Total 50,505 skills, Security & Compliance has 1972 skills
Showing 12 of 1972 skills
Scan project dependencies for CVEs, outdated packages, and license compliance across npm, pip, cargo, go, maven, and other ecosystems. Use for vulnerability scanning, SBOM generation, supply chain analysis, and automated dependency updates.
KnowBe4 integration. Manage Users, Roles, Organizations, Persons, Groups, Campaigns and more. Use when the user wants to interact with KnowBe4 data.
Secure Code Warrior integration. Manage data, records, and automate workflows. Use when the user wants to interact with Secure Code Warrior data.
Tests APIs for mass assignment (auto-binding) vulnerabilities where clients can modify object properties they should not have access to by including additional parameters in API requests. The tester identifies writable endpoints, adds undocumented fields to request bodies (role, isAdmin, price, balance), and checks if the server binds these to the data model without filtering. Part of OWASP API3:2023 Broken Object Property Level Authorization. Activates for requests involving mass assignment testing, parameter binding abuse, auto-binding vulnerability, or API over-posting.
Financial regulatory knowledge base — A-shares (10% / 5% ST price limits, T+1 settlement, short-selling rules, new delisting rules), HK (T+0 short-selling, no price limits, odd-lot / grey market, profit test, insider dealing ordinance), US (PDT rule $25k threshold, Reg T margin, circuit breakers, SEC rules), crypto regulation, cross-border tax basics. Triggers: "监管规则", "涨跌停", "T+1", "融券", "退市", "做空规则", "PDT规则", "熔断", "保证金", "印花税", "監管規則", "漲跌停", "融券", "退市", "做空規則", "PDT規則", "熔斷", "保證金", "印花稅", "regulatory rules", "circuit breaker", "short selling rules", "PDT rule", "margin requirements", "stamp duty", "delisting rules", "trading rules", "settlement rules".
Security review and penetration testing: evaluate your application against OWASP Top 10, authentication security, HTTP headers, CORS, CSP, supply chain risks, and common attack vectors with browser-based validation.
Guides structured security log analysis across authentication, network, endpoint, and cloud audit log sources. Auto-invoked when the user shares log data, asks about suspicious events, needs help interpreting Windows Event IDs or Linux auth logs, or is establishing baselines for anomaly detection. Produces log source taxonomy, anomaly identification, baseline recommendations, and correlation findings mapped to MITRE ATT&CK v16 techniques.
Comprehensive security review framework for AI agents to audit skills, repositories, URLs, on-chain addresses, and services in adversarial environments
Guides compliance with Brazil's Lei Geral de Proteção de Dados (LGPD, Lei 13.709/2018). Covers the 10 lawful bases under Art. 7, DPO appointment, ANPD enforcement, data subject rights under Arts. 17-22, and international transfer mechanisms. Keywords: LGPD, Brazil data protection, ANPD, lawful bases, data subject rights, international transfers.
Interact with the Infisical REST API to manage secrets, projects, environments, machine identities, and more. Supports secret CRUD operations, machine identity authentication, pagination, and rate limiting on cloud deployments.
Guide identification, measurement, and management of operational risk in trading and brokerage operations. Use when designing trade error detection and correction procedures, investigating trade breaks and reconciliation failures, classifying loss events under Basel taxonomy, developing key risk indicators (KRIs) and dashboards, responding to system outages or data feed failures or order routing errors, conducting root cause analysis after a trade error or settlement fail, planning business continuity and disaster recovery for trading desks, preparing for FINRA or SEC operational risk examinations, or assessing technology risk in OMS and market data systems. Also covers fat-finger errors, error account P&L, and corrective action tracking.
Re-source IDA binaries. Use when asked for recursive annotation, structure recovery, type reconstruction, or bottom-up program understanding.