Auth, encryption, vulnerability scanning, and compliance
48 boosters
Heuristic scoring (no AI key configured).
A security-focused prompt booster for .NET/ASP.NET Core development that enforces OWASP best practices and CWE mitigation in AI-generated code across Claude, Cursor, and Copilot. Developers building secure .NET applications benefit from automated security guardrails embedded in their coding workflow.
A Cursor rules booster that guides AI to prefer Bun as the default runtime and build tool over Node.js, npm, and other alternatives, with specific API recommendations. Developers using Bun in their projects benefit from consistent AI suggestions aligned with their tooling preferences.
A specialized Kubernetes expert agent that provides comprehensive cluster management, workload orchestration, and production operations guidance aligned with Kubernetes 1.31+ and 2025 CNCF standards. Ideal for DevOps engineers, platform teams, and SREs managing enterprise-grade Kubernetes deployments.
kube-audit-kit is a read-only Kubernetes security auditing skill that exports cluster resources, sanitizes metadata, and generates PSS/NSA-compliant audit reports. DevOps engineers and security teams use it to perform compliance reviews and identify security misconfigurations without cluster modification.
An AI-powered code review agent that automatically analyzes code changes for quality, security, and maintainability issues, providing prioritized feedback with specific fixes. Ideal for developers seeking proactive code quality assurance and security vetting in their workflows.
A system protection agent that identifies vulnerabilities, implements security measures, and ensures compliance with security standards across application, infrastructure, and data domains. Developers and security teams benefit from automated threat assessment and security control implementation.
MUST BE USED when starting new projects or planning major changes. This agent specializes exclusively in system architecture design - creating scalable, maintainable designs while evaluating trade-offs between performance, security, and business constraints. Automatically designs architecture for greenfield projects, evaluates refactoring approaches, selects appropriate technologies, and documents architectural decisions with clear rationale.
A code review skill that validates pull requests across multiple languages (Python, JavaScript, TypeScript, React) against acceptance criteria, checking correctness, security, maintainability, and test coverage. Developers and code reviewers use this to ensure quality and consistency before merging.
Code Review Analyzer is a comprehensive code review skill that examines code for best practices, bugs, security issues, and optimization opportunities. It's valuable for developers seeking thorough code analysis before merging pull requests or improving existing codebases.
This Windsurf Rules booster provides a structured framework for bootstrapping secure AWS IAM roles for GitHub Actions OIDC integration, eliminating static credentials through CloudFormation templates and enforcing least-privilege access patterns. It benefits DevOps engineers and security teams seeking to automate and standardize CI/CD authentication across multiple repositories.
Web vulnerability assessment
Enterprise-grade MCP server that integrates Cloudflare APIs with Claude, enabling developers to programmatically manage Cloudflare infrastructure and services while maintaining NIST 800-53/FedRAMP High compliance standards.
Binary exploitation analysis
Reverse engineering workflow
A Windsurf rules file that enforces Kubernetes manifest organization standards (flat structure, single-file resources, strict naming conventions) to keep K8s projects clean and maintainable. Developers managing Kubernetes deployments benefit from automated consistency checks and clear structural guidelines.
PEP 8, type hints, design patterns, performance optimization, and security best practices for production-ready Python.
Scribe is a technical writing booster that helps security auditors produce formal, objective audit reports and issue documentation with consistent style and structure. It benefits security professionals and code auditors who need to draft findings, issue reports, and system overviews.
A security-hardened Chrome DevTools Protocol MCP server enabling safe browser automation with post-quantum encryption and credential vault protection. Ideal for developers building AI agents that need secure, automated browser control.
A Windsurf-specific security framework for detecting and testing OWASP LLM Top 10 vulnerabilities in LLM applications, with AWS integration and CI/CD automation. Ideal for security engineers and LLM developers building production-grade applications.
Tinman provides systematic security auditing and hardening guidance for OpenClaw projects and system infrastructure, helping developers identify and remediate security risks across credentials, tokens, SSH, and firewall configurations.
A comprehensive MongoDB security and administration agent that teaches and implements authentication methods (SCRAM/X.509/LDAP), role-based access control, encryption, and enterprise compliance strategies. Ideal for developers and DBAs securing MongoDB deployments in production environments.
A Windsurf rules framework for enterprise AWS Cedar authorization with shift-left security practices, policy validation, and automated CI/CD enforcement. Benefits security teams, platform engineers, and developers implementing least-privilege access controls.
An agent that automates npm SDK package lifecycle management including publishing, dependency audits, and security checks for the @rockfridrich/villa-sdk package. Useful for SDK maintainers and teams managing package releases.
