Total 43,667 skills, Security & Compliance has 1632 skills
Showing 12 of 1632 skills
Run Spectral to lint OpenAPI and AsyncAPI specs for security issues. Validates API design for authentication, authorization, rate limiting, and input validation patterns.
Starts and controls the reaper MITM proxy to capture, inspect, search, and replay HTTP/HTTPS traffic between clients and servers. Capabilities include starting/stopping the proxy scoped to specific domains, viewing captured request/response logs, searching traffic by method/path/status/host, and inspecting full raw HTTP entries for security analysis. Use when the user asks to "start the proxy", "capture traffic", "intercept requests", "inspect HTTP traffic", "search captured requests", or "view request/response".
SSL/TLS 证书
When the user wants to create, optimize, or structure Privacy Policy page. Also use when the user mentions "privacy policy," "privacy page," "data protection," or "GDPR compliance."
Query token security audit to detect scams, honeypots, and malicious contracts before trading. Returns comprehensive security analysis including contract risks, trading risks, and scam detection. Use when users ask "is this token safe?", "check token security", "audit token", or before any swap.
When the user wants to create, optimize, or structure legal pages (Privacy, Terms, etc.). Also use when the user mentions "privacy policy," "terms of service," "legal pages," "cookie policy," "terms and conditions," "legal footer," "legal section," "compliance pages," or "legal requirements."
When the user wants to create, optimize, or audit an affiliate, sponsor, or paid partnership disclosure page. Also use when the user mentions "disclosure," "affiliate disclosure," "sponsored content," "FTC disclosure," or "paid partnership."
Audit, implement, and remediate Digital Personal Data Protection Act 2023 (DPDPA) compliance in any application codebase. Use this skill whenever the user mentions DPDPA, Indian data protection, personal data handling for Indian users, consent management, data breach notification, children's data protection in India, cross-border data transfer from India, privacy policy for Indian apps, Data Fiduciary obligations, Data Principal rights, or compliance auditing for Indian privacy law. Also trigger when the user asks to "audit my app for privacy", "check data protection compliance", "implement consent flows", "add breach notification", "handle children's data", "add data deletion/erasure", "implement right to access", "GDPR equivalent in India", or any task involving personal data processing for users in India. This skill covers code-level implementation, architecture review, compliance auditing with remediation, and organizational/process guidelines that fall outside application code.
Professional Skills and Methodologies for Container Security Testing
Golang Security Auditor
Concurrency exploitation — race conditions, TOCTOU vulnerabilities, and parallel request abuse in web applications.
WooYun business logic vulnerability methodology — 22,132 real cases across 6 domains (authentication bypass, authorization bypass, payment tampering, information disclosure, logic flaws, misconfiguration) and 33 vulnerability classes. It can be used for ANY security testing, auditing, or code review of web apps, APIs, or business systems, even without explicit "security" keywords. Triggers: penetration testing, security audit, vulnerability, bug bounty, payment security, IDOR, password reset, weak credentials, unauthorized access, race condition, parameter tampering, code review, penetration testing, security audit, vulnerability mining, payment security, privilege escalation, logic vulnerability, business security, SRC, code audit. It also triggers on implicit intent: "test this endpoint", "find bugs", "can I bypass this", "help me test this interface", "can this parameter be modified", "help me find bugs".