Total 50,524 skills, Security & Compliance has 1973 skills
Showing 5 of 1973 skills
This skill should be used when the user asks to "check for SSRF", "analyze server-side request forgery", "find URL fetching vulnerabilities", "check for internal network access", or mentions "SSRF", "URL fetching", "cloud metadata", "169.254.169.254", or "request forgery" in a security context. Maps to OWASP Top 10 2021 A10: Server-Side Request Forgery.
Apply the firm's KYC/AML rules grid to a parsed onboarding record — assign a risk rating, list every rule outcome with the rule cited, and flag what's missing or escalation-worthy. Use after kyc-doc-parse; this skill decides nothing, it scores and routes.
Use when the user asks to audit a Solana or Anchor codebase, explain report-backed Solana vulnerability classes, review signer or PDA bugs, analyze CPI trust boundaries, assess Token-2022 integrations, digest a public Solana audit report, investigate an exploit path, or generate audit-readiness and release-blocker checklists.
Run the participant-facing CTFd CLI directly from its Git repository with uvx. Use when an agent needs to list or inspect CTFd challenges, view hints or the scoreboard, inspect the current user's solves and submissions, submit a flag, or unlock a hint without installing the ctfd package globally.
The method for finding the gap between what a system is supposed to do and what the code actually does — the class of bug generic scanners miss because they have no model of intent. Defines what counts as documented intent, what counts as implementation evidence, which mismatches matter, and how to avoid hand-wavy findings. Use when auditing AI-built code, reviewing access control against documented permissions, or checking whether a codebase matches its own documentation.