Total 50,524 skills, Security & Compliance has 1973 skills
Showing 12 of 1973 skills
Advise startup founders on choosing the best jurisdiction and legal entity for their business. Triggers when users ask about where to incorporate, which state/country to register a company, choosing between Delaware vs other states, offshore vs US incorporation, entity types (C-Corp, LLC, PBC), or jurisdiction selection for specific industries (crypto, AI, SaaS, GameDev, solopreneurs). Also triggers for questions about startup formation, company registration, or corporate structure decisions.
Exploit development workflow. Use when: write exploit, PoC, payload, shellcode, bypass, buffer overflow, RCE, reverse shell.
Use when user needs security incident response, operational incident management, evidence collection, forensic analysis, or coordinated response for outages and breaches.
Content Risk Management - Prevent, Identify and Address Various Risks in Account Operation
Check for security risks in Skills/code repositories. When the user wants to check if a skill, GitHub repository, npm package, or local code is safe to download or use. This includes detecting malicious code, malware, key stealing, environment variable modification, suspicious network behavior, and evaluating repository reputation (stars, forks, contributors, age). Use this skill whenever the user mentions checking skills for security risks, scanning repositories for malware, verifying code safety, checking npm packages for threats, or asking if a download is safe.
Rust CESR primitives library for KERI protocol. Auto-activates when working with cesride imports, Matter/Indexer traits, CESR primitive types (Verfer, Diger, Signer, Salter, Siger, Cigar), Serder/Sadder serialization, or Rust CESR encoding/decoding. Covers the full API: primitive construction, cryptographic operations, SAD serialization, threshold logic, and error handling. Defers to cesr/spec/acdc for protocol theory; focuses on Rust API specifics.
MANDATORY when touching auth tables, tenant isolation, RLS policies, or multi-tenant database code - enforces Row Level Security best practices and catches common bypass vulnerabilities
Uses Microsoft RESTler to perform stateful REST API fuzzing by automatically generating and executing test sequences that exercise API endpoints, discover producer-consumer dependencies between requests, and find security and reliability bugs. The tester compiles an OpenAPI specification into a RESTler fuzzing grammar, configures authentication, runs test/fuzz-lean/fuzz modes, and analyzes results for 500 errors, authentication bypasses, resource leaks, and payload injection vulnerabilities. Activates for requests involving API fuzzing, RESTler testing, stateful API testing, or automated API security scanning.
Use this skill when drafting offer letters, handling terminations, classifying workers, or creating workplace policies. Triggers on offer letters, termination process, contractor vs employee, workplace policies, employment agreements, severance, non-compete, and any task requiring employment law guidance or HR legal compliance.
Monitor Certificate Transparency logs using crt.sh and Certstream to detect phishing domains, lookalike certificates, and unauthorized certificate issuance targeting your organization.
SOC 2 Type I and Type II compliance management. Use when conducting SOC 2 readiness assessments, performing gap analysis against Trust Services Criteria, collecting audit evidence, validating infrastructure security controls, preparing for CPA firm audits, managing the observation period, or building continuous compliance programs. Covers all TSC categories (CC1-CC9, A1, PI1, C1, P1) with infrastructure validation for cloud, DNS, TLS, endpoints, and CI/CD pipelines.
Clarity smart contract security audit — structured review covering correctness, security vulnerabilities, design concerns, and deployment readiness.