Catalog
Every x402, MPP, MCP, and skill listing we've indexed, normalized, and enriched.
Scan repositories for Shai-Hulud 2.0 supply-chain indicators with the detector action
Check repositories and CI surfaces for Shai-Hulud 2.0 compromise indicators when the task is targeted supply-chain triage, not generic malware scanning.
Scan repositories for AI supply-chain and agent-security risks with Medusa Security
Use Medusa Security before trusting a repository, dependency, or AI-agent codebase when an agent needs a focused scan for repo poisoning, prompt-injection, MCP, and AI supply-chain findings.
Scan Python code for risky security patterns with Bandit before review or release
Catch insecure Python calls, weak crypto usage, shell injection risks, and similar patterns before merge or release.
Scan MCP servers for security findings before connecting them to agents with MCP Scanner
Run MCP Scanner against a remote or local MCP server before trusting it, so the agent gets a bounded security review of tools, prompts, resources, dependencies, and supply-chain risk.
Scan LLM systems for jailbreaks, prompt injections, and unsafe behaviors with garak
Probe a model or agent stack with adversarial test suites so safety failures show up before deployment or review.
Scan LLM-generated code before use with CodeShield
Run CodeShield on model-produced code or command suggestions before they reach a user, a repo, or an execution step, so insecure patterns get blocked or warned on first.
Scan Kubernetes clusters and manifests for security posture drift with Kubescape
Run Kubernetes security and compliance scans against manifests or live clusters before rollout or audit.
Scan images filesystems and SBOMs for end-of-life software before unsupported components ship with Xeol
Find packages that are out of support even when they do not show up as a classic CVE finding yet.
Scan Claude Code configs for secrets permission drift and unsafe MCP hookups with AgentShield
Audit a Claude Code setup before use by flagging hardcoded secrets, broad allow rules, risky hooks, and dangerous MCP server config.
Scan C and C++ code with Flawfinder for risky function patterns before review
Run a fast secure-code triage pass over C and C++ sources before manual review or remediation planning begins.
Scan agentic codebases for exposed tools MCP usage and mapped security findings with Agentic Radar
Generate a reviewable security report for a supported agent workflow before deployment by scanning its code, tools, MCP usage, and known vulnerability surface.
Scan agent workflows for tools, MCP exposure, and adversarial risk with Agentic Radar
Use Agentic Radar to statically scan agent workflows, map tools and MCP servers, generate shareable security reports, and optionally run adversarial runtime tests before rollout.
Scan agent skill folders for risky patterns and missing safeguards before sharing or deployment with Cisco Skill Scanner
Run a pre-trust security pass over skill packs and prompt bundles before they get shared, merged, or deployed.
Scan agent repos for repo-poisoning, unsafe AI config files, and MCP attack surfaces with MEDUSA
Run a focused preflight scan over agent and MCP repositories to catch poisoned instruction files, dangerous configs, and AI-specific supply-chain risks before merge or deployment.
Scalar OpenAPI Reference and API Client Platform
Scalar is an open-source API platform for publishing modern OpenAPI references and testing endpoints with a built-in API client. It fits agent workflows that need readable API docs, interactive request testing, and framework-friendly integrations across many stacks.
Scaffold and bundle rich single-file web artifacts with React, Tailwind, and shadcn/ui
Use Anthropic's web-artifacts-builder skill to scaffold a React artifact project, build a richer interface with state or routing, and bundle everything into one shareable HTML file. It is for artifact-delivery workflows, not for listing React or Tailwind as standalone products.
SBOM Vulnerability Scanner
Generates Software Bill of Materials using Syft and scans for CVEs with Grype. Cross-references findings against the NVD and OSV databases for comprehensive vulnerability detection.
SBOM Generator with CycloneDX
Generates Software Bill of Materials in CycloneDX 1.5 format using cdxgen and syft. Enriches component data with license detection from clearlydefined.io and vulnerability cross-referencing via OSV.dev.
SBOM Generator and CVE Matcher
Generates Software Bill of Materials using Syft for container images and matches components against the NVD CVE database via OSV.dev API. Outputs CycloneDX and SPDX formats for supply chain compliance.
Satori HTML and CSS to SVG Image Generator by Vercel
Satori is a high-performance library by Vercel that converts HTML and CSS markup into SVG images. It powers Open Graph image generation for dynamic social cards, blog previews, and branded assets using a JSX-like API with full Flexbox layout support and custom font rendering.
SAST Rule Compiler for Semgrep
Compiles and validates custom Semgrep SAST rules using the semgrep-core engine. Tests pattern matching against sample codebases and generates rule performance benchmarks with p/ci rulesets.
SAST Pipeline Scanner
Runs static application security testing using Semgrep rules and CodeQL queries against pull request diffs. Supports SARIF output format and integrates with GitHub Advanced Security for findings management.
Sanity Structured Content Studio and Content Lake
Sanity combines a customizable content studio with a real-time content backend and GROQ-powered querying. This skill helps agents model schemas, manage content operations, and work against Sanity datasets with structured, API-first workflows.
Sanitize untrusted HTML fragments before rendering previews, comments, or CMS content with DOMPurify
Use DOMPurify when an agent must accept HTML from users, rich text editors, imports, or model output but cannot safely render it as-is. The skill strips dangerous markup and unsafe attributes before the content is shown in previews, stored in CMS fields, or embedded in downstream