Total 50,542 skills, Security & Compliance has 1973 skills
Showing 12 of 1973 skills
Scan code for security vulnerabilities including OWASP Top 10, secrets, and misconfigurations. Use when you need comprehensive security analysis of a codebase.
Exploit development expert. Buffer overflow, shellcode, ROP, format strings, binary exploitation. Use for exploit writing and PoC development.
CVE vulnerability testing coordinator that identifies technology stacks, researches known vulnerabilities, and tests applications for exploitable CVEs using public exploits and proof-of-concept code.
OWASP Serverless Top 10 - prevention, detection, and remediation for serverless (Lambda, Functions) security. Use when building or reviewing serverless apps - event injection, over-permissioned functions, insecure deps, secrets, config, and other serverless-specific interpretations of the Web Top 10.
OWASP Top 10 CI/CD Security Risks - prevention, detection, and remediation for pipeline security. Use when securing or reviewing CI/CD - flow control, IAM, dependency chain, poisoned pipeline execution, PBAC, credential hygiene, system config, third-party services, artifact integrity, logging and visibility.
Use when implementing secrets management, using Vault, AWS Secrets Manager, handling credentials in CI/CD, or asking about "secrets", "Vault", "credentials", "secret rotation", "API keys", "external secrets operator"
Scans project dependencies and verifies licenses against a whitelist of approved open-source licenses. Use to ensure legal compliance in software projects and prevent the introduction of restricted licenses.
Navigate privacy regulations (GDPR, CCPA), review DPAs, and handle data subject requests. Use when reviewing data processing agreements, responding to data subject access or deletion requests, assessing cross-border data transfer requirements, or evaluating privacy compliance.
Эксперт по обнаружению секретов. Используй для создания правил детекции API keys, tokens и credentials в коде.
Evaluate and configure SPL token authorities (mint/freeze/close) with risk implications and best practices. Use for audits, rotations, or disclosures.
Conduct a full-spectrum public intelligence (OSINT) investigation on any individual given their name, job title, and company. Produces a structured intelligence dossier. Use when asked to research a person, build a profile, investigate a contact, create a dossier, or gather publicly available intelligence on an individual.
Meta-skill that analyzes the Trail of Bits Testing Handbook (appsec.guide) and generates Claude Code skills for security testing tools and techniques. Use when creating new skills based on handbook content.