Total 50,523 skills, Security & Compliance has 1973 skills
Showing 12 of 1973 skills
Open redirect playbook. Use when URL parameters, form actions, or JavaScript sinks control navigation targets and may redirect users to attacker-controlled destinations.
Verify supply chain integrity for AI agent plugins, tools, and dependencies. Use this skill when: - Generating SHA-256 integrity manifests for agent plugins or tool packages - Verifying that installed plugins match their published manifests - Detecting tampered, modified, or untracked files in agent tool directories - Auditing dependency pinning and version policies for agent components - Building provenance chains for agent plugin promotion (dev → staging → production) - Any request like "verify plugin integrity", "generate manifest", "check supply chain", or "sign this plugin"
Faraday integration. Manage Organizations. Use when the user wants to interact with Faraday data.
This skill should be used when the user asks to "plan a red team engagement", "scope a penetration test", "design a security assessment methodology", "create rules of engagement", or "plan an adversary simulation".
When the user wants to optimize pharmaceutical supply chains, manage cold chain logistics, ensure regulatory compliance, or implement serialization. Also use when the user mentions "pharma supply chain," "GMP compliance," "cold chain," "drug serialization," "clinical trials logistics," "pharmaceutical distribution," "good distribution practices," "GDP," "drug safety," or "pharmaceutical quality." For general healthcare, see hospital-logistics. For clinical trials specifically, see clinical-trial-logistics.
Navigate Taiwan healthcare regulations including NHI system, medical device classification, drug registration, telemedicine rules, and health data protection. Use this skill when the user is building a health tech product for Taiwan, needs to understand NHI, evaluate medical device regulatory pathways, or assess telemedicine compliance — even if they say 'sell a medical device in Taiwan', 'how does NHI work', 'telemedicine regulations', or 'health data privacy in Taiwan'.
Guides Solana-specific on-chain forensics—ATA resolution, SPL instruction parsing, transaction history via RPC and indexers (e.g. Helius-style APIs), fund-flow graphs, Solana clustering heuristics, and program authority review. Use when the user investigates Solana wallets, SPL tokens, DEX/Jito flows, rug or phishing patterns on Solana, or needs evidence-structured tracing reports with public data only.
Investigates completed flash-loan and atomic DeFi incidents across EVM and Solana from public txs—borrow-execute-repay fingerprints, oracle/pool/governance vectors, full trace reconstruction, impact quantification, and mitigations. Use when the user asks for flash loan exploit analysis, atomic attack post-mortems, large-borrow suspicious tx triage, or evidence-structured case studies from explorer data and read-only simulation—not for designing new attacks on live protocols.
Guides discovery and documentation of Solana DeFi protocol risks from public code and chain state—Anchor/native programs, PDAs, CPIs, oracles, pools, SPL mechanics, and historical tx reconstruction. Use when the user asks for Solana program security review, DeFi vulnerability triage, PDA or CPI safety, oracle or liquidity-pool risk, launchpad/bonding-curve issues, or evidence-backed severity findings without exploits or private keys.
Git security scanner with secret detection, commit validation, and pre-commit hooks. Inspired by ZeroClaw's gitleaks integration.
Use when storing credentials securely, encrypting data, implementing passkeys, code signing, or managing certificates and provisioning profiles.
Three-layer security ecosystem for Agent Platforms covering pre-deployment skill auditing, real-time message protection (adaptive-guard), and continuous adaptive defense. Coordinates security-auditor and adaptive-guard. Trigger on 'security ecosystem', 'agent security', 'skill protection', or 'runtime defense'.