Total 50,524 skills, Security & Compliance has 1973 skills
Showing 12 of 1973 skills
Manage Alibaba Cloud Cloud Firewall (Cloudfw) via OpenAPI/SDK. Use for listing resources, creating or updating configurations, querying status, and troubleshooting workflows for this product.
Analyze CVE vulnerabilities in Java and JavaScript components, determine false positives, and provide upgrade recommendations. Use this when users provide a CVE number and affected object, e.g., CVE-2024-38816 and spring-webmvc-5.3.39.jar. Supports false positive analysis, compatibility risk assessment, and standard report generation.
This skill should be used when the user asks for "security status", "show findings", "security dashboard", "security posture", or invokes /appsec:status. Shows current security posture overview.
Deep OWASP API Security Top 10 testing for REST, GraphQL, gRPC, and WebSocket APIs — BFLA, mass assignment, rate limiting, and unsafe consumption.
Manage evidence freshness by identifying stale decisions and providing governance actions
Look up IDA SDK API documentation, related APIs, or task workflows
Token and address risk assessment. Use this skill whenever the user asks about token, contract, or address safety. Trigger phrases include: is this token safe, check contract risk, is this address safe, honeypot, rug. MCP tools: info_compliance_check_token_security, info_coin_get_coin_info; Address mode: info_onchain_get_address_info.
Use this skill when managing patents, trademarks, trade secrets, or open-source licensing. Triggers on intellectual property, patents, trademarks, trade secrets, open-source licensing, copyright, IP strategy, license compliance, and any task requiring IP protection or licensing decisions.
Analyze the threat landscape using MISP (Malware Information Sharing Platform) by querying event statistics, attribute distributions, threat actor galaxy clusters, and tag trends over time. Uses PyMISP to pull event data, compute IOC type breakdowns, identify top threat actors and malware families, and generate threat landscape reports with temporal trends.
3-gate regulatory template orchestrator - manages setup, Gate 1 (analysis), Gate 2 (validation), Gate 3 (generation) for BACEN/RFB compliance.
Gate 2 sub-skill - validates uncertain mappings from Gate 1 and confirms all field specifications through testing.
Detects missing zeroization of sensitive data in source code and identifies zeroization removed by compiler optimizations, with assembly-level analysis, and control-flow verification. Use for auditing C/C++/Rust code handling secrets, keys, passwords, or other sensitive data.