Total 50,524 skills, Security & Compliance has 1973 skills
Showing 12 of 1973 skills
Internal downstream skill for ctf-sandbox-orchestrator. CTF-sandbox workflow for OAuth, OIDC, redirect flows, state or nonce handling, PKCE, token exchange, refresh logic, claim mapping, and accepted login paths. Use when the user asks to trace redirects, callback parameters, scopes, state, nonce, PKCE, refresh tokens, consent, or explain how an OAuth or OIDC chain turns into accepted identity or privilege. Use only after `$ctf-sandbox-orchestrator` has already established sandbox assumptions and routed here.
Alibaba Cloud Security Center (SAS) Overview Data Query Skill. Retrieves security score, asset status, risk governance, asset risk trends, and billing info. Supports flexible scope: query a single data item, a specific module, or the full overview based on user intent. Triggers: "SAS overview", "security center overview", "SAS 总览", "云安全中心总览", "security score", "安全评分", "安全分", "vulnerability fix", "baseline risk", "handled alerts", "host assets", "uninstalled clients", "risk governance", "WAF blocks", "asset risk trend", "SAS billing", "订阅状态", "账单" Out of scope: This Skill only covers SAS overview data queries. It does not perform remediation, modify configurations, or manage non-SAS services.
Generate comprehensive compliance reports for security standards. Use when creating compliance documentation. Trigger with 'generate compliance report', 'compliance status', or 'audit compliance'.
NoSQL injection playbook. Use when MongoDB-style operators, JSON query objects, flexible search filters, or backend query DSLs may allow data or logic abuse.
Deep codebase analysis for building architectural context before vulnerability or bug finding. Uses line-by-line analysis with First Principles, 5 Whys, and 5 Hows. Use when deep comprehension is needed before security auditing, architecture review, or threat modeling.
Guides DeFi protocol security review and rug-risk assessment from public chain data, verified source, and historical patterns—covering EVM and Solana-style deployments, liquidity and tokenomics, governance centralization, bridges, exploit pattern matching, and evidence-structured audit reports. Use when the user asks for a DeFi security audit, rug risk analysis, contract vulnerability triage, LP lock verification, governance or upgrade risk, or cross-chain bridge review from observable data only.
Points to Christoph Michel’s (cmichel.io) long-form guide on becoming a smart contract security auditor—EVM-centric learning path, CTFs, canonical DeFi contracts, finance basics, and an FAQ (tools, scoping, compensation). Use when the user asks how to start in Solidity/EVM auditing or cites this article—not as current salary data, job placement advice, or a substitute for hands-on practice and primary documentation.
Secure command execution sandbox with approval workflows, dangerous command detection, allowlisting, and audit logging. Runs commands in restricted environments with safety guardrails.
Run sustainability pre-screening and audit workflows so plans meet environmental, social, governance, and funder-readiness standards.
Privacy-by-design analytics setup for clients operating under Uganda's Data Protection and Privacy Act 2019, Kenya's Data Protection Act 2019, and international frameworks (GDPR, CCPA). Covers cookie consent implementation, GA4 privacy configuration, data minimisation, and WhatsApp data governance. Invoke when setting up GA4 for a new client, configuring cookie consent banners, advising on analytics data governance, or when a client asks about data protection compliance for their digital channels. Does not replace legal counsel — flags compliance requirements and provides implementation guidance.
Analyzes and enforces security protocols on the skill ecosystem. Operates via Audit, Guard, and Trust modes to prevent malicious commands, PII leakage, and excessive permissions.
Simulates ARP spoofing attacks in authorized lab or pentest environments using arpspoof, Ettercap, and Scapy to demonstrate man-in-the-middle risks, test network detection capabilities, and validate ARP inspection countermeasures.