Total 43,575 skills, Security & Compliance has 1631 skills
Showing 12 of 1631 skills
Use this skill when designing data schemas, implementing sharing workflows, or auditing access control in Jazz applications. It covers the hierarchy of Groups, Accounts, and CoValues, ensuring data is private by default and shared securely through cascading permissions and invitations.
Modern application security patterns aligned with OWASP Top 10:2025 (final), OWASP API Security Top 10 (2023), NIST SSDF, zero trust (incl. NSA ZIGs 2026), supply chain security (SBOM), passkeys/WebAuthn, authentication, authorization, input validation, cryptography, plus security ROI, breach cost modeling, and compliance-driven enterprise sales.
Performs initial binary triage by surveying memory layout, strings, imports/exports, and functions to quickly understand what a binary does and identify suspicious behavior. Use when first examining a binary, when user asks to triage/survey/analyze a program, or wants an overview before deeper reverse engineering.
Apply layered security architecture. Use when designing security controls, hardening systems, or reviewing security posture. Covers multiple security layers.
Scans source code, configuration files, and git history for hardcoded credentials, API keys, and tokens. Use when auditing repositories for security leaks or ensuring sensitive data is not committed to version control.
Adversarial security audit playbook for Plutus V3 Aiken DEX contracts (threat model, invariants, findings, tests, tx repro shapes).
Review FastAPI security audit patterns for dependencies and middleware. Use for auditing auth dependencies, CORS configuration, and TrustedHost middleware. Use proactively when reviewing FastAPI apps. Examples: - user: "Audit FastAPI route security" → check for Depends() and Security() usage - user: "Check FastAPI CORS setup" → verify origins when allow_credentials=True - user: "Review FastAPI middleware" → check TrustedHost and HTTPSRedirect config - user: "Secure FastAPI API keys" → move from query params to header schemes - user: "Scan for FastAPI footguns" → check starlette integration and dependency order
Example security audit skill demonstrating how to audit code for security vulnerabilities. Use when the user asks to perform security reviews, check for vulnerabilities, or audit code security.
This skill should be used when auditing code for security issues, reviewing authentication/authorization, evaluating input validation, analyzing cryptographic usage, or reviewing dependency security. Provides OWASP patterns, CWE analysis, and threat modeling guidance.
Calculate cryptographic hashes (MD5, SHA1, SHA256, SHA512) for text and files. Compare hashes, verify integrity, and batch process directories.
Run an OWASP ZAP baseline security scan locally using Docker. Checks for the ZAP baseline script, executes the scan, and summarizes findings by risk level with remediation recommendations.
Security advisory feed with automated NVD CVE polling for OpenClaw-related vulnerabilities. Updated daily.