Loading...
Loading...
Found 1,476 Skills
Autonomous DevSecOps & FinOps Guardrails. Orchestrates Gemini 3 Flash to audit Linux Kernel patches, Terraform cost drifts, and K8s compliance.
Use this skill when a VP Payroll, Head of People Operations, or Payroll Manager needs to manage all employee and contractor compensation flows — including payroll runs, salary administration, statutory deductions, benefits administration, equity grants and vesting, variable pay bonuses, contractor invoice processing, and full payroll compliance across jurisdictions. This skill orchestrates the salary management sub-skill. Trigger when running payroll, onboarding employees with compensation packages, processing salary changes, calculating bonuses, managing equity schedules, processing contractor payments, handling payroll tax filings, or producing total compensation reports for People and Finance leadership.
Generate audit reports and compliance trails using Harness audit trail data via MCP v2 tools. Track user actions, resource changes, authentication events, and access patterns across accounts, organizations, and projects. Use when asked to audit activity, generate compliance reports, investigate security incidents, review user actions, check change logs, or produce SOC2/GDPR/HIPAA audit evidence. Trigger phrases: audit report, audit trail, compliance audit, user activity log, change log, access audit, security investigation, who changed what, audit events.
Manage Harness Software Supply Chain Assurance (SSCA) via MCP. Configure automated SBOM generation with CycloneDX or SPDX formats, set up artifact signing and attestation with Cosign, define supply chain security policies using OPA, and track SLSA provenance levels. Use when asked to generate SBOMs, sign artifacts, enforce supply chain policies, track software provenance, or manage SLSA compliance. Do NOT use for OPA pipeline governance policies (use create-policy instead) or vulnerability scanning (use security-report instead). Trigger phrases: SBOM, software bill of materials, supply chain security, SLSA, artifact signing, cosign, provenance, attestation, CycloneDX, SPDX, supply chain policy.
Validates a UX spec, HUD design, or interaction pattern library for completeness, accessibility compliance, GDD alignment, and implementation readiness. Produces APPROVED / NEEDS REVISION / MAJOR REVISION NEEDED verdict with specific gaps.
Expert infrastructure security engineer specializing in DevSecOps, cloud security, and compliance frameworks. Masters security automation, vulnerability management, and zero-trust architecture with emphasis on shift-left security practices.
This skill covers implementing Software Composition Analysis (SCA) using Snyk to detect vulnerable open-source dependencies in CI/CD pipelines. It addresses scanning package manifests and lockfiles, automated fix pull request generation, license compliance checking, continuous monitoring of deployed applications, and integration with GitHub, GitLab, and Jenkins pipelines.
Audit claude-skills with systematic 9-phase review: standards compliance, official docs verification, code accuracy, cross-file consistency, and version drift detection. Use when investigating skill issues, major updates detected, skill not verified >90 days, or before marketplace submission.
Workflow step compliance guidance with mandatory step reminders and visual progress tracking. Reminds Claude to complete all workflow steps before PR creation.
This skill should be used when the user asks to "create privacy policy", "write terms of service", "legal pages", "cookie policy", "disclaimer", or mentions GDPR, CCPA, or legal compliance. Creates clear, compliant legal pages that protect the business while maintaining readability.
Reduces attack surface across OS, container, cloud, network, and database layers using CIS Benchmarks and zero-trust principles. Use when hardening production infrastructure, meeting compliance requirements, or implementing defense-in-depth security.
Review code for Government of Canada authentication and identity management compliance. Checks OIDC implementations, session security, scope minimization, logout handling, and RBAC integration against ITSG-33 and TBS security standards.