Total 50,529 skills, Security & Compliance has 1973 skills
Showing 12 of 1973 skills
Screen incoming NDAs and classify them as GREEN (standard), YELLOW (needs review), or RED (significant issues). Use when a new NDA comes in from sales or business development, when assessing NDA risk level, or when deciding whether an NDA needs full counsel review.
Run npm audit for Node.js dependency vulnerability scanning. Built-in SCA for npm projects with automatic fix suggestions.
Enterprise risk management expertise for ERM frameworks, risk assessment, business continuity, insurance strategy, third-party risk, and reputational risk. Use when assessing risks, building continuity plans, or managing organizational risk exposure.
Run Google's OSV-Scanner for Software Composition Analysis. Scans lockfiles and SBOMs across all major ecosystems (npm, PyPI, Maven, Go, Cargo, NuGet, RubyGems) for known vulnerabilities.
Margin operations: Reg T initial margin, maintenance margin, portfolio margin, margin call procedures, liquidation waterfall, SBLOC, and margin risk management.
Security-first Uniswap v4 hook development. Use when user mentions "v4 hooks", "hook security", "PoolManager", "beforeSwap", "afterSwap", or asks about V4 hook best practices, vulnerabilities, or audit requirements.
Use when reviewing code for security vulnerabilities, implementing authentication/authorization, handling user input, or discussing web application security. Covers OWASP Top 10:2025, ASVS 5.0, and Agentic AI security (2026).
Configure enterprise SSO, role-based access control, and organization management. Use when implementing SSO integration, configuring role-based permissions, or setting up organization-level controls. Trigger with phrases like "clerk SSO", "clerk RBAC", "clerk enterprise", "clerk roles", "clerk permissions", "clerk SAML".
Perform dynamic application security testing with OWASP ZAP, Burp Suite, and Nikto. Test running applications for security vulnerabilities through automated and manual testing. Use when testing web applications, APIs, or performing penetration testing.
Guide for security-related Agent Skills including penetration testing, code auditing, threat hunting, and forensics skills.
Evaluate third-party agent skills for security risks before adoption or update. Use when: (1) Installing or updating a skill from skills.sh, ClawHub, or any public registry, (2) Auditing skills for security risks or reviewing PRs that add/update skill dependencies, (3) Building a team/org allowlist of approved skills, (4) Investigating suspicious skill behavior or answering "is this skill safe?" / "should we adopt this skill?"
Implement field-level encryption with @cipherstash/stack. Covers schema definition, encrypt/decrypt operations, searchable encryption (equality, free-text, range, JSON), bulk operations, model operations, identity-aware encryption with LockContext, multi-tenant keysets, and the full TypeScript type system. Use when adding encryption to a project, defining encrypted schemas, or working with the CipherStash Encryption API.