Total 50,524 skills, Security & Compliance has 1973 skills
Showing 12 of 1973 skills
Assign vulnerability owners at scale using conviso-cli with mapping-driven rules, preview-first execution, and explicit apply confirmation.
Generate security fixes from detect-dev findings with regression tests. Use when remediating security vulnerabilities.
Ghost Security - Secrets and credentials scanner. Scans codebase for leaked API keys, tokens, passwords, and sensitive data. Detects hardcoded secrets and generates findings with severity and remediation guidance. Use when the user asks to check for leaked secrets, scan for credentials, find hardcoded API keys or passwords, detect exposed .env values, or audit code for sensitive data exposure.
Multi-cloud security assessment skill for AWS, Azure, and GCP. This skill should be used when performing cloud security audits, scanning for misconfigurations, testing IAM policies, auditing storage permissions, and identifying privilege escalation paths. Triggers on requests to audit cloud security, scan AWS/Azure/GCP, check cloud misconfigurations, or perform cloud penetration testing.
Performs requirement checks and compliance diagnostics for excellent electronic books. Activate with keywords such as "Excellent Electronic Books", "Compliance with Electronic Bookkeeping Law", "Requirement Confirmation for Electronic Books", "Preparation for Tax Audits", "Conditions for the 750,000 Yen Deduction", "Do the Books Meet Requirements?", or "e-bookkeeping compliance".
This skill should be used when the user asks to "run PASTA analysis", "PASTA threat model", "risk-centric threat analysis", or invokes /appsec:pasta. Dispatches 7 stages SEQUENTIALLY -- each stage's output feeds the next. This is the ONLY framework that runs sequentially.
This skill should be used when the user asks to "check for misconfigurations", "analyze security headers", "find misconfigured settings", "check CORS policy", "find debug mode", "audit server configuration", or mentions "misconfiguration" in a security context. Maps to OWASP Top 10 2021 A05: Security Misconfiguration.
This skill should be used when the user asks to "check for non-repudiation privacy risks", "analyze excessive audit logging", "find privacy issues related to accountability", "check for forced identity linking", or mentions "non-repudiation" in a privacy context. Maps to LINDDUN category N. This is the INVERSE of STRIDE repudiation -- here too much proof is the threat.
Drafts U.S. regulatory client advisory summaries translating legal developments into actionable risk and compliance guidance. Use when a client needs a proactive memo, client alert, or legal-update brief for a new law, case, rulemaking, agency guidance, or pending reform. Trigger on requests for "client advisory," "regulatory update," "legal alert," "compliance briefing," "new law summary," or "quarterly advisory."
Java security checklist covering OWASP Top 10, input validation, injection prevention, and secure coding. Works with Spring, Quarkus, Jakarta EE, and plain Java. Use when reviewing code security, before releases, or when user asks about vulnerabilities.
Audit content and assets for brand compliance — style guide validation, tone of voice checking, visual identity consistency, brand asset management, and cross-channel coherence.
12 production-ready regulatory affairs and quality management skills for HealthTech/MedTech: ISO 13485 QMS, MDR 2017/745, FDA 510(k)/PMA, ISO 27001 ISMS, GDPR/DSGVO compliance, risk management (ISO 14971), CAPA, document control, and internal auditing. Python tools included (all stdlib-only). Works with Claude Code, Codex CLI, and OpenClaw.