Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.

MS17-010 (EternalBlue) is a critical vulnerability in Microsoft's SMBv1 implementation that allows remote code

Vulnerability remediation SLAs define mandatory timeframes for patching or mitigating identified vulnerabilities

This is the **deepsafe-scan** security scanner for AI agent environments.

dependency-vulnerability-checker

xss-vulnerability-scanner

network-security-scanner

vulnerability-report-generator

OWASP Top 10 for LLM Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in large language model systems - Brought to you by microsoft/hve-core.

OWASP Agentic Security Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in AI agent systems - Brought to you by microsoft/hve-core.

OWASP Top 10 for Web Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in web application environments - Brought to you by microsoft/hve-core.

Symbolic execution analysis using Mythril for deep vulnerability detection in smart contracts. Supports configurable transaction depth, timeout settings, and proof-of-concept exploit generation.

Develop comprehensive risk management plans for collections and cultural venues including disaster preparedness, security protocols, and insurance coordination

Integration with security-focused static analysis tools

Scan .claude/ directory for security misconfigurations, exposed secrets, unsafe permissions

Systematic false positive verification for security findings. Provides structured methodology to confirm or dismiss scanner results, manual audit findings, and automated alerts. Adapted from Trail of Bits. Use when triaging security scan results or verifying audit findings.

Ghost Security — combined security report. Aggregates findings from all scan skills (scan-deps, scan-secrets, scan-code) into a single prioritized report focused on the highest risk, highest confidence issues. Use when the user requests a security overview, vulnerability summary, full security audit, or combined scan results.

>

Check code against security compliance standards and best practices.

Security audits, vulnerability analysis, and security best practices enforcement

Эксперт по политикам бэкапов. Используй для стратегий резервного копирования, retention rules и disaster recovery.

Execute systematic buffer overflow vulnerability discovery and exploitation against Windows applications to achieve remote code execution. This skill enables comprehensive fuzzing to identify crashes,

Automatically discover security skills when working with authentication, authorization, input validation, security headers, vulnerability assessment, or secrets management. Activates for application security, OWASP, and security hardening tasks.

Convert vulnerability reports into actionable patch plans.

Android APK decompiler that converts DEX bytecode to readable Java source code. Use when you need to decompile APK files, analyze app logic, search for vulnerabilities, find hardcoded credentials, or understand app behavior through readable source code.

Master smart contract security best practices, vulnerability prevention, and secure Solidity development patterns.

Open source security audit for OpenClaw agents. 72 checks, verified findings, OWASP-mapped, community-maintained.

<!--