Total 50,552 skills, Security & Compliance has 1973 skills
Showing 12 of 1973 skills
Search and retrieve pentesting, red teaming, and security research information from the HackTricks wiki (book.hacktricks.wiki). Use for payloads, methodologies, bypasses, and edge-case behaviors across web, network, cloud, and application security topics.
Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist a...
SSL/TLS 证书
Load PROACTIVELY when task involves security review, vulnerability assessment, or hardening. Use when user says "check for security issues", "audit for vulnerabilities", "scan for secrets", "review auth security", or "check OWASP compliance". Covers authentication and session security, authorization and access control, input validation and injection prevention, data protection and encryption, dependency vulnerability scanning, API security (CORS, rate limiting, headers), and infrastructure hardening. Produces structured reports with severity ratings.
Secret detection and credential scanning using gitleaks. Use when scanning repositories for leaked secrets, API keys, passwords, tokens, or implementing pre-commit security checks.
Ghost Security - SAST code scanner. Finds security vulnerabilities in source code by planning and executing targeted scans for issues like SQL injection, XSS, BOLA, BFLA, SSRF, and other OWASP categories. Use when the user asks for a code security audit, SAST scan, vulnerability scan of source code, or wants to find security flaws in a codebase.
Hardens designs and implementations with structured security reviews.
Scan code or configuration for common security issues. Use when a mid-level developer needs a quick security pass.
Scan codebase for security vulnerabilities including secrets, insecure dependencies, and unsafe code patterns. Use when performing automated security scans.
Configure Sentry security settings and data protection. Use when setting up data scrubbing, managing sensitive data, or configuring security policies. Trigger with phrases like "sentry security", "sentry PII", "sentry data scrubbing", "secure sentry".
Authentication and authorization including JWT, OAuth2, OIDC, sessions, RBAC, and security analysis. Activate for login, auth flows, security audits, threat modeling, access control, and identity management.
Журнал аудита событий и DLP-система. Используй когда нужно: получить журнал аудита, просмотреть события безопасности, настроить DLP. НЕ используй для: обычных API-запросов (→ другие скиллы). Требует тариф «Корпорация».