Total 50,523 skills, Security & Compliance has 1973 skills
Showing 12 of 1973 skills
Automated WeChat mini-program security auditing framework using Claude Code Agent Teams with 7 specialized agents for comprehensive static analysis
Ensure investment advertising and marketing materials comply with SEC Marketing Rule and FINRA Rule 2210. Use when the user asks about performance advertising, showing backtested or hypothetical returns, net vs gross performance presentation, client testimonials or endorsements in marketing, social media posts by advisers or reps, third-party ratings in pitchbooks, or advertising recordkeeping. Also trigger when users mention 'can we show this track record', 'pitchbook compliance review', 'marketing rule violations', 'cherry-picking performance periods', 'predecessor performance portability', 'extracted performance', or ask whether a website, one-pager, or presentation needs compliance approval.
Use when you need to design, review, or improve security in Spring Boot applications — including SecurityFilterChain, OAuth2/JWT resource server patterns, form login basics, method security (@PreAuthorize), CSRF and CORS for APIs, session fixation, security headers, exception handling, password encoding, and sensitive-data-safe logging. This should trigger for requests such as Add Spring Boot security support; Review Spring Boot security configuration; Improve API authorization in Spring Boot; Add JWT resource server security in Spring Boot; Harden Spring Boot security headers and CSRF settings. Part of cursor-rules-java project
Hipaa Audit Helper - Auto-activating skill for Security Advanced. Triggers on: hipaa audit helper, hipaa audit helper Part of the Security Advanced skill category.
This skill should be used when the user asks for a cryptographer, cryptography review, help to choose a cipher (AES-GCM, ChaCha20-Poly1305, ECDH, RSA tradeoffs), key management, PKI design, TLS configuration, protocol security or handshake review, authenticated encryption, digital signature scheme design, post-quantum migration at architecture level, ProVerif or Tamarin modeling concepts, nonce reuse or IV misuse analysis, HKDF vs password hashing (Argon2), HSM or KMS usage patterns, secure randomness, side-channel and constant-time requirements, or cryptographic agility and algorithm deprecation—not general OWASP web app review only (information-security-engineer), secure coding checklists without crypto depth, Solidity or smart contract audits, blockchain wallet tracing, legal export classification, or shipping custom production crypto without design and review gates.
Guides corporate legal support—entity structure, board and stockholder governance, corporate resolutions and minutes, equity and cap table mechanics, corporate policies, intercompany arrangements, and corporate closing checklists for financings or M&A. Use when drafting board materials, reviewing governance documents, entity formation or subsidiary setup, stockholder consents, option plan mechanics, D&O considerations at checklist level, or corporate approval packages—not for B2B MSAs and vendor/customer redlines (commercial-counsel), SOC/ISO evidence (compliance-engineer), tax/accounting treatment (senior-revenue-accountant), or employee HRIS and lifecycle operations (people-operations-specialist). For live deal execution—diligence coordination, closing matrix, signing, funds flow—use transaction-manager. For deal thesis, valuation, and negotiation mandate, use transaction-principal. Output is drafting assistance; human counsel must approve binding actions.
Review a Data Processing Agreement against your DPA playbook — auto-detects whether you're processor or controller and applies the right half of the playbook. Use when the user says "review this DPA", "check this data processing addendum", "customer sent their DPA", "is this DPA okay", or attaches a DPA.
PreToolUse security-anti-pattern hook for Claude Code. Catches 12 common security risks (command injection, XSS, SQL injection, unsafe deserialization, GitHub Actions workflow injection, eval/new Function code injection) BEFORE the Edit/Write/MultiEdit operation completes. Session-state caching prevents duplicate warnings on the same file+rule combo. Stdlib only — no dependencies. Use when you want a safety net during Claude Code sessions that touch security-sensitive code (auth, payments, user input handling, IaC). Disable with ENABLE_SECURITY_REMINDER=0 if you need to perform a verified-safe operation that would otherwise trip a pattern. Triggers — "add security hook", "block unsafe code", "detect command injection before write", "prevent SQL injection patterns", "security warning hook".
Expert AI auditor for FDA Food Safety (FSMA), HACCP, and PCQI compliance. Reviews food facility records and preventive controls.
Security & compliance skill suite for OWASP scanning, CVE detection, GDPR/SOC2 audits, threat modeling, and incident response workflows
Analyze and understand malware distribution tactics, cracked software risks, and security threat detection patterns
Expert guidance on securing npm packages, preventing supply chain attacks, and hardening package manager configurations