Total 50,476 skills, Security & Compliance has 1971 skills
Showing 12 of 1971 skills
Agent Skill: Security audit patterns (OWASP, CWE, CVSS) for any project. Deep automated PHP/TYPO3 scanning with 80+ checkpoints. Use when conducting security assessments, identifying vulnerabilities, or CVSS scoring. By Netresearch.
Cloudflare Workers security with authentication, CORS, rate limiting, input validation. Use for securing APIs, JWT/API keys, or encountering auth failures, CORS errors, XSS/injection vulnerabilities.
Draft privacy policies, terms of service, disclaimers, and legal notices. Creates GDPR-compliant texts, cookie policies, and data processing agreements. Use PROACTIVELY for legal documentation, compliance texts, or regulatory requirements.
Use when adding multi-factor authentication (MFA/2FA) or requiring additional verification for sensitive operations - covers step-up auth, adaptive MFA, and risk-based authentication with Auth0
Miscellaneous CTF challenge techniques. Use for trivia, automation scripts, encoding puzzles, RF/SDR signal processing, or challenges that don't fit other categories.
Digital forensics and blockchain analysis for CTF challenges. Use when analyzing disk images, memory dumps, event logs, network captures, or cryptocurrency transactions.
Steganography techniques for CTF challenges. Use when data is hidden in images, audio, video, or other media files.
Review Bun runtime security audit patterns. Use for auditing Bun-specific vulnerabilities including shell injection, SQL injection, server security, and process spawning. Use proactively when reviewing Bun apps (bun.lockb, bunfig.toml, or bun:* imports present). Examples: - user: "Review this Bun shell script" → audit `$` usage and argument injection - user: "Check my bun:sqlite queries" → verify `sql` tagged template usage - user: "Audit my Bun.serve() setup" → check path traversal and request limits - user: "Is my Bun.spawn() usage safe?" → audit command injection and input validation - user: "Review WebSocket security in Bun" → check authentication before upgrade
Security auditing and vulnerability assessment specialist. Use when conducting security reviews, analyzing code for vulnerabilities, performing OWASP assessments, or creating security audit reports.
Performs comprehensive security audit of any codebase against OWASP Top 10 2025. Use when user asks for OWASP audit, OWASP Top 10 review, OWASP security check, or wants to audit code against OWASP categories. Do not trigger for PR review, npm/pip audit, SOC2 compliance, general security questions, or threat modeling.
Blockchain smart contract specialist for Solidity, EVM, security patterns, and gas optimizationUse when "smart contract, solidity, ethereum, evm, contract, web3, gas optimization, upgradeable contract, reentrancy, solidity, ethereum, smart-contracts, evm, web3, blockchain, defi, nft, security, gas" mentioned.
Use when explicitly asked to run the security-reviewer subagent or when another skill requires the security-reviewer agent card.