Total 43,773 skills, Security & Compliance has 1635 skills
Showing 12 of 1635 skills
Harden configuration and defaults for safer deployment. Use when a mid-level developer needs to reduce misconfig risks.
Senior Data Security Architect & Forensic Auditor for 2026. Specialized in Row Level Security (RLS) enforcement, Zero-Trust database architecture, and automated data access auditing. Expert in neutralizing unauthorized access in Convex, Supabase, and Postgres environments through strict policy validation, JIT (Just-in-Time) access controls, and forensic trace analysis.
Configure Sentry security settings and data protection. Use when setting up data scrubbing, managing sensitive data, or configuring security policies. Trigger with phrases like "sentry security", "sentry PII", "sentry data scrubbing", "secure sentry".
Implement field-level encryption with @cipherstash/stack. Covers schema definition, encrypt/decrypt operations, searchable encryption (equality, free-text, range, JSON), bulk operations, model operations, identity-aware encryption with LockContext, multi-tenant keysets, and the full TypeScript type system. Use when adding encryption to a project, defining encrypted schemas, or working with the CipherStash Encryption API.
This skill should be used when users want to migrate from .env files to fnox with 1Password (or another secret provider). It covers installing fnox, creating 1Password items, configuring fnox.toml, and integrating with mise. Use when users mention ".env migration", "fnox setup", "1password secrets", or want to improve their secret management workflow.
Database security auditor specialized in Row Level Security (RLS) enforcement, Zero-Trust database architecture, and forensic audit trails. Covers Supabase RLS policies, Postgres security, Convex auth guards, PGAudit configuration, JIT access controls, and database-specific compliance validation. Use when auditing database access policies, implementing RLS in Supabase or Postgres, configuring Convex auth guards, setting up audit logging, reviewing database security, or validating database-level compliance requirements.
Application security covering threat modeling (STRIDE), OWASP Top 10 (2025), OWASP API Security Top 10 (2023), secure coding review, authentication/authorization patterns, input validation, encryption, security headers, supply chain security, compliance (GDPR/HIPAA/SOC2/PCI-DSS), and security monitoring. Use when reviewing code for vulnerabilities, implementing auth patterns, securing APIs, configuring security headers, hardening supply chain, preventing injection attacks, or preparing for compliance audits.
Expert guide for the Osmedeus security automation workflow engine. Use when: (1) writing or editing YAML workflows (modules and flows), (2) running osmedeus CLI commands (scan, workflow management, installation, server), (3) configuring steps, runners, triggers, or template variables, (4) debugging workflow execution issues, (5) building security scanning pipelines, (6) working with agent/LLM step types, or (7) any question about osmedeus features, architecture, or best practices.
Ensures baseline security practices are followed in the project. Use this when asked to perform a security audit on the codebase. Automatically creates Jira stories for each security finding.
This skill should be used when the user asks to "test for directory traversal", "exploit path traversal vulnerabilities", "read arbitrary files through web applications", "find LFI vu...
Implement FedRAMP requirements for federal cloud services. Configure NIST 800-53 controls and continuous monitoring. Use when providing cloud services to US federal agencies.
Implement SOC 2 Trust Services Criteria. Configure security, availability, and processing integrity controls. Use when achieving SOC 2 certification.