Total 50,523 skills, Security & Compliance has 1973 skills
Showing 12 of 1973 skills
Agent skill for v3-security-architect - invoke with $agent-v3-security-architect
Cloudmersive integration. Manage data, records, and automate workflows. Use when the user wants to interact with Cloudmersive data.
Expression Language injection playbook. Use when Java EL, SpEL, OGNL, or MVEL expressions may evaluate attacker-controlled input in Spring, Struts2, Confluence, or similar frameworks.
Smart contract vulnerability playbook. Use when auditing Solidity/EVM contracts for reentrancy, integer overflow, access control, delegatecall, flash loan, signature replay, and MEV-related attack patterns.
Nessus integration. Manage data, records, and automate workflows. Use when the user wants to interact with Nessus data.
Test Android apps on a rooted device. Decompile APKs, intercept traffic, parse UI, test for IDORs, bypass SSL pinning, hook methods with Frida, inspect exported components, read local storage, and find sensitive data. Use when asked to "test this app", "find bugs", "pentest", "reverse engineer", "decompile", "intercept requests", "check for IDORs", "bypass cert pinning", "hook this method", or "check deeplinks".
Domain assessment and web application mapping - subdomain discovery, port scanning, endpoint enumeration, API discovery, and attack surface analysis.
Analyze intellectual property rights across patents, trademarks, copyrights, and trade secrets. Use this skill when the user needs to understand IP protection options, evaluate whether their work is protectable, assess infringement risk, or design an IP strategy — even if they say 'can I patent this', 'someone copied our design', 'how do we protect our brand name', or 'what IP do we have'.
Source code security audit using backward taint analysis, slot type classification, render context verification, and 3-phase parallel review producing an exploitation queue.
Investigates completed DEX sandwich-style MEV from public blocks and bundles—front-victim-back ordering on EVM and Solana, Jito bundle traces, swap decoding, victim slippage vs searcher profit estimates, and evidence-style case studies. Use when the user asks for sandwich attack analysis, MEV sandwich post-mortems, high-slippage swap forensics, or searcher clustering—not for building sandwich bots, mempool manipulation for profit, or harassing labeled wallets.
Points to the coral-xyz sealevel-attacks repository—minimal Anchor programs demonstrating common Solana (Sealevel) exploit patterns and recommended mitigations. Use when auditing or learning Solana program security, pairing with solana-defi-vulnerability-analyst-agent—not for deploying attacks against live systems or evading law.
Early rug-risk triage for token launches and small DeFi deployments from public data—liquidity lock and pool events, dev and sniper wallet clustering, contract authority and transfer-risk checks, coordinated exits, and evidence-backed risk scores. Use when the user asks for rug pull detection, pump-and-dump signals, launch red flags, LP removal forensics, or cross-chain profit exit tracing—not for front-running trades, harassing teams, or certifying scams without on-chain proof.