Loading...
Loading...
Found 81 Skills
Run Prowler for comprehensive cloud security posture assessment. Audits AWS, Azure, and GCP against CIS Benchmarks, PCI-DSS, HIPAA, GDPR, and other compliance frameworks.
12 production-ready regulatory affairs and quality management skills for HealthTech/MedTech: ISO 13485 QMS, MDR 2017/745, FDA 510(k)/PMA, ISO 27001 ISMS, GDPR/DSGVO compliance, risk management (ISO 14971), CAPA, document control, and internal auditing. Python tools included (all stdlib-only). Works with Claude Code, Codex CLI, and OpenClaw.
Golang everyday observability — the always-on signals in production. Covers structured logging with slog, Prometheus metrics, OpenTelemetry distributed tracing, continuous profiling with pprof/Pyroscope, server-side RUM event tracking, alerting, and Grafana dashboards. Apply when instrumenting Go services for production monitoring, setting up metrics or alerting, adding OpenTelemetry tracing, correlating logs with traces, migrating legacy loggers (zap/logrus/zerolog) to slog, adding observability to new features, or implementing GDPR/CCPA-compliant tracking with Customer Data Platforms (CDP). Not for temporary deep-dive performance investigation (→ See golang-benchmark and golang-performance skills).
Open-source Chrome extension replacing 12+ browser extensions with privacy-respecting tools including tab cleaner, cookie editor, dark mode, JS toggle, GDPR dismisser, and more.
Legal and compliance expertise for corporate governance, contract analysis, regulatory compliance (SOX, GDPR, HIPAA), risk assessment, intellectual property, and litigation management. Use when reviewing contracts, ensuring compliance, or managing legal risk.
Adapts experiences across cultures and languages — not just translation, but cultural reconception. Part of the Intent design strategy system. When a product enters a new market, everything is in play: information density, navigation patterns, color meaning, icon comprehension, date formats, trust signals, payment flows, and the fundamental assumptions about how people make decisions. Trigger when: planning international expansion, auditing i18n readiness, adapting designs for RTL languages, reviewing cultural assumptions in a design, preparing localization test plans, or when someone says "we need to launch in [country]" and the plan is "just translate it." Also trigger for compliance reviews across markets (GDPR, PIPL, accessibility laws).
This skill should be used when the user asks to "GRC", "governance", "risk", "compliance", "audit", "policy", "control", "risk assessment", "SOX", "GDPR", or any ServiceNow GRC development.
Application security covering threat modeling (STRIDE), OWASP Top 10 (2025), OWASP API Security Top 10 (2023), secure coding review, authentication/authorization patterns, input validation, encryption, security headers, supply chain security, compliance (GDPR/HIPAA/SOC2/PCI-DSS), and security monitoring. Use when reviewing code for vulnerabilities, implementing auth patterns, securing APIs, configuring security headers, hardening supply chain, preventing injection attacks, or preparing for compliance audits.
Track data lineage and provenance from source to consumption. Use when auditing data flows, debugging data quality issues, ensuring compliance (GDPR, SOX), or understanding data dependencies. Covers lineage tracking, impact analysis, data catalogs, and metadata management.
Expert cold email strategist for B2B outbound campaigns. Use when the user asks about cold email writing, email sequences, email deliverability, domain warmup, SPF/DKIM/DMARC setup, email personalization, cold email templates, email copywriting frameworks, email compliance (CAN-SPAM, GDPR), bounce management, inbox placement, email infrastructure, sequencing tools (Instantly, Smartlead, Lemlist), or cold outreach strategy. Also triggers on "cold email", "email sequence", "deliverability", "warmup", "SPF", "DKIM", "DMARC", "bounce rate", "spam", "inbox placement", "email template", "follow-up email", "outbound email", "Instantly", "Smartlead", "email copy", "subject line", "personalization". Do NOT use for marketing emails or newsletters.
Privacy-by-design analytics setup for clients operating under Uganda's Data Protection and Privacy Act 2019, Kenya's Data Protection Act 2019, and international frameworks (GDPR, CCPA). Covers cookie consent implementation, GA4 privacy configuration, data minimisation, and WhatsApp data governance. Invoke when setting up GA4 for a new client, configuring cookie consent banners, advising on analytics data governance, or when a client asks about data protection compliance for their digital channels. Does not replace legal counsel — flags compliance requirements and provides implementation guidance.
Query federation audit logs with compliance filtering