Total 50,540 skills, Security & Compliance has 1973 skills
Showing 12 of 1973 skills
Cloudmersive integration. Manage data, records, and automate workflows. Use when the user wants to interact with Cloudmersive data.
Expression Language injection playbook. Use when Java EL, SpEL, OGNL, or MVEL expressions may evaluate attacker-controlled input in Spring, Struts2, Confluence, or similar frameworks.
Smart contract vulnerability playbook. Use when auditing Solidity/EVM contracts for reentrancy, integer overflow, access control, delegatecall, flash loan, signature replay, and MEV-related attack patterns.
Verify supply chain integrity for AI agent plugins, tools, and dependencies. Use this skill when: - Generating SHA-256 integrity manifests for agent plugins or tool packages - Verifying that installed plugins match their published manifests - Detecting tampered, modified, or untracked files in agent tool directories - Auditing dependency pinning and version policies for agent components - Building provenance chains for agent plugin promotion (dev → staging → production) - Any request like "verify plugin integrity", "generate manifest", "check supply chain", or "sign this plugin"
Nessus integration. Manage data, records, and automate workflows. Use when the user wants to interact with Nessus data.
Domain assessment and web application mapping - subdomain discovery, port scanning, endpoint enumeration, API discovery, and attack surface analysis.
Analyze intellectual property rights across patents, trademarks, copyrights, and trade secrets. Use this skill when the user needs to understand IP protection options, evaluate whether their work is protectable, assess infringement risk, or design an IP strategy — even if they say 'can I patent this', 'someone copied our design', 'how do we protect our brand name', or 'what IP do we have'.
Source code security audit using backward taint analysis, slot type classification, render context verification, and 3-phase parallel review producing an exploitation queue.
Investigates completed DEX sandwich-style MEV from public blocks and bundles—front-victim-back ordering on EVM and Solana, Jito bundle traces, swap decoding, victim slippage vs searcher profit estimates, and evidence-style case studies. Use when the user asks for sandwich attack analysis, MEV sandwich post-mortems, high-slippage swap forensics, or searcher clustering—not for building sandwich bots, mempool manipulation for profit, or harassing labeled wallets.
Points to the coral-xyz sealevel-attacks repository—minimal Anchor programs demonstrating common Solana (Sealevel) exploit patterns and recommended mitigations. Use when auditing or learning Solana program security, pairing with solana-defi-vulnerability-analyst-agent—not for deploying attacks against live systems or evading law.
Early rug-risk triage for token launches and small DeFi deployments from public data—liquidity lock and pool events, dev and sniper wallet clustering, contract authority and transfer-risk checks, coordinated exits, and evidence-backed risk scores. Use when the user asks for rug pull detection, pump-and-dump signals, launch red flags, LP removal forensics, or cross-chain profit exit tracing—not for front-running trades, harassing teams, or certifying scams without on-chain proof.
Operates as an on-chain forensics investigator using only public chain data and OSINT—tracing flows across chains, clustering addresses, reviewing contracts for risk patterns, detecting scam vectors, and producing evidence-backed reports. Use when the user asks for blockchain investigation, forensic tracing, scam or rug analysis from public data, transaction trail documentation, or structured intelligence reports without private keys or insider access.