Total 50,473 skills, Security & Compliance has 1971 skills
Showing 12 of 1971 skills
Conduct legal research and risk analysis using GoodLegal MCP tools. Use this skill whenever the user asks a legal question, wants to research case law or legislation, needs a legal risk assessment, or asks about French or EU law. Trigger on any mention of jurisprudence, legal research, contract risk, regulatory analysis, legal memo, or references to GoodLegal tools — even if the user just says something like "can you look into whether this clause is enforceable" or "what does the case law say about X".
Audit the game for security vulnerabilities: save tampering, cheat vectors, network exploits, data exposure, and input validation gaps. Produces a prioritised security report with remediation guidance. Run before any public release or multiplayer launch.
Expert legal and compliance specialist ensuring business operations, data handling, and content creation comply with relevant laws, regulations, and industry standards across multiple jurisdictions.
Use when the user asks to perform security audits, penetration testing, vulnerability scanning, OWASP Top 10 checks, or offensive security assessments. Covers static analysis, dependency scanning, secret detection, API security testing, and pen test report generation.
Runs available security scanning tools against the current project and produces a consolidated markdown report. Auto-detects installed tools (gitleaks, semgrep, grype, npm audit, bandit, pip-audit, gosec, govulncheck, cargo audit, bundle-audit) and activates language-specific scanners based on project files. Gracefully skips missing tools and provides installation hints. By default scans the entire target directory. Pass --full to make the intent explicit (useful in workflows that combine full-codebase and diff-only scans). Use when running security scans, checking for vulnerabilities, detecting leaked secrets in git history, or validating security posture before commits or releases. Pairs with security-review for a complete security workflow.
Verify code for security issues including hardcoded secrets, input validation, error exposure, and dependency vulnerabilities. Use when asked to "verify security", "check for secrets", or "scan for vulnerabilities".
Pre-commit security validation and secret detection. Runs gitleaks scan and validates configuration, integrates with pre-commit hooks to prevent credential leaks. Use when user mentions scanning for secrets, gitleaks, secret detection, credential scanning, pre-commit security, or .gitleaks.toml.
Use this agent when you need to perform security audits, vulnerability assessments, or security reviews of code. This includes checking for common security vulnerabilities, validating input handling, reviewing authentication/authorization implementations, scanning for hardcoded secrets, and ensuring OWASP compliance. <example>Context: The user wants to ensure their newly implemented API endpoints are secure before deployment.\nuser: "I've just finished implementing the user authentication endpoints. Can you check them for security issues?"\nassistant: "I'll use the security-sentinel agent to perform a comprehensive security review of your authentication endpoints."\n<commentary>Since the user is asking for a security review of authentication code, use the security-sentinel agent to scan for vulnerabilities and ensure secure implementation.</commentary></example> <example>Context: The user is concerned about potential SQL injection vulnerabilities in their database queries.\nuser: "I'm worried about SQL inj...
Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.
Account maintenance operations: address changes, beneficiary updates, re-registration, cost basis management, account restrictions, standing instructions, and lifecycle changes.
Run Checkov to scan Infrastructure as Code for misconfigurations. Supports Terraform, CloudFormation, Kubernetes, Helm, ARM, Ansible, and Dockerfiles.
Starts and controls the reaper MITM proxy to capture, inspect, search, and replay HTTP/HTTPS traffic between clients and servers. Capabilities include starting/stopping the proxy scoped to specific domains, viewing captured request/response logs, searching traffic by method/path/status/host, and inspecting full raw HTTP entries for security analysis. Use when the user asks to "start the proxy", "capture traffic", "intercept requests", "inspect HTTP traffic", "search captured requests", or "view request/response".