Total 50,523 skills, Security & Compliance has 1973 skills
Showing 12 of 1973 skills
Generate secure code following OWASP Secure Coding rules. Automatically detects the security domain and produces code with inline Rule ID citations (e.g., [INPUT-04], [AUTH-07]) plus a rules-applied summary.
Run ScanCode Toolkit for comprehensive license and copyright detection. Identifies license types, copyright holders, and compliance obligations across codebases.
Run Trivy to scan container images for OS and library vulnerabilities, misconfigurations, and secrets. Comprehensive multi-target security scanner.
Authentication and security patterns for EFT-Tracker using NextAuth. Covers password reset, session management, CSRF protection, and security reviews. Activates when user mentions: auth, authentication, password, NextAuth, session, security, login, logout, CSRF, rate limit, token, JWT.
Guidelines and workflows for community moderation, trust & safety, and escalation.
系统加固
使用 @aptx/api-plugin-csrf 添加 CSRF 保护。触发条件:当代码需要在请求中添加 CSRF token、配置 cookie/header 名称、处理 SSR/Node 环境的 cookie 读取、或使用 createCsrfMiddleware 时使用。
Detection and prevention of illegal tax avoidance, Part IVA anti-avoidance triggers, circular arrangements, and sham transactions. Ensures all recommendations are legally defensible and do not constitute tax fraud.
Exploit development expert. Buffer overflow, shellcode, ROP, format strings, binary exploitation. Use for exploit writing and PoC development.
CVE vulnerability testing coordinator that identifies technology stacks, researches known vulnerabilities, and tests applications for exploitable CVEs using public exploits and proof-of-concept code.
OWASP Serverless Top 10 - prevention, detection, and remediation for serverless (Lambda, Functions) security. Use when building or reviewing serverless apps - event injection, over-permissioned functions, insecure deps, secrets, config, and other serverless-specific interpretations of the Web Top 10.
Conduct Fault Tree Analysis (FTA) to systematically identify and analyze causes of system failures using Boolean logic gates. Top-down deductive method for safety and reliability engineering. Use when analyzing system failures, evaluating safety-critical designs, calculating failure probabilities, identifying minimal cut sets, assessing redundancy effectiveness, or when user mentions "fault tree", "FTA", "system failure analysis", "minimal cut sets", "safety analysis", "failure probability", "AND/OR gates", or needs to trace failure pathways from top event to basic events. Supports qualitative structure analysis and quantitative probability calculations.