Total 50,402 skills, Security & Compliance has 1967 skills
Showing 12 of 1967 skills
Laravel security best practices for authn/authz, validation, CSRF, mass assignment, file uploads, secrets, rate limiting, and secure deployment.
Use when configuring Fnox secrets management with fnox.toml. Covers file structure, secrets definition, profiles, and hierarchical configurations.
Read/write config files (.env, YAML, TOML, JSON, docker-compose, etc.) safely. Use this instead of Read/Write/Edit tools whenever touching config files that may contain API keys, tokens, passwords, or other secrets — it auto-detects and redacts them.
Run Schemathesis for property-based API security testing. Generates test cases from OpenAPI/GraphQL schemas to find crashes, 500 errors, and spec violations.
Security hardening and secure coding practices. Use when user asks to "harden security", "secure coding", "OWASP vulnerabilities", "input validation", "sanitization", "SQL injection prevention", "XSS protection", "CORS security", "secure headers", "vulnerability scanning", or mentions security best practices and threat mitigation.
When the user wants to create, optimize, or structure Privacy Policy page. Also use when the user mentions "privacy policy," "privacy page," "data protection," or "GDPR compliance."
Review legal documents as an experienced attorney. Analyzes contracts, ToS, privacy policies, NDAs, and corporate docs section-by-section. Identifies risks, gaps, and unfavorable terms with specific replacement text for problematic clauses.
Full Caido SDK integration for Claude Code. Search HTTP history, replay/edit requests, manage scopes/filters/environments, create findings, export curl commands, and control intercept - all via the official @caido/sdk-client. PAT auth recommended.
Use this skill whenever the user asks for a security analysis, vulnerability assessment, security audit, or any form of Security Assessment Report (SAR) over a codebase, infrastructure, API, database, or system. Triggers include: "audit my code", "find security issues", "run a security check", "generate a SAR", "check for vulnerabilities", "is this code secure", or any request that involves evaluating the security posture of a project. Also triggers when the user uploads or references source code, config files, environment variables, or architecture diagrams and asks for a security opinion. Do NOT use for generic coding tasks, code reviews focused on quality rather than security, or performance optimization unless a security angle is explicitly present.
Use when writing Roblox game scripts that handle player actions, currencies, stats, damage, or any RemoteEvent/RemoteFunction communication. Use when reviewing code for exploitable patterns, implementing anti-cheat logic, validating client requests on the server, or setting up rate limiting.
This skill covers designing and implementing security zones and conduits for industrial automation and control systems (IACS) per IEC 62443-3-2. It addresses zone partitioning based on risk assessment, assigning Security Level targets (SL-T), designing conduit security controls, implementing microsegmentation with industrial firewalls, and validating zone architecture through traffic analysis and penetration testing against the Purdue Reference Model.
Tests OAuth 2.0 and OpenID Connect implementations for security flaws including authorization code interception, redirect URI manipulation, CSRF in OAuth flows, token leakage, scope escalation, and PKCE bypass. The tester evaluates the authorization server, client application, and token handling for common misconfigurations that enable account takeover or unauthorized access. Activates for requests involving OAuth security testing, OIDC vulnerability assessment, OAuth2 redirect bypass, or authorization code flow testing.