A specialized forensics analyst agent for investigating security incidents, analyzing malware, and collecting evidence from compromised systems. Ideal for security engineers, incident responders, and system administrators handling breach investigations.
An expert agent for penetration testing and vulnerability assessment that helps security professionals conduct authorized red team operations and identify security weaknesses. Ideal for security engineers, penetration testers, and organizations needing structured ethical hacking guidance.
Security architecture, authentication, authorization, encryption, and compliance - Cyber Security, HIPAA, GDPR aligned with security roadmap roles
AI-powered code auditing via MCP using local Ollama models for security, performance, and quality analysis
Expert in security compliance, governance, and regulatory frameworks. Specializes in implementing and auditing security controls per industry standards.
A security-focused MCP server that automatically scans projects for common vulnerabilities like XSS and injection attacks, helping developers identify and fix security issues early in development.
A specialized Docker agent that optimizes container images for security and performance, helping developers build lightweight, secure Dockerfiles and multi-stage deployments. Ideal for DevOps engineers and backend developers seeking container best practices.
World-class expert in decentralized finance architecture, cryptoeconomics, and protocol security. Invoke for complex DeFi system design, game-theoretic analysis, economic attack modeling, MEV mitigation, and novel financial primitive construction requiring deep economic and cryptographic expertise.
Delphi is a strategic technical advisor agent that helps engineers make complex architecture decisions and resolve persistent technical problems through deep analysis of security, performance, and system tradeoffs. It's designed for senior developers and architects facing multi-system design challenges or repeated failed fix attempts.
A DevOps specialist agent that automates CI/CD pipelines, infrastructure provisioning, and deployment workflows across cloud platforms. Ideal for teams seeking to streamline infrastructure management, security hardening, and deployment optimization.
The Dynatrace Expert Agent automates observability and security analysis within GitHub workflows, helping development teams investigate incidents, detect performance regressions, and manage vulnerabilities without leaving their repository. It benefits DevOps engineers, security teams, and developers working with Dynatrace-monitored applications.
An API security audit specialist agent that helps developers identify and fix vulnerabilities in REST APIs, including authentication flaws, injection attacks, and compliance issues. Ideal for security-conscious development teams and API developers seeking proactive vulnerability assessment.
A security-focused agent that guides developers through application security, authentication, authorization, and compliance best practices for cloud-native applications. Ideal for teams building secure AI applications who need expert security guidance integrated into their development workflow.
This Windsurf rules booster provides a structured framework for bootstrapping secure AWS IAM roles for GitHub Actions OIDC integration, eliminating static credentials and enforcing least-privilege access through automated CloudFormation templates. It's ideal for DevOps engineers and security-conscious teams managing multiple GitHub repositories with AWS infrastructure.
Access crowdsourced forecasting data from RAND's Forecasting Initiative for policy-relevant predictions on geopolitics, national security, and S&T policy. Ideal for developers building forecasting tools, decision-support systems, or needing calibrated base rates for predictions.
A security testing mindset booster that helps developers identify vulnerabilities like economic exploits, workflow bypasses, and privilege escalation attacks in APIs and payment systems. Ideal for security engineers, QA specialists, and developers performing security audits.
A specialized Docker optimization agent that helps developers build secure, lightweight container images through Dockerfile optimization, security hardening, and multi-stage build design. Ideal for DevOps engineers and developers seeking to improve container deployment practices.
Heuristic scoring (no AI key configured).
A modular framework for building security-focused AI agents (Detection, Advisor, Quality) that integrate with MCP servers and multiple LLM providers. Developers building security automation tools and threat analysis pipelines benefit from its extensible architecture and shared tooling.
A cybersecurity specialist agent that performs security assessments, vulnerability analysis, and compliance auditing across applications and infrastructure. Developers, security teams, and DevOps engineers benefit from automated security reviews and threat identification.
Madhu is a specialized code reviewer agent for Youth Coach Hub's Next.js/React SaaS platform that performs code reviews, architecture assessments, security audits, and pattern compliance checks. It benefits development teams building or maintaining this specific football coaching application.
Multi‑agent AI security testing framework that orchestrates red‑team analyses, consolidates findings with an arbiter, and records an immutable audit ledger—plus a deterministic demo mode for repeatable results.
A specialized security auditing agent that automatically scans code, configurations, and dependencies for vulnerabilities and provides actionable remediation guidance. Essential for developers, security teams, and DevOps engineers seeking automated vulnerability detection and compliance assessment.
Momus is a quality gate agent that validates code and research outputs before deployment, running automated checks for tests, linting, security issues, and anti-patterns. Developers and teams use it to ensure production-ready code and research meet quality standards before approval.
