Total 50,540 skills, Security & Compliance has 1973 skills
Showing 12 of 1973 skills
Edit IDA databases. Use when asked to add comments, rename symbols, apply types, create bookmarks, or clean up decompiled code for review.
IDA type system. Use when asked to create, modify, or apply structs, unions, enums, typedefs, or parse C declarations.
Write and execute Python scripts using the IDA Domain API for reverse engineering. Analyze binaries, extract functions, strings, cross-references, decompile code, work with IDA Pro databases (.i64/.idb). Use when user wants to analyze binaries, reverse engineer executables, or automate IDA Pro tasks.
Guides proactive threat hunting for advanced SOC—hypothesis-driven hunt campaigns, advanced SIEM/query workflows, baseline and anomaly analysis, MITRE ATT&CK–aligned techniques, threat intel fusion, detection engineering feedback, and hunt reporting with IR handoff. Use for threat hunting, proactive hunt, hypothesis-driven detection, advanced SOC, hunt campaign, detection engineering, MITRE ATT&CK hunt, anomaly hunting—not routine SOC alert triage (soc-analyst), declared incident command (incident-responder), adversary simulation campaigns (red-team-specialist), disk forensics acquisition (digital-forensics-analyst), authorized pentest (penetration-tester), or binary RE lab work (reverse-engineer).
Guides product infrastructure security—securing the runtime, data plane, and control plane that ships with the product: multi-tenant isolation, service-to-service auth, customer data boundaries, secure defaults in APIs and workers, abuse-resistant rate limits, product-scoped secrets and encryption, and security design reviews for product infra changes. Use when threat-modeling product features, designing tenant isolation, hardening service mesh or internal APIs, reviewing product IaC/modules for data leaks, defining secure baselines for microservices the product team owns, or partnering on incidents affecting customer workloads—not for corporate IdP/SIEM (information-security-engineer), CI pipeline gates only (devsecops), SOC operations (defensive-security-analyst), authorized pentest execution (offensive-security-analyst), general IDP golden paths (platform-engineer), company-wide GRC (cybersecurity), or applied AI solution architecture for LLM features (applied-ai-architect-commercial-enterprise).
Guides corporate legal support—entity structure, board and stockholder governance, corporate resolutions and minutes, equity and cap table mechanics, corporate policies, intercompany arrangements, and corporate closing checklists for financings or M&A. Use when drafting board materials, reviewing governance documents, entity formation or subsidiary setup, stockholder consents, option plan mechanics, D&O considerations at checklist level, or corporate approval packages—not for B2B MSAs and vendor/customer redlines (commercial-counsel), SOC/ISO evidence (compliance-engineer), tax/accounting treatment (senior-revenue-accountant), or employee HRIS and lifecycle operations (people-operations-specialist). For live deal execution—diligence coordination, closing matrix, signing, funds flow—use transaction-manager. For deal thesis, valuation, and negotiation mandate, use transaction-principal. Output is drafting assistance; human counsel must approve binding actions.
Verifies identity documents via the Didit standalone API. Use when verifying a passport, ID card, driver's license, or residence permit, performing OCR extraction, MRZ parsing, document authenticity checks, or KYC document validation. Supports 4000+ document types across 220+ countries.
Test APIs against OWASP API Security Top 10 including discovery, auth abuse, and protocol-specific checks.
OpenClaw security scanning skill that performs comprehensive system security audits and generates human-friendly reports
WireGuard-based rapid VPN networking software for Linux with HTTP API and utility tools
Deploy and orchestrate 38 MCP servers for offensive security tools (Nmap, Nuclei, Ghidra, SQLMap, etc.) via Docker
Analyze and understand malware distribution tactics, security software bypass techniques, and threat detection for cybersecurity research