Reduce risk

Security and compliance skills for agents

Explore skills for vulnerability checks, secret scanning, dependency review, policy validation, and security-aware automation.

Try this task

I need my agent to scan a project for security risks and summarize what needs attention.

18
Matched
18
Strong trust
18
Install ready
12
Auto allowed
18
500+ stars

Agent should be able to

  • +Inspect risky files
  • +Prioritize findings
  • +Explain remediation steps

Resolve

Let the agent pick

Returns the best skill, alternatives, install handoff, risk summary, and safety gate.

Text plan

LLM-readable output

Plain text version for Codex, Claude Code, Cursor, and custom agent runtimes.

Browse

Human shortlist

Open the filtered registry view for this workflow and compare candidates manually.

Workflow map

What to build with these skills

01

Scan dependencies

02

Find exposed secrets

03

Review security findings

04

Prepare audit notes

Best first installs

Start with high-signal skills

18 matched skills

Lynis

VERIFIED

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

16K stars90 trust92 auditREVIEWED

Install

Agent install candidate

Risk

Safe to try

Agent fit

Claude Code + CLI

Updated

May 11, 2026

$ npx skills add CISOfy/lynis

Vuls

VERIFIED

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

12K stars92 trust94 auditVERIFIED

Install

Agent install candidate

Risk

Safe to try

Agent fit

Claude Code + CLI

Updated

Jun 12, 2026

$ npx skills add future-architect/vuls

Osv Scanner

VERIFIED

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

11K stars93 trust95 auditVERIFIED

Install

Agent install candidate

Risk

Safe to try

Agent fit

Claude Code + CLI

Updated

Jun 20, 2026

$ npx skills add google/osv-scanner

Skill shortlist

More options for this use case

Browse full marketplace

Brakeman

developmentCoding

A static analysis security vulnerability scanner for Ruby on Rails applications

Review before production · Review the audit page, then allow agent install in a sandboxed workflow.

7.2K stars87 trust92 audit76 safety

Nuclei

securityCoding

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

Low metadata risk · Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.

29K stars93 trust95 audit87 safety

Grype

developmentCoding

A vulnerability scanner for container images and filesystems

Low metadata risk · Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.

13K stars90 trust94 audit86 safety

Opa

securityCoding

Open Policy Agent (OPA) is an open source, general-purpose policy engine.

Low metadata risk · Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.

12K stars92 trust95 audit87 safety

Kubescape

devopsCoding

Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.

Low metadata risk · Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.

11K stars93 trust95 audit87 safety

Immudb

legal-complianceLegal

immudb - immutable database based on zero trust, SQL/Key-Value/Document model, tamperproof, data change history

Review before production · Review the audit page, then allow agent install in a sandboxed workflow.

9.0K stars86 trust90 audit70 safety

Kyverno

securityLegal

Unified Policy as Code

Low metadata risk · Review the audit page, then allow agent install in a sandboxed workflow.

7.8K stars91 trust94 audit78 safety

Skills

agent-skillsResearch

Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

Low metadata risk · Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.

5.8K stars92 trust95 audit87 safety

Commix

securityCoding

Automated All-in-One OS Command Injection Exploitation Tool

Review before production · Require human approval before installing into a real workspace.

5.8K stars86 trust91 audit63 safety

Nettacker

securityCoding

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Low metadata risk · Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.

5.3K stars92 trust94 audit86 safety

Cookieconsent

legal-complianceLegal

:cookie: Simple cross-browser cookie-consent plugin written in vanilla js

Low metadata risk · Review the audit page, then allow agent install in a sandboxed workflow.

5.6K stars87 trust91 audit79 safety

App Privacy Policy Generator

legal-complianceLegal

Generate a customized Privacy Policy and Terms of Use document for your mobile apps

Low metadata risk · Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.

4.6K stars90 trust93 audit85 safety

Afrog

securityCoding

A Security Tool for Bug Bounty, Pentest and Red Teaming.

Low metadata risk · Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.

4.3K stars88 trust92 audit84 safety

Caddy

legal-complianceLegal

Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

Low metadata risk · Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.

73K stars90 trust94 audit86 safety

Emba

securityCoding

EMBA - The firmware security analyzer

Low metadata risk · Require human approval before installing into a real workspace.

3.5K stars86 trust92 audit64 safety

FAQ

How to choose skills for this workflow

These answers are written for both human builders and agents consuming the Registry API.

What are the best AI agent skills for security and compliance?

Start by comparing Lynis, Vuls, Osv Scanner. OpenAgentSkill ranks them by workflow fit, GitHub adoption, trust score, safety gate, and install readiness.

Can an AI agent use this page directly?

Yes. Use the linked Registry API prompt to query /api/skills/search with the task: "I need my agent to scan a project for security risks and summarize what needs attention." and retrieve install handoff links for the top results.

Should I install every recommended skill?

No. Start with the highest-fit skill, test it in a sandbox workflow, and add companion skills only when the task needs extra coverage.