4, 2026
View on GitHubBack to Skills

Skill Details

SKILL.md

Overview

# Custom Agent Skills

This repo stores personal agent skills. Each skill lives in its own folder with a SKILL.md describing when and how to use it; supporting scripts or references live alongside as needed. The skills are not necessarily tied to Codexβ€”they can be consumed by multiple agents, including codex, opencode, cursor, trae, kiro-cli, antigravity, and copilot (subject to future updates).

The [vercel/skills](https://github.com/vercel-labs/skills) toolkit can help you install or manage these packages across agents. When adding a skill, prefer copying the folder into your agent’s skill directory rather than symlinking itβ€”some agents (like Cursor) do not follow symlinks reliably.

Table of contents

  • Managing skills
  • Skill catalog
  • Updates

Managing skills

  • Add, remove, or update a skill by editing its directory; the agent loads only the skills whose triggers match each conversation.
  • Keep documentation focused on tooling cues (commands, scripts) and concise instructions that do not assume stable internal naming.

Skill catalog

Security and AppSec

  • active-directory-attacks/
  • api-fuzzing-for-bug-bounty/
  • codeql/
  • codeql-database-building/
  • ffuf-web-fuzzing/
  • firmware-analyst/
  • sarif-parsing/
  • security/
  • security-best-practices/
  • security-review/
  • security-threat-model/
  • semgrep/
  • semgrep-rule-creator/
  • vuln-analysis-expert/

LLM, Prompting, and MCP

  • mcp-builder/
  • prompt-optimizer/
  • promptfoo-evaluation/

Planning, Workflow, and Review

  • ask-questions-if-underspecified/
  • brainstorming/
  • code-reviewer/
  • commit-batching/
  • create-plan/
  • dispatching-parallel-agents/
  • docs-cleaner/
  • executing-plans/
  • gh-address-comments/
  • skill-creator/
  • skill-installer/
  • writing-plans/
  • writing-skills/

UI, Content, and Knowledge Bases

  • frontend-design/
  • i18n-expert/
  • obsidian-bases/
  • obsidian-markdown/
  • playwright/

Ecosystem and Architecture

  • tech-stack-evaluator/

Blockchain

  • blockchain-developer/

Updates

  • Revisit this README for high-level guidance only; rely on individual SKILL.md files for accurate, up-to-date details.

Steering documents (optional)

For projects that consume these skills and want consistent AI behavior, you can add project-specific steering documents. See the agents guidance for details and recommended files:

  • See [AGENTS.md](AGENTS.md) β€” look for the Optional: steering docs section describing .kiro/steering/ and front-matter usage.

Create a minimal set under .kiro/steering/ to influence assistant behavior (e.g., project-standards.md, git-workflow.md, development-environment.md).

More from this repository10

🎯
codeql-database-building🎯Skill

Builds comprehensive CodeQL security analysis databases for Go, Python, and JavaScript codebases in a single automated workflow.

🎯
commit-batching🎯Skill

Batches and commits multiple staged files with a single, auto-generated descriptive commit message based on the changes.

🎯
obsidian-markdown🎯Skill

Generates and edits Obsidian Flavored Markdown with wikilinks, embeds, callouts, and custom metadata.

🎯
promptfoo-evaluation🎯Skill

Validates and compares LLM outputs through structured Promptfoo evaluations, enabling automated testing and quality assessment across different models and prompts.

🎯
semgrep-rule-creator🎯Skill

Generates precise, testable Semgrep rules to detect security vulnerabilities and code patterns with comprehensive validation.

🎯
security🎯Skill

Conducts comprehensive security audits by scanning code for critical vulnerabilities, prioritizing high-impact risks with detailed exploit paths and remediation guidance.

🎯
skill-installer🎯Skill

Installs Codex skills from curated, experimental, or custom GitHub repositories with easy-to-use helper scripts.

🎯
docs-cleaner🎯Skill

Cleans and consolidates redundant documentation files, preserving all valuable content while dramatically reducing total document lines.

🎯
brainstorming🎯Skill

Collaboratively explores and refines project ideas through structured questioning, design exploration, and iterative validation.

🎯
prompt-optimizer🎯Skill

Optimizes prompts by analyzing and refining input to improve AI model performance and response quality.