Total 50,341 skills, Security & Compliance has 1967 skills
Showing 12 of 1967 skills
Use when user needs security incident response, operational incident management, evidence collection, forensic analysis, or coordinated response for outages and breaches.
Content Risk Management - Prevent, Identify and Address Various Risks in Account Operation
Check for security risks in Skills/code repositories. When the user wants to check if a skill, GitHub repository, npm package, or local code is safe to download or use. This includes detecting malicious code, malware, key stealing, environment variable modification, suspicious network behavior, and evaluating repository reputation (stars, forks, contributors, age). Use this skill whenever the user mentions checking skills for security risks, scanning repositories for malware, verifying code safety, checking npm packages for threats, or asking if a download is safe.
Cross-cutting infrastructure security audit skill that checks cloud infrastructure, DNS, TLS, endpoints, access control, network security, containers, CI/CD pipelines, secrets management, logging, and physical security against ALL major compliance frameworks. Use for infrastructure audit, cloud security audit, infrastructure compliance, DNS security audit, TLS audit, endpoint security, access control audit, network security assessment, infrastructure security, cloud compliance, Vanta alternative, compliance automation, security posture assessment, hardware security keys, YubiKey compliance.
Expert knowledge for Azure Attestation development including troubleshooting, best practices, security, configuration, and deployment. Use when validating attestation tokens, authoring SGX/TPM policies, configuring policy signers, or securing endpoints, and other Azure Attestation related development tasks. Not for Azure Confidential Computing (use azure-confidential-computing), Azure Virtual Enclaves (use azure-virtual-enclaves), Azure Key Vault (use azure-key-vault), Azure Security (use azure-security).
Scans Cosmos SDK blockchains for 9 consensus-critical vulnerabilities including non-determinism, incorrect signers, ABCI panics, and rounding errors. Use when auditing Cosmos chains or CosmWasm contracts.
Constant-time testing detects timing side channels in cryptographic code. Use when auditing crypto implementations for timing vulnerabilities.
AFL++ is a fork of AFL with better fuzzing performance and advanced features. Use for multi-core fuzzing of C/C++ projects.
Security engineering toolkit for threat modeling, vulnerability analysis, secure architecture, and penetration testing. Includes STRIDE analysis, OWASP guidance, cryptography patterns, and security scanning tools.
Professional Skills and Methodologies for Network Penetration Testing
Professional Skills and Methodologies for Business Logic Vulnerability Testing
Professional Skills and Methodologies for Security Awareness Training