Total 30,644 skills, Security & Compliance has 1085 skills
Showing 12 of 1085 skills
Cross-cutting infrastructure security audit skill that checks cloud infrastructure, DNS, TLS, endpoints, access control, network security, containers, CI/CD pipelines, secrets management, logging, and physical security against ALL major compliance frameworks. Use for infrastructure audit, cloud security audit, infrastructure compliance, DNS security audit, TLS audit, endpoint security, access control audit, network security assessment, infrastructure security, cloud compliance, Vanta alternative, compliance automation, security posture assessment, hardware security keys, YubiKey compliance.
This skill should be used when the user asks to "scan Python code for security issues", "set up Bandit", "configure bandit security linting", "fix bandit warnings", or needs guidance on Python static security analysis with Bandit.
This skill should be used when the user asks to "audit Python dependencies for vulnerabilities", "scan requirements.txt for CVEs", "set up pip-audit", "fix vulnerable Python packages", or needs guidance on Python dependency security scanning with pip-audit.
This skill should be used when the user asks to "test for insecure direct object references," "find IDOR vulnerabilities," "exploit broken access control," "enumerate user IDs or obje...
Secure Solana frontends against phishing, bad prompts, and unsafe signing requests. Use for audits of wallet UX and dApp sites.
Write secure-by-default Node.js and TypeScript applications following security best practices. Use when: (1) Writing new Node.js/TypeScript code, (2) Creating API endpoints or middleware, (3) Handling user input or form data, (4) Implementing authentication or authorization, (5) Working with secrets or environment variables, (6) Setting up project configurations (tsconfig, eslint), (7) User mentions security concerns, (8) Reviewing code for vulnerabilities, (9) Working with file paths or child processes, (10) Setting up HTTP headers or CORS.
OAuth 2.0 and OpenID Connect expert for authorization flows, PKCE, and token management
Detect dangerous ACL misconfigurations in Active Directory using ldap3 to identify GenericAll, WriteDACL, and WriteOwner abuse paths
Audits codebases for common security vulnerabilities that AI coding assistants introduce in "vibe-coded" applications. Checks for exposed API keys, broken access control (Supabase RLS, Firebase rules), missing auth validation, client-side trust issues, insecure payment flows, and more. Use this skill whenever the user asks about security, wants a code review, mentions "vibe coding", or when you're writing or reviewing code that handles authentication, payments, database access, API keys, secrets, or user data — even if they don't explicitly mention security. Also trigger when the user says things like "is this safe?", "check my code", "audit this", "review for vulnerabilities", or "can someone hack this?".
Answer questions using the Tenzir documentation. Use whenever the user asks about TQL syntax, pipeline operators, functions, data parsing or transformation, normalization, OCSF mapping, enrichment, lookup tables, contexts, packages, nodes, platform setup, deployment, configuration, integrations with tools like Splunk, Kafka, S3, Elasticsearch, or any other Tenzir feature. Also use when the user asks how to collect, route, filter, aggregate, or export security data with Tenzir, or needs help writing or debugging TQL pipelines, even if they don't mention 'Tenzir' explicitly but are clearly working in a Tenzir context.
Answer questions about OCSF (Open Cybersecurity Schema Framework). Use when the user asks about OCSF classes, objects, attributes, profiles, extensions, or event normalization.
Use this skill when managing patents, trademarks, trade secrets, or open-source licensing. Triggers on intellectual property, patents, trademarks, trade secrets, open-source licensing, copyright, IP strategy, license compliance, and any task requiring IP protection or licensing decisions.