Total 50,472 skills, Security & Compliance has 1969 skills
Showing 12 of 1969 skills
Pliance integration. Manage data, records, and automate workflows. Use when the user wants to interact with Pliance data.
Cobalt integration. Manage data, records, and automate workflows. Use when the user wants to interact with Cobalt data.
Classical cipher analysis playbook. Use when encountering substitution ciphers, Vigenere, transposition, XOR, or encoded text in CTF challenges that requires frequency analysis, Kasiski examination, or known-plaintext cryptanalysis.
Windows lateral movement playbook. Use when pivoting between Windows hosts via PsExec, WMI, WinRM, DCOM, RDP, pass-the-hash, overpass-the-hash, or pass-the-ticket techniques.
NTLM relay and authentication coercion playbook. Use when capturing and relaying NTLM authentication to escalate privileges via SMB, LDAP, HTTP, or MSSQL relay targets, combined with PetitPotam, PrinterBug, and other coercion methods.
AI/ML security playbook. Use when assessing model supply chain attacks (pickle RCE, poisoned weights), adversarial examples, model poisoning, model stealing, data privacy attacks (membership inference, model inversion), and autonomous agent security risks.
Browser and V8 exploitation playbook. Use when exploiting JavaScript engine vulnerabilities including JIT type confusion, incorrect bounds elimination, and V8 sandbox bypass to achieve renderer RCE and sandbox escape in Chrome/Chromium.
Mobile SSL pinning bypass playbook. Use when intercepting HTTPS traffic from mobile applications that implement certificate pinning, public key pinning, or SPKI hash pinning on Android and iOS, including React Native, Flutter, and Xamarin frameworks.
Create security architecture diagrams using PlantUML syntax with identity, encryption, firewall, and compliance stencil icons. Best for IAM flows, zero-trust architectures, encryption pipelines, compliance auditing, and threat detection. NOT for general cloud infra (use cloud skill) or simple flowcharts (use mermaid).
Use this skill to remediate security findings by producing minimal, surgical code patches. Triggers on 'patch security findings', 'fix vulnerabilities', 'remediate findings', 'threat patch', or when the user provides a findings.json (from threat-model), a Codex security findings CSV, a THREAT-MODEL.md, or individual vulnerability descriptions and wants them fixed. Also trigger when reviewing code flagged by a security scanner and the user wants actionable fixes rather than just reports.
Contrast Security integration. Manage data, records, and automate workflows. Use when the user wants to interact with Contrast Security data.
Security audit and vulnerability scanning for AI agent skills before installation. Detects prompt injection in SKILL.md files, dangerous code patterns (eval, exec, subprocess), network exfiltration, credential harvesting, dependency supply chain risks, file system boundary violations, and obfuscation. Produces PASS/WARN/FAIL verdicts with remediation guidance. Use when evaluating untrusted skills, pre-install security gates, or auditing skill repositories.