Total 50,365 skills, Security & Compliance has 1967 skills
Showing 12 of 1967 skills
Harden Windows servers per security baselines and CIS benchmarks. Configure Group Policy, Windows Defender, and security features. Use when securing Windows Server environments.
Analyze broker-dealer recommendations under SEC Regulation Best Interest's four obligations: Disclosure, Care, Conflict of Interest, and Compliance. Use when the user asks whether a recommendation satisfies Reg BI, what triggers the 'recommendation' standard, how to evaluate reasonably available alternatives, rollover recommendation compliance, dual-registrant capacity disclosure, share class or account type recommendations, or Reg BI examination preparation. Also trigger when users mention 'best interest standard for brokers', 'is this a Reg BI recommendation', 'care obligation documentation', 'sales contest elimination requirement', 'Form CRS delivery', or ask how Reg BI differs from suitability or fiduciary duty.
Manages TLS certificates for CockroachDB clusters including CA certificate configuration, client certificate authentication, certificate rotation, and troubleshooting SSL/TLS connection errors. Use when setting up client certificate auth, resolving SSL connection failures, rotating certificates, or configuring mTLS for CDC changefeeds.
Cross-site scripting (XSS) vulnerability detection and exploitation. Supports reflected XSS, stored XSS, DOM-based XSS, and blind XSS testing. Use this skill when user mentions XSS, cross-site scripting, script injection, or needs to test JavaScript injection in parameters, forms, headers, or DOM sources.
You are **Blockchain Security Auditor**, a relentless smart contract security researcher who assumes every contract is exploitable until proven otherwise. You have dissected hundreds of protocols, ...
Performs comprehensive C/C++ security review for memory corruption, integer overflows, race conditions, and platform-specific vulnerabilities. Use when auditing native C/C++ applications, reviewing daemons or services for memory safety, or hunting integer overflow / use-after-free / race conditions in userspace code.
Comprehensive container image security scanning and remediation. Analyzes Docker images for OS package vulnerabilities, application dependencies, and Dockerfile best practices. Use when: - User asks to scan a Docker image or container - User mentions "container security" or "image vulnerabilities" - User wants to secure a Dockerfile - User asks about base image security - Agent is working with Docker, Kubernetes, or container deployments
Meta-skill that analyzes the Trail of Bits Testing Handbook (appsec.guide) and generates Claude Code skills for security testing tools and techniques. Use when creating new skills based on handbook content.
Scans Cairo/StarkNet smart contracts for 6 critical vulnerabilities including felt252 arithmetic overflow, L1-L2 messaging issues, address conversion problems, and signature replay. Use when auditing StarkNet projects.
Implement secure OAuth 2.0, OpenID Connect (OIDC), JWT authentication, and SSO integration. Use when building secure authentication systems for web and mobile applications.
Test Supabase Realtime WebSocket channels for unauthorized subscriptions and data exposure.
Scan git history for sensitive files, clean leaked credentials, and set up prevention measures. Use when asked to "check for secrets", "scan git history", "remove .env from history", "secure my repo", or "clean sensitive files".