Alternatives
Compare similar skills by workflow fit, trust score, quality, GitHub adoption, maintenance, and install readiness.
Current skill
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
$ npx skills add MobSF/Mobile-Security-Framework-MobSFThe OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.
$ npx skills add OWASP/mastgRadare2 and Frida better together.
$ npx skills add nowsecure/r2fridaA powerful C# Roslyn analyzer that uses static analysis to detect bugs, surface security issues, and enforce best practices—helping developers and AI write more reliable code.
$ npx skills add meziantou/Meziantou.AnalyzerHorusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
$ npx skills add ZupIT/horusecA Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
$ npx skills add Konloch/bytecode-viewerA tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead
$ npx skills add uber/NullAwayA vulnerability scanner for container images and filesystems
$ npx skills add anchore/grypeVulnerability Static Analysis for Containers
$ npx skills add quay/clair🚀Optimizer for mobile applications
$ npx skills add didi/boosterGo security checker
$ npx skills add securego/gosecCodebase intelligence for TypeScript and JavaScript. Free static layer: unused code, duplication, circular deps, complexity hotspots, architecture boundaries. Optional paid runtime layer: hot-path review and cold-path deletion evidence from real production traffic. Rust-native, sub-second, zero-config framework support.
$ npx skills add fallow-rs/fallowCLI tool and library for generating a Software Bill of Materials from container images and filesystems
$ npx skills add anchore/syftStaticcheck - The advanced Go linter
$ npx skills add dominikh/go-tools🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
$ npx skills add mgechev/revivemobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.
$ npx skills add MobSF/mobsfscanHow to choose
Use an alternative when it has a clearer install path, higher trust score, fresher maintenance, or better platform fit for your current agent stack. Keep Insider if it already passes your workflow test and repository review.
Next step
Open the compare page, test the install commands in a sandbox, and check each repository before using a skill in production.