Reduce your security risks by design.
23 skills that add layers of protection to your Claude setup: scanning inbound links and attachments, detecting prompt injection attempts, auditing MCP configs, tracing redirect chains, and keeping API keys in an encrypted vault. Defense-in-depth designed for non-engineers.
Start here
email-safety-scan
Tiered safety scanner for URLs AND email attachments.
mcp-config-auditor
Audits `.mcp.json` and Claude Code MCP config files across a workspace for plaintext secrets, hardcoded API keys (instead of `${VAR}` interpolation), suspicious…
prompt-injection-detector
Scans web page content, document text, OCR output, or any untrusted text for prompt-injection patterns (hidden instructions, role-override attempts, "ignore pre…
All 23 security skills
email-safety-scan
Tiered safety scanner for URLs AND email attachments.
mcp-config-auditor
Audits `.mcp.json` and Claude Code MCP config files across a workspace for plaintext secrets, hardcoded API keys (instea…
prompt-injection-detector
Scans web page content, document text, OCR output, or any untrusted text for prompt-injection patterns (hidden instructi…
auth-flow-guardian
Blocks password entry on look-alike auth domains.
browser-permission-auditor
Reviews installed Chrome, Edge, and Firefox extensions for risky permissions.
clipboard-leak-warning
Scans the system clipboard for secrets, PII, or credentials BEFORE you paste anything sensitive into an AI chat (Claude,…
dependency-vulnerability-scan
Scans `package.json`/`package-lock.json`, `requirements.txt`/`Pipfile.lock`, `go.mod`/`go.sum`, `Gemfile.lock`, `Cargo.l…
dns-email-auth-auditor
Audits a sending domain's email-authentication DNS records — SPF, DKIM (probes common selectors), DMARC, MTA-STS, BIMI, …
email-attachment-scan
Scans file attachments for malware.
email-link-safety-scan
Tiered URL safety scanner.
form-autofill-guard
Inspects HTML forms for fields hidden via type=hidden, display:none, visibility:hidden, off-screen positioning, zero-siz…
hallucination-detector
Scans LLM-generated output (code, suggestions, docs) for references to files, functions, classes, or packages that do NO…
link-safety-scan
Tiered URL safety scanner for ANY source — emails, web research, pasted links, social DMs, chat messages, search results…
mass-send-guard
Detects bulk/mass-send patterns before any outbound message.
oauth-scope-auditor
Audits OAuth consent screens for over-broad scope requests.
outgoing-message-sanitizer
Single-call safety check before any outbound message — email, Slack, LinkedIn DM, SMS, Teams, public post.
outlook-header-analyzer
Diagnoses what happened to an email by parsing its raw message headers.
password-breach-checker
Checks if a password (or list of passwords) appears in known data breaches via the Have I Been Pwned (HIBP) Pwned Passwo…
pii-redactor
Redacts personally identifiable information (PII) from text — emails, phone numbers, US SSNs, credit cards (Luhn-validat…
referrer-leak-warning
Warns when clicking or rendering a link will leak the current URL via the HTTP Referer header.
secret-leak-scanner
Scans files, folders, git diffs, clipboard text, or any string for leaked credentials — API keys, OAuth tokens, AWS keys…
social-engineering-detector
Analyzes a message (email body, SMS, Slack DM, voicemail transcript, LinkedIn message) for social-engineering and manipu…
url-redirect-tracer
Follows HTTP redirects from a shortened URL (bit.ly, tinyurl, t.co, etc.) up to N hops without executing JavaScript, sho…