All Skills

Total 30,438 skills, Security & Compliance has 1084 skills

Showing 12 of 1084 skills

Per page

Downloads

Sort

entry-point-analyzer

Analyzes smart contract codebases to identify state-changing entry points for security auditing. Detects externally callable functions that modify state, categorizes them by access level (public, admin, role-restricted, contract-only), and generates structured audit reports. Excludes view/pure/read-only functions. Use when auditing smart contracts (Solidity, Vyper, Solana/Rust, Move, TON, CosmWasm) or when asked to find entry points, audit flows, external functions, access control patterns, or privileged operations.

🇺🇸|EnglishTranslated

Security & Compliancetrailofbits/skills

semgrep-rule-creator

Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.

🇺🇸|EnglishTranslated

Security & Compliancetrailofbits/skills

insecure-defaults

Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.

🇺🇸|EnglishTranslated

Security & Compliancetrailofbits/skills

constant-time-analysis

Detects timing side-channel vulnerabilities in cryptographic code. Use when implementing or reviewing crypto code, encountering division on secrets, secret-dependent branches, or constant-time programming questions in C, C++, Go, Rust, Swift, Java, Kotlin, C#, PHP, JavaScript, TypeScript, Python, or Ruby.

🇺🇸|EnglishTranslated

Security & Compliancejeffallan/claude-skills

secure-code-guardian

Use when implementing authentication/authorization, securing user input, or preventing OWASP Top 10 vulnerabilities. Invoke for authentication, authorization, input validation, encryption, OWASP Top 10 prevention.

🇺🇸|EnglishTranslated

Security & Compliancetrailofbits/skills

fuzzing-dictionary

Fuzzing dictionaries guide fuzzers with domain-specific tokens. Use when fuzzing parsers, protocols, or format-specific code.

🇺🇸|EnglishTranslated

Security & Compliancetrailofbits/skills

algorand-vulnerability-scanner

Scans Algorand smart contracts for 11 common vulnerabilities including rekeying attacks, unchecked transaction fees, missing field validations, and access control issues. Use when auditing Algorand projects (TEAL/PyTeal).

🇺🇸|EnglishTranslated

Security & Compliancetrailofbits/skills

testing-handbook-generator

Meta-skill that analyzes the Trail of Bits Testing Handbook (appsec.guide) and generates Claude Code skills for security testing tools and techniques. Use when creating new skills based on handbook content.

🇺🇸|EnglishTranslated

Security & Compliancetrailofbits/skills

cosmos-vulnerability-scanner

Scans Cosmos SDK blockchains for 9 consensus-critical vulnerabilities including non-determinism, incorrect signers, ABCI panics, and rounding errors. Use when auditing Cosmos chains or CosmWasm contracts.

🇺🇸|EnglishTranslated

Security & Compliancedavila7/claude-code-templ...

security-compliance

Guides security professionals in implementing defense-in-depth security architectures, achieving compliance with industry frameworks (SOC2, ISO27001, GDPR, HIPAA), conducting threat modeling and risk assessments, managing security operations and incident response, and embedding security throughout the SDLC.

🇺🇸|EnglishTranslated

2 scripts/Checked

Security & Compliancepubnub/skills

pubnub-security

Secure PubNub applications with Access Manager, encryption, and TLS

🇺🇸|EnglishTranslated

Security & Compliancetrailofbits/skills

substrate-vulnerability-scanner

Scans Substrate/Polkadot pallets for 7 critical vulnerabilities including arithmetic overflow, panic DoS, incorrect weights, and bad origin checks. Use when auditing Substrate runtimes or FRAME pallets.

🇺🇸|EnglishTranslated