Total 50,523 skills, Security & Compliance has 1973 skills
Showing 12 of 1973 skills
Determine when a product, platform, or communication crosses the regulatory line from education into investment advice requiring registration. Use when the user asks about the definition of investment advice under the Advisers Act, whether a fintech feature or AI chatbot constitutes advice, the publisher's exclusion for newsletters or model portfolios, broker-dealer solely incidental exclusion, what triggers a 'recommendation' under Reg BI, or DOL education vs advice safe harbors. Also trigger when users ask 'do I need to register as an investment adviser', 'does this app give investment advice', 'is this tool just education or advice', 'robo-adviser registration', or 'disclaimer language for financial content'.
Manage regulatory requirements, number bundles, supporting documents, and verified numbers for compliance. This skill provides REST API (curl) examples.
10DLC brand and campaign registration for US A2P messaging compliance. Assign phone numbers to campaigns.
Audit and harden authentication code for security best practices. Use when the user wants to check their auth implementation for vulnerabilities, harden session handling, fix credential storage, or apply OWASP-recommended security patterns.
Nostr Web of Trust — trust scoring and sybil detection for Nostr pubkeys. Free tier (wot.klabo.world, 50 req/day) with paid fallback (maximumsats.com, 100 sats via L402). Covers 52K+ pubkeys and 2.4M+ zap-weighted trust edges.
Produce a report-only HIPAA, PHI, and PII audit for healthcare codebases and delivery systems. Inspects code, configs, data flows, integrations, logging, and deployment boundaries for privacy and security gaps without modifying code.
Use this skill when the user wants to check if their system is affected by the axios npm supply chain attack (March 31, 2026), scan for malicious axios versions (1.14.1, 0.30.4), check for malware artifacts, or audit package manager security settings (pnpm, npm, bun, yarn) for protections against supply chain attacks. Trigger on phrases like "axios vulnerability", "axios supply chain", "check if affected by axios", "scan for axios malware", or "package manager security audit".
Open Source License guidance, selection, compliance review, and drafting. Use this skill when users ask about choosing open source licenses, checking license compatibility, reviewing projects for OSS compliance, generating LICENSE/NOTICE files, or understanding specific license terms. Triggers include questions about MIT, Apache, GPL, BSD, LGPL, AGPL, MPL, copyleft, permissive licenses, license compatibility, SPDX identifiers, 木兰宽松许可证, Mulan PSL v2, or any OSS licensing topic.
Phase skill for evidence extraction, replay expectations, and audit of generated planning artifacts.
Reverse engineers malicious Android APK files using JADX decompiler to analyze Java/Kotlin source code, identify malicious functionality including data theft, C2 communication, privilege escalation, and overlay attacks. Examines manifest permissions, receivers, services, and native libraries. Activates for requests involving Android malware analysis, APK reverse engineering, mobile malware investigation, or Android threat analysis.
Guide the design and implementation of automated pre-trade compliance systems that validate orders before execution. Use when building a compliance rule engine for an RIA or broker-dealer, configuring hard blocks and soft blocks, maintaining restricted and watch lists including MNPI-driven restrictions, setting concentration limits at security/sector/issuer level, implementing position limits or short selling controls, enforcing wash sale detection or free-riding prevention or pattern day trader identification, applying client-specific ESG screens or legal constraints, designing compliance override workflows with authorization and documentation, backtesting compliance rules, or evaluating compliance check latency impact on execution quality.
Guide post-trade compliance monitoring and trade surveillance system design. Use when building alert logic to detect churning, front-running, cherry-picking, layering, spoofing, wash trading, or marking the close, implementing post-trade best execution review, evaluating allocation fairness with pro-rata verification or dispersion analysis, designing exception-based monitoring workflows with escalation paths, correlating trading with MNPI events for insider trading detection, building personal trading surveillance for preclearance and blackout enforcement, determining SAR or blue sheet or CAT reporting triggers, or tuning surveillance thresholds to reduce false positives. Also covers turnover ratios, cost-to-equity ratios, and investigation case management.