agent

与 AI 智能体协作进行智能体开发时的通用原则。涵盖分而治之、上下文管理、抽象层级选择等……

当用户要求“测试此网站”、“运行探索性测试”、“检查无障碍问题”、“验证登录流程……”时，应使用此技能。

agent-governance — 一个可安装的 AI 智能体技能，由 github/awesome-copilot 发布。

高效使用 n8n-mcp MCP 工具的专家指南。适用于搜索节点、验证配置、获取模板、管理工作流……

运行具备可观测性、安全边界和生命周期管理的长期运行智能体工作负载。

配置和管理 GitHub Dependabot 的综合指南。当用户询问有关创建或优化 dependabot.yml 文件、管理 Dependabot 拉取请求、配置依赖项更新策略、设置分组更新、monorepo 模式、多生态系统分组、安全更新配置、自动分类规则，或任何与 Dependabot 相关的 GitHub Advanced Security (GHAS) 供应链安全主题时，请使用此技能。对于通过 GitHub MCP Server 在 AI 编码代理中进行 pre-commit 依赖项漏洞扫描，此技能会引用 Advanced Security 插件 (`advanced-security@copilot-plugins`)。当代理需要在提交前扫描依赖项的已知漏洞时，请使用此技能。

强化代码以防范漏洞。适用于处理用户输入、身份验证、数据存储或外部集成。适用于构建任何……的功能。

Run multi-judge consensus.

Implement secure coding practices following OWASP Top 10. Use when preventing security vulnerabilities, implementing authentication, securing APIs, or…

证据优先的 ECC 工具消耗与账单审计工作流。在调查 PR 激增创建、配额绕过、高级模型泄漏、重复作业或……时使用。

Audit and harden hosts running OpenClaw for SSH, firewall, updates, exposure, cron checks, and risk posture.

Security audit guidelines for web applications and REST APIs based on OWASP Top 10 and web security best practices. Use when checking code for vulnerabilities,…

Continuous security vulnerability scanning for OWASP Top 10, common vulnerabilities, and insecure patterns. Use when reviewing code, before deployments, or on…

根据 OWASP Agentic Security Initiative (ASI) Top 10 风险检查任意 AI agent 代码库。在以下场景使用此技能： - 生产部署前评估 agent 系统安全态势 - 针对 OWASP ASI 2026 标准运行合规检查 - 将现有安全控制映射到 10 项 agentic 风险 - 生成安全审查或审计用的合规报告 - 对比 agent 框架安全特性与标准差异 - 处理类似"我的 agent 是否符合 OWASP 标准"、"检查 ASI 合规性"或"agentic 安全审计"的请求

Agent memory management — cloud backup, restore, and local vector search of .md memory files

Manage Elasticsearch RBAC: native users, roles, role mappings, document- and field-level security. Use when creating users or roles, assigning privileges, or mapping external realms like LDAP/SAML.

Diagnose and resolve Elasticsearch security errors: 401/403 failures, TLS problems, expired API keys, role mapping mismatches, and Kibana login issues. Use when the user reports a security error.

Enable, configure, and query Elasticsearch security audit logs. Use when the task involves audit logging setup, event filtering, or investigating security incidents like failed logins.

Enable and configure Kibana audit logging for saved object access, logins, and space operations. Use when setting up Kibana audit, filtering events, or correlating Kibana and ES audit logs.

Creates Elastic Cloud Serverless projects (Elasticsearch, Observability, or Security) via the REST API, saves credentials to file, and bootstraps a scoped Elasticsearch API key. Use when creating a new serverless project, provisioning a search or observability environment, or spinning up a new Elastic Cloud project.