Total 50,487 skills, Security & Compliance has 1972 skills
Showing 12 of 1972 skills
Use when the user asks to prepare for SOC 2 audits, map Trust Service Criteria, build control matrices, collect audit evidence, perform gap analysis, or assess SOC 2 Type I vs Type II readiness.
Open-source intelligence on people, companies, domains, and B2B accounts. Use when the user wants to investigate, vet, research, or build a dossier on a target — phrases like "OSINT", "due diligence", "background check", "research this person", "look into [company/domain]", "vet this prospect/vendor", "what does X do", "is this account worth pursuing", "find me a contact at", "who's the buyer for", or any open-source investigation task. Disambiguates identities before reporting and grades every claim by independent source count.
Analyzes PHP code for SSRF vulnerabilities. Detects unvalidated URLs, internal network access, DNS rebinding, cloud metadata access, URL parsing bypass attempts.
Interactive setup guide for using Infisical as a secret management tool in your projects. Helps users integrate Infisical into local development (CLI), Docker containers (build-time and runtime secret injection), CI/CD pipelines (GitHub Actions, GitLab CI), Kubernetes (Operator + CRDs), and application code (Node.js, Python, Go, Java, .NET, Ruby SDKs). Also walks through choosing and configuring machine identity auth methods (Universal Auth, AWS Auth, Kubernetes Auth, OIDC, etc.). Use this skill whenever someone asks about: using Infisical, injecting secrets, infisical run, infisical init, connecting their app to Infisical, Docker secrets, Kubernetes secrets operator, machine identity setup, SDK initialization, CI/CD secret injection, or 'how do I get my secrets into my app'.
Apply fiduciary duty standards across the investment advisory landscape, including IA Act Section 206, ERISA, DOL rules, and CFA Institute standards. Use when the user asks whether a fiduciary standard applies, how fiduciary duty differs from Reg BI or suitability, what the duty of care and duty of loyalty require, ERISA Section 404 prudent expert obligations, PTE 2020-02 rollover exemptions, or state-level fiduciary developments. Also trigger when users mention 'are we a fiduciary here', 'best interest vs suitability', 'dual registrant hat switching', 'retirement plan adviser obligations', 'DOL fiduciary rule', or ask what standard of care applies to a recommendation.
Package IDA Pro plugins for the IDA Plugin Manager and plugins.hex-rays.com repository
[user] Perform security inspection and monitoring for Alibaba Cloud DDoS security products, covering DDoS Basic Protection, DDoS Native Protection, and DDoS Anti-DDoS Pro/Premium. Supports querying blackhole/scrubbing events, QPS spikes/drops, L4 traffic anomalies, HTTP status code (4xx/5xx) period-over-period surges, origin status code anomalies, and instance asset inventory. Use this Skill when users need security inspection, DDoS protection status checks, attack event queries, traffic anomaly investigation, or to confirm whether DDoS security products are provisioned. Triggers: "DDoS inspection", "security check", "DDoS protection check", "attack event query", "traffic anomaly"
Manage multiple Alibaba Cloud accounts and batch-export Security Center (SAS) baseline and vulnerability reports via the aliyun CLI and Python scripts. Supports account list refresh, enable/disable, concurrent batch export of cloud platform configuration check (baselineCspm), system baseline risk (exportHcWarning), Linux/Windows/application/emergency vulnerability results across all managed accounts. Use this skill when users need to manage SAS multi-account settings, export baseline or vulnerability compliance data, or merge multi-account security reports into a single file.
Freedom-to-operate triage — a structured first look at potentially blocking patents, not an FTO opinion. Use when a product, process, or feature is being evaluated for blocking patents, when asked whether anything stops a launch, or to build a claim-chart first pass against the most plausible patents before patent counsel review. This skill never concludes a product is clear to launch.
Review marketing copy for claims that need substantiation, reframing, or cutting. Use when the user says "review this marketing copy", "check these claims", "can we say this", "is this puffery or a problem", or pastes marketing content (landing pages, emails, ads, taglines).
Open gaps tracker — what's flagged and not yet closed. Use when the user asks "what gaps are open", "gap tracker", "remediation status", or wants to close (--close GAP-ID) or risk-accept (--accept GAP-ID) a tracked gap.
Deeper risk assessment for a single feature or product area when the launch review found something that needs more than a line item. Structured analysis: what could go wrong, how likely, how bad, what mitigates it. Use when user says "deep dive on this risk", "risk assessment for [feature]", "what could go wrong with", or when launch-review flags a novel issue.