Total 30,714 skills, Security & Compliance has 1088 skills
Showing 12 of 1088 skills
Content Risk Management - Prevent, Identify and Address Various Risks in Account Operation
Use when needing to understand and comply with Xiaohongshu's platform rules, avoid violations, and maintain account health and safety
Use when protecting original content on Xiaohongshu, respecting others' intellectual property, using copyrighted material legally, or handling copyright infringement claims and disputes
Use when needing to protect original content from infringement, properly use third-party content, or handle copyright disputes on Xiaohongshu
Use when writing Roblox game scripts that handle player actions, currencies, stats, damage, or any RemoteEvent/RemoteFunction communication. Use when reviewing code for exploitable patterns, implementing anti-cheat logic, validating client requests on the server, or setting up rate limiting.
Expert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads across Windows, macOS, Linux/Unix, and Mobile (Android/iOS).
WooYun business logic vulnerability methodology — 22,132 real cases across 6 domains (authentication bypass, authorization bypass, payment tampering, information disclosure, logic flaws, misconfiguration) and 33 vulnerability classes. It can be used for ANY security testing, auditing, or code review of web apps, APIs, or business systems, even without explicit "security" keywords. Triggers: penetration testing, security audit, vulnerability, bug bounty, payment security, IDOR, password reset, weak credentials, unauthorized access, race condition, parameter tampering, code review, penetration testing, security audit, vulnerability mining, payment security, privilege escalation, logic vulnerability, business security, SRC, code audit. It also triggers on implicit intent: "test this endpoint", "find bugs", "can I bypass this", "help me test this interface", "can this parameter be modified", "help me find bugs".
Token and address risk assessment. Use this skill whenever the user asks about token, contract, or address safety. Trigger phrases include: is this token safe, check contract risk, is this address safe, honeypot, rug. MCP tools: info_compliance_check_token_security, info_coin_get_coin_info; Address mode: info_onchain_get_address_info.
Use this skill when the user needs to secure their SaaS app, implement authentication, protect user data, secure APIs, or check for vulnerabilities. Covers OWASP Top 10, auth best practices, data protection, and security checklists for apps built with AI tools.
OpenFGA authorization modeling best practices and guidelines. This skill should be used when authoring, reviewing, or refactoring OpenFGA authorization models. Triggers on tasks involving OpenFGA models, relationship definitions, permission structures, .fga files, .fga.yaml test files, or OpenFGA SDK usage in JavaScript, TypeScript, Go, Python, Java, or .NET.
Authenticate to Elasticsearch using native, file-based, LDAP/AD, SAML, OIDC, Kerberos, JWT, or certificate realms. Use when connecting with credentials, choosing a realm, or managing API keys. Assumes the target realms are already configured.
Rate Limiter Config - Auto-activating skill for Security Fundamentals. Triggers on: rate limiter config, rate limiter config Part of the Security Fundamentals skill category.