Loading...
Loading...
Found 2,247 Skills
Sets up notification channels for CloudWatch alarms using SNS topics and subscriptions. Always use this skill when configuring alarm notifications — it creates encrypted SNS topics, configures topic policies for CloudWatch access, sets up email/SMS/webhook subscriptions, and links alarms to notification actions with proper security controls.
NestJS best practices and architecture patterns for building production-ready applications. This skill should be used when writing, reviewing, or refactoring NestJS code to ensure proper patterns for modules, dependency injection, security, and performance.
Read a GitHub Issue, create a detailed plan in `_/local-plans/<issue-number>-<slug>.md`, and implement the code **after user approval**. After implementation, perform a security review (OWASP Top 10) → run tests → commit using Conventional Commits. Used for implementation requests where an Issue number or URL is provided, such as "Implement Issue #N" or "Start working on this Issue".
Tests Android inter-process communication (IPC) through intents for vulnerabilities including intent injection, unauthorized component access, broadcast sniffing, pending intent hijacking, and content provider data leakage. Use when assessing Android app attack surface through exported components, testing intent-based data flows, or evaluating IPC security. Activates for requests involving Android intent security, IPC testing, exported component analysis, or Drozer assessment.
Quarkus Security best practices for authentication, authorization, JWT/OIDC, RBAC, input validation, CSRF, secrets management, and dependency security.
Expert service mesh architect specializing in Istio, Linkerd, and cloud-native networking patterns. Masters traffic management, security policies, observability integration, and multi-cluster mesh con
Understanding security risks in software distribution and recognizing illegitimate software packages
Guides digital forensics for security incidents—evidence acquisition and chain of custody, disk/memory/mobile/cloud artifact analysis, log and network forensics, timeline correlation, malware artifact triage, and investigation reports for legal/IR and expert-witness preparation outlines (not legal advice). Use when preserving and analyzing forensic artifacts, building super-timelines, documenting acquisition worksheets, triaging malware samples, or preparing forensic findings for counsel—not live incident command (incident-responder), SOC alert queue triage (soc-analyst), authorized penetration testing (penetration-tester), deep binary RE (reverse-engineer), LLM red team (ai-redteam), enterprise ISMS programs (information-security-engineer), audit control mapping (compliance-engineer), or cloud guardrail implementation (cloud-security-engineer).
Guides information security risk analysis—risk identification and scoring, risk registers, threat/vulnerability/control mapping, treatment recommendations (accept/mitigate/transfer/avoid), third-party and supply-chain risk framing, business impact analysis, KRIs, and risk committee or board narratives. Aligns with ISO 27005 and NIST RMF concepts without full compliance audits. Use for security risk assessment, risk register maintenance, inherent/residual risk scoring, FAIR-style quantitative framing, treatment decisions, third-party risk tiers, or executive risk reporting—not SOC alert triage (soc-analyst), pentest execution (penetration-tester, web-pentester, network-pentester), control implementation (information-security-engineer, cloud-security-engineer), GRC program and audit prep (compliance-specialist), audit evidence automation (compliance-engineer, cloud-compliance-specialist), AI model risk programs (ai-risk-governance), or adversary simulation (red-team-specialist).
Guides identity and access management—workforce and machine identity lifecycle, RBAC/ABAC/PBAC entitlement design, access reviews and recertification, SSO/SAML/OIDC federation, privileged access (PAM/JIT), cloud IAM least privilege (AWS/GCP/Azure concepts), service accounts and secrets hygiene, and separation of duties. Use for IAM, identity governance, access review, RBAC, least privilege, SSO federation, PAM, privileged access, cloud IAM policy, service account, or SoD—not full cloud landing zone architecture (enterprise-cloud-architect), broad cloud security controls (cloud-security-engineer), day-2 break-glass ticket execution only (cloud-system-administrator), pentest (penetration-tester), or legal/HR policy drafting only.
Guides supply chain management—sourcing and supplier qualification, procurement and PO governance, demand forecasting and inventory policy, logistics and fulfillment (3PL, Incoterms, lead times), supplier scorecards, cost and TCO analysis, supply risk and continuity, and SCM KPI dashboards. Use when designing supply strategy, running RFQs, setting safety stock, resolving stockouts or excess inventory, improving OTIF, dual-sourcing critical parts, or building supplier business reviews—not for contract legal redlines (commercial-counsel), vendor security assessments (information-security-engineer), DC construction delivery programs (senior-data-center-capacity-delivery-manager), compute GL and invoice reconciliation (compute-accounting-manager), SaaS quote-to-order (deal-operations-administrator), or enterprise strategy cases (business-consultant).
Guides customer-facing and internal technical solution design—discovery and requirements, integration and reference architecture, security/compliance fit, sizing and cost framing, RFP/RFI responses, PoC scoping, build-vs-buy, and handoff to delivery. Use when scoping a customer or partner solution, designing integration architecture for a deal, drafting RFP/RFI technical responses, planning a proof-of-concept, framing security and compliance fit, or preparing solution decks for stakeholders—not for org-wide landing zones and Well-Architected programs (cloud-architect, enterprise-cloud-architect), internal product ADRs and C4 (senior-system-architecture), production Terraform/IaC (infrastructure-engineer), hands-on cloud resource config (cloud-engineer), live PoC execution and competitive demos (sales-engineer), business strategy without technical design (business-consultant), contract redlines (commercial-counsel), or deep FinOps/GL (finops-analyst, compute-accounting-manager).