Total 44,738 skills, Security & Compliance has 1683 skills
Showing 12 of 1683 skills
Generate secure passwords and secrets. Use when: user needs to create secure passwords, API keys, tokens, or cryptographic random strings.
Secure command execution sandbox with approval workflows, dangerous command detection, allowlisting, and audit logging. Runs commands in restricted environments with safety guardrails.
Git security scanner with secret detection, commit validation, and pre-commit hooks. Inspired by ZeroClaw's gitleaks integration.
CCPA and CPRA privacy compliance automation. Audits organizations for California privacy law compliance, maps personal information flows, validates consumer rights readiness, and checks technical safeguards. Use for CCPA compliance assessments, CPRA readiness checks, privacy policy review, consumer rights handling, data mapping, and California privacy audits.
.NET and ASP.NET Core security patterns. Covers Identity, authentication, dependency auditing, secure coding practices, and OWASP for .NET ecosystem. USE WHEN: user works with "C#", ".NET", "ASP.NET Core", "Entity Framework", asks about ".NET vulnerabilities", "NuGet security", ".NET authentication", "Blazor security" DO NOT USE FOR: general OWASP concepts - use `owasp` or `owasp-top-10` instead, Java/Python security - use language-specific skills
Analyzes and enforces security protocols on the skill ecosystem. Operates via Audit, Guard, and Trust modes to prevent malicious commands, PII leakage, and excessive permissions.
Use this skill when you need to protect your Xiaohongshu account from hacking, unauthorized access, suspension, or other security threats
Analyze terms of service and privacy policies to identify concerning clauses, hidden permissions, and user rights implications
MUST be used whenever reviewing a Dune app for security issues, or before shipping any feature that handles credentials, user input, or external data. Do NOT skip this when the user asks for a security review, security audit, or vulnerability check — run every step in order. Triggers: security, security review, security audit, vulnerability, XSS, injection, credentials, secