> browse/registry

> security-ownership-map

Analyze git repositories to build a security ownership topology (people-to-file), compute bus factor and sensitive-code ownership, and export CSV/JSON for graph databases and visualization. Trigger only when the user explicitly wants a security-oriented ownership or bus-factor analysis grounded in git history (for example: orphaned sensitive code, security maintainers, CODEOWNERS reality checks for risk, sensitive hotspots, or ownership clusters). Do not trigger for general maintainer lists or n

> security-threat-model

Repository-grounded threat modeling that enumerates trust boundaries, assets, attacker capabilities, abuse paths, and mitigations, and writes a concise Markdown threat model. Trigger only when the user explicitly asks to threat model a codebase or path, enumerate threats/abuse paths, or perform AppSec threat modeling. Do not trigger for general architecture summaries, code review, or non-security design work.

> security-best-practices

Perform language and framework specific security best-practice reviews and suggest improvements. Trigger only when the user explicitly requests security best practices guidance, a security review/report, or secure-by-default coding help. Trigger only for supported languages (python, javascript/typescript, go). Do not trigger for general code review, debugging, or non-security tasks.

> grc-messaging-guardrails

Validates compliance, security, and GRC terminology in marketing copy. Enforces accurate claims, prevents common mistakes (e.g., calling SOC 2 a "certification"), and applies risk-first narrative framing for B2B SaaS audiences. Use when writing or reviewing any marketing content that references compliance frameworks, security standards, regulatory requirements, or audit processes. Also use when creating ads, landing pages, emails, case studies, or sales collateral for GRC/cybersecurity B2B SaaS

> owasp-zap

Assists with finding security vulnerabilities in web applications using OWASP ZAP. Use when configuring automated scans, writing scan policies, integrating security scanning into CI/CD pipelines, or analyzing results for OWASP Top 10 vulnerabilities like XSS, SQL injection, and CSRF. Trigger words: owasp zap, security scan, vulnerability scanner, penetration testing, zap-baseline, active scan, passive scan.

> pentagi

Run AI-powered penetration testing with PentAGI. Use when a user asks to automate security testing, set up autonomous pentesting, deploy an AI-driven vulnerability scanner, build a self-hosted security testing platform, or conduct penetration tests with LLM-powered agents.

> burp-suite

Test web application security with Burp Suite. Use when a user asks to intercept HTTP traffic, test for web vulnerabilities, fuzz API endpoints, analyze authentication flows, or perform manual web application pentesting.

> aws-ec2

Launch and manage Amazon EC2 instances for scalable compute. Configure AMIs, security groups, key pairs, and EBS volumes. Set up auto-scaling groups for high availability and cost optimization across availability zones.

> gcp-firestore

Build real-time applications with Google Cloud Firestore. Model data with collections and documents, execute queries with composite indexes, set up real-time listeners for live updates, enable offline persistence, and write security rules for client-side access control.

> gobuster

Brute force directories, files, DNS subdomains, and virtual hosts with Gobuster. Use when a user asks to discover hidden endpoints, enumerate subdomains, find backup files, or perform web content discovery during penetration testing.

> metasploit

Exploit vulnerabilities with Metasploit Framework. Use when a user asks to exploit known CVEs, generate payloads, perform post-exploitation, pivot through networks, or build exploit chains in penetration tests.

> trivy

Scan containers, filesystems, and repos for vulnerabilities with Trivy. Use when a user asks to scan Docker images for CVEs, audit filesystem for secrets, check IaC for misconfigurations, or add security scanning to CI.

> falco

Expert guidance for Falco, the CNCF runtime security tool that detects anomalous behavior in containers and Kubernetes clusters using system call monitoring. Helps developers set up Falco for detecting shell spawns in containers, unexpected network connections, file access violations, and privilege escalation — all in real-time with zero application changes.

> database-schema-designer

Designs database schemas with proper normalization, indexing, constraints, and tenant isolation patterns. Use when someone needs to create a new database schema, add multi-tenant support, design row-level security policies, or optimize table structures. Trigger words: database schema, table design, RLS, row-level security, foreign keys, indexes, migrations, ERD, data model, normalization.

> spring-boot

Spring Boot is a Java framework that simplifies building production-ready applications. It provides auto-configuration, embedded servers, and opinionated defaults for REST APIs, data access with JPA, security, and monitoring via Actuator.

> grype

Expert guidance for Grype, the open-source vulnerability scanner by Anchore that finds known vulnerabilities (CVEs) in container images, filesystems, and SBOMs. Helps developers integrate Grype into CI/CD pipelines, triage findings, and combine it with Syft for SBOM generation.

> dns-record-analyzer

Audits and troubleshoots DNS records for domains including A, AAAA, CNAME, MX, TXT, SPF, DKIM, DMARC, CAA, and NS records. Use when someone needs to verify DNS configuration, debug DNS propagation issues, check email authentication records, or audit domain security. Trigger words: DNS records, dig, nslookup, SPF, DKIM, DMARC, MX records, DNS propagation, nameservers, CAA, domain configuration.

> snyk

Find and fix vulnerabilities in code and dependencies with Snyk. Use when a user asks to scan for security vulnerabilities, audit npm packages, check Docker images for CVEs, or integrate security into CI/CD.

> dependency-updater

Audit project dependencies for outdated packages, security vulnerabilities, and breaking changes. Use when someone asks to "check for outdated packages", "audit dependencies", "find vulnerable dependencies", "plan dependency upgrades", "detect breaking changes", or "update npm packages safely". Analyzes package.json/lock files, cross-references changelogs, and produces ordered upgrade plans.

> webhook-security

Secure webhook endpoints. Use when a user asks to verify webhook signatures, prevent replay attacks, handle webhook retries, or implement secure webhook receivers for Stripe, GitHub, Slack, or any provider.