All Skills

Total 30,734 skills, Security & Compliance has 1088 skills

Showing 12 of 1088 skills

Per page

Downloads

Sort

Security & Compliancejabrena/cursor-rules-java

124-java-secure-coding

Use when you need to apply Java secure coding best practices — including validating untrusted inputs, defending against injection attacks with parameterized queries, minimizing attack surface via least privilege, applying strong cryptographic algorithms, handling exceptions securely without exposing sensitive data, managing secrets at runtime, avoiding unsafe deserialization, and encoding output to prevent XSS. Part of the skills-for-java project

🇺🇸|EnglishTranslated

Security & Compliancemukul975/anthropic-cybers...

exploiting-oauth-misconfiguration

Identifying and exploiting OAuth 2.0 and OpenID Connect misconfigurations including redirect URI manipulation, token leakage, and authorization code theft during security assessments.

🇺🇸|EnglishTranslated

1 scripts/Checked

Security & Compliancemukul975/anthropic-cybers...

exploiting-websocket-vulnerabilities

Testing WebSocket implementations for authentication bypass, cross-site hijacking, injection attacks, and insecure message handling during authorized security assessments.

🇺🇸|EnglishTranslated

1 scripts/Checked

Security & Compliancemukul975/anthropic-cybers...

performing-api-rate-limiting-bypass

Tests API rate limiting implementations for bypass vulnerabilities by manipulating request headers, IP addresses, HTTP methods, API versions, and encoding schemes to circumvent request throttling controls. The tester identifies rate limit headers, determines enforcement mechanisms, and attempts bypasses including X-Forwarded-For spoofing, parameter pollution, case variation, and endpoint path manipulation. Maps to OWASP API4:2023 Unrestricted Resource Consumption. Activates for requests involving rate limit bypass, API throttling evasion, brute force protection testing, or API abuse prevention assessment.

🇺🇸|EnglishTranslated

1 scripts/Checked

Security & Compliancemukul975/anthropic-cybers...

testing-for-broken-access-control

Systematically testing web applications for broken access control vulnerabilities including privilege escalation, missing function-level checks, and insecure direct object references.

🇺🇸|EnglishTranslated

1 scripts/Checked

Security & Compliancemukul975/anthropic-cybers...

eradicating-malware-from-infected-systems

Systematically remove malware, backdoors, and attacker persistence mechanisms from infected systems while ensuring complete eradication and preventing re-infection.

🇺🇸|EnglishTranslated

2 scripts/Checked

Security & Compliancegithub/awesome-copilot

secret-scanning

Guide for configuring and managing GitHub secret scanning, push protection, custom patterns, and secret alert remediation. This skill should be used when users need help enabling secret scanning, setting up push protection, defining custom secret patterns, triaging secret scanning alerts, or resolving blocked pushes.

🇺🇸|EnglishTranslated

Security & Compliancemukul975/anthropic-cybers...

analyzing-dns-logs-for-exfiltration

Analyzes DNS query logs to detect data exfiltration via DNS tunneling, DGA domain communication, and covert C2 channels using entropy analysis, query volume anomalies, and subdomain length detection in SIEM platforms. Use when SOC teams need to identify DNS-based threats that bypass traditional network security controls.

🇺🇸|EnglishTranslated

1 scripts/Checked

Security & Compliancemukul975/anthropic-cybers...

analyzing-indicators-of-compromise

Analyzes indicators of compromise (IOCs) including IP addresses, domains, file hashes, URLs, and email artifacts to determine maliciousness confidence, campaign attribution, and blocking priority. Use when triaging IOCs from phishing emails, security alerts, or external threat feeds; enriching raw IOCs with multi-source intelligence; or making block/monitor/whitelist decisions. Activates for requests involving VirusTotal, AbuseIPDB, MalwareBazaar, MISP, or IOC enrichment pipelines.

🇺🇸|EnglishTranslated

1 scripts/Checked

Security & Complianceseriouscoderone/keri-clau...

cesride

Rust CESR primitives library for KERI protocol. Auto-activates when working with cesride imports, Matter/Indexer traits, CESR primitive types (Verfer, Diger, Signer, Salter, Siger, Cigar), Serder/Sadder serialization, or Rust CESR encoding/decoding. Covers the full API: primitive construction, cryptographic operations, SAD serialization, threshold logic, and error handling. Defers to cesr/spec/acdc for protocol theory; focuses on Rust API specifics.

🇺🇸|EnglishTranslated

Security & Compliancetroykelly/claude-skills

postgres-rls

MANDATORY when touching auth tables, tenant isolation, RLS policies, or multi-tenant database code - enforces Row Level Security best practices and catches common bypass vulnerabilities

🇺🇸|EnglishTranslated

Security & Compliancecristoslc/swain

swain-security-check

Run all security scanners against the project and produce a unified, severity-bucketed report. Orchestrates gitleaks (secrets), osv-scanner/trivy (dependency vulns), semgrep (static analysis), context-file injection scanner (built-in), and repo hygiene checks (built-in). Missing scanners are skipped with install hints — the scan always completes. Triggers on: 'security check', 'security scan', 'run security', 'scan for secrets', 'check for vulnerabilities', 'security audit', 'audit dependencies', 'check secrets', 'find vulnerabilities', 'scan codebase'.

🇺🇸|EnglishTranslated

8 scripts/Attention