Skill | Added | Review |
|---|---|---|
dancon-owasp10-review Parallel OWASP Top 10:2025 security review of a web application codebase using 10 specialist agents. Trigger whenever the user asks for a security review, security audit, OWASP review, vulnerability assessment, code security scan, or threat analysis of a web app codebase. Also trigger on mentions of "OWASP Top 10", "security vulnerabilities", "code audit", "AppSec", or requests to check code for injection, XSS, access control, auth, or crypto issues. Trigger for casual requests like "is my code secure?", "check for vulnerabilities", or "any security issues?". Launches 10 parallel agents (one per OWASP category) producing a report with context-sensitive remediations. Secrets found are flagged but always shown as REDACTED. | 88 1.87x Agent success vs baseline Impact 92% 1.87xAverage score across 3 eval scenarios Securityby  Passed No known issues Reviewed: Version: 99b52ce | |
dancon-error-handling Scan a codebase for missing or inadequate security-aware error handling and propose context-appropriate fixes. Use when the user asks to audit, review, scan, or check error handling in code; mentions "error handling audit", "exception handling review", "security error handling"; uploads a codebase wanting a security review focused on error handling; or says things like "find missing try/catch", "check for unhandled exceptions", "detect empty catch blocks", "identify information leakage in error messages", or "make my error handling more secure". | 94 1.31x Agent success vs baseline Impact 97% 1.31xAverage score across 3 eval scenarios Securityby Passed No known issues Reviewed: Version: 99b52ce | |
dancon-cwe25-review Perform a comprehensive code security review against the 2025 MITRE CWE Top 25 Most Dangerous Software Weaknesses (sourced from https://cwe.mitre.org/top25/). Use this skill every time the user asks for a code security review, security audit, vulnerability scan, CWE review, secure code review, source review, or any variant of "check my code for security issues". This skill runs 25 dedicated analysis passes -- one per CWE in the Top 25 -- each focused on finding ALL instances of its assigned weakness across the entire codebase. Results are risk-ranked from highest to lowest and every finding includes a specific, actionable remediation recommendation grounded in good software security engineering practice and principles. | 90 2.78x Agent success vs baseline Impact 92% 2.78xAverage score across 3 eval scenarios Securityby Passed No known issues Reviewed: Version: 99b52ce | |
dancon-input-validation Scan a codebase to find every instance of missing or inadequate input validation for data from external or untrusted sources, then propose context-appropriate fixes using whitelisting, regex, type coercion, size/range checks, encoding, etc. Use whenever the user asks to audit, review, or harden input validation in any codebase regardless of language. Trigger on: "check my inputs", "find injection risks", "validate user input", "security audit inputs", "input sanitisation review", "taint analysis", "harden my API inputs", "check for missing validation", "is my app safe from injection?". Platform- and language-independent. | 88 1.15x Agent success vs baseline Impact 90% 1.15xAverage score across 3 eval scenarios Securityby Passed No known issues Reviewed: Version: 99b52ce | |
dancon-secure-cfworker Generate secure Cloudflare Worker code in TypeScript that avoids all weaknesses covered by OWASP Top 10 (2025) and CWE Top 25 (2025). Use this skill whenever the user asks to create, write, scaffold, or generate a Cloudflare Worker, CF Worker, edge function, or serverless function on Cloudflare. Also trigger when the user asks to build a secure API, secure endpoint, secure webhook handler, or any TypeScript code targeting the Workers runtime. Always use this skill over generic code generation when the target is Cloudflare Workers. | 92 1.33x Agent success vs baseline Impact 100% 1.33xAverage score across 3 eval scenarios Securityby Passed No known issues Reviewed: Version: 35afae9 | |
dancon-secure-coder-go ALWAYS use this skill whenever generating, writing, reviewing, editing, or modifying Go (.go) code in any context. This skill ensures all generated Go code avoids the CWE Top 25 2025 weaknesses that apply to Go, and that every piece of Go code includes appropriate input validation, thorough error handling, and safe error messages that never leak passwords, tokens, API keys, or other secrets. The Go `unsafe` package is absolutely prohibited and must never appear in generated code. Trigger on ANY Go code generation -- there are no exceptions. Even trivial examples and one-off snippets must follow these rules. If the user asks for Go code, read this skill first. | 87 1.14x Agent success vs baseline Impact 94% 1.14xAverage score across 3 eval scenarios Securityby Passed No known issues Reviewed: Version: 9d79cb6 |