Best security and compliance skills for AI agents

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Excellent quality, 12K stars, and a 26 use-case fit score.

A static analysis security vulnerability scanner for Ruby on Rails applications

Excellent quality, 7.2K stars, and a 25 use-case fit score.

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

Excellent quality, 29K stars, and a 24 use-case fit score.

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Excellent quality, 16K stars, and a 23 use-case fit score.

A vulnerability scanner for container images and filesystems

Excellent quality, 12K stars, and a 23 use-case fit score.

Open Policy Agent (OPA) is an open source, general-purpose policy engine.

Excellent quality, 12K stars, and a 23 use-case fit score.

Unified Policy as Code

Excellent quality, 7.8K stars, and a 22 use-case fit score.

Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

Excellent quality, 5.7K stars, and a 22 use-case fit score.

DeepAudit：人人拥有的 AI 黑客战队，让漏洞挖掘触手可及。国内首个开源的代码漏洞挖掘多智能体系统。小白一键部署运行，自主协作审计 + 自动化沙箱 PoC 验证。支持 Ollama 私有部署 ，一键生成报告。支持中转站。​让安全不再昂贵，让审计不再复杂。

Excellent quality, 6.4K stars, and a 22 use-case fit score.

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Excellent quality, 2.7K stars, and a 21 use-case fit score.

Test your prompts, agents, and RAGs. Red teaming/pentesting/vulnerability scanning for AI. Compare performance of GPT, Claude, Gemini, DeepSeek, and more. Simple declarative configs with command line and CI/CD integration. Used by OpenAI and Anthropic.

Excellent quality, 22K stars, and a 20 use-case fit score.

337 Claude Code skills & agent skills & plugins (30+ Agents, 70+ custom commands, 330+ skills, customizable references, scripts)for Claude Code, Codex, Gemini CLI, Cursor, and 8 more coding agents — engineering, marketing, product, compliance, C-level advisory, research, business operations, commercial & finance, and your daily productivity skills.

Excellent quality, 18K stars, and a 20 use-case fit score.

🏛️ 三省六部制 · OpenClaw Multi-Agent Orchestration System — 9 specialized AI agents with real-time dashboard, model config, and full audit trails

Excellent quality, 16K stars, and a 20 use-case fit score.

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Excellent quality, 16K stars, and a 20 use-case fit score.

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

Excellent quality, 15K stars, and a 20 use-case fit score.

The ZAP by Checkmarx Core project

Excellent quality, 15K stars, and a 20 use-case fit score.

Vulnerability Static Analysis for Containers

Excellent quality, 11K stars, and a 20 use-case fit score.

The recursive internet scanner for hackers. 🧡

Excellent quality, 9.9K stars, and a 19 use-case fit score.

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

Excellent quality, 9.6K stars, and a 19 use-case fit score.

A Kubernetes controller and tool for one-way encrypted Secrets

Excellent quality, 9.1K stars, and a 19 use-case fit score.

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

Excellent quality, 8.9K stars, and a 19 use-case fit score.

CloudNativePG is a comprehensive platform designed to seamlessly manage PostgreSQL databases within Kubernetes environments, covering the entire operational lifecycle from initial deployment to ongoing maintenance

Excellent quality, 8.8K stars, and a 19 use-case fit score.

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Excellent quality, 8.8K stars, and a 19 use-case fit score.

OneForAll是一款功能强大的子域收集工具

Excellent quality, 9.8K stars, and a 19 use-case fit score.

Bandit is a tool designed to find common security issues in Python code.

Excellent quality, 8.1K stars, and a 19 use-case fit score.

Agent skill that generates rich HTML pages or slide decks for diagrams, diff reviews, plan audits, data tables, and project recaps

Excellent quality, 8.7K stars, and a 19 use-case fit score.

Validate and visualize dependencies. Your rules. JavaScript, TypeScript, CoffeeScript. ES6, CommonJS, AMD.

Excellent quality, 6.8K stars, and a 19 use-case fit score.

Data pipelines for cloud config and security data. Build cloud asset inventory, CSPM, FinOps, and vulnerability management solutions. Extract from AWS, Azure, GCP, and 70+ cloud and SaaS sources.

Excellent quality, 6.4K stars, and a 19 use-case fit score.

Tfsec is now part of Trivy

Excellent quality, 7.0K stars, and a 19 use-case fit score.

Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources

Excellent quality, 6.0K stars, and a 19 use-case fit score.