Total 50,307 skills, Security & Compliance has 1966 skills
Showing 10 of 1966 skills
Comprehensive security auditing workflow covering web application testing, API security, penetration testing, vulnerability scanning, and security hardening.
This skill should be used when the user asks to "check for SSRF", "analyze server-side request forgery", "find URL fetching vulnerabilities", "check for internal network access", or mentions "SSRF", "URL fetching", "cloud metadata", "169.254.169.254", or "request forgery" in a security context. Maps to OWASP Top 10 2021 A10: Server-Side Request Forgery.
Scans code for security vulnerabilities including injection attacks, authentication flaws, exposed secrets, insecure dependencies, and data exposure. Use when the user says "security review", "is this secure?", "check for vulnerabilities", "audit this", or before deploying to production.
Apply the firm's KYC/AML rules grid to a parsed onboarding record — assign a risk rating, list every rule outcome with the rule cited, and flag what's missing or escalation-worthy. Use after kyc-doc-parse; this skill decides nothing, it scores and routes.
Vercel Firewall expert guidance — automatic DDoS mitigation, the Vercel WAF (custom rules, IP blocking, managed rulesets, rate limiting), Attack Mode, system bypass, bot management, and the `vercel firewall` CLI. Use when configuring platform-level security, responding to attacks, or staging firewall rules.
Parse and analyze email headers to trace the origin of phishing emails, verify sender authenticity, and identify spoofing through SPF, DKIM, and DMARC validation.
Security Journey integration. Manage data, records, and automate workflows. Use when the user wants to interact with Security Journey data.
This skill should be used when the user asks for a cryptographer, cryptography review, help to choose a cipher (AES-GCM, ChaCha20-Poly1305, ECDH, RSA tradeoffs), key management, PKI design, TLS configuration, protocol security or handshake review, authenticated encryption, digital signature scheme design, post-quantum migration at architecture level, ProVerif or Tamarin modeling concepts, nonce reuse or IV misuse analysis, HKDF vs password hashing (Argon2), HSM or KMS usage patterns, secure randomness, side-channel and constant-time requirements, or cryptographic agility and algorithm deprecation—not general OWASP web app review only (information-security-engineer), secure coding checklists without crypto depth, Solidity or smart contract audits, blockchain wallet tracing, legal export classification, or shipping custom production crypto without design and review gates.
Audit email account security, validate credentials, and manage email lists using this C++ email security testing utility
Run the participant-facing CTFd CLI directly from its Git repository with uvx. Use when an agent needs to list or inspect CTFd challenges, view hints or the scoreboard, inspect the current user's solves and submissions, submit a flag, or unlock a hint without installing the ctfd package globally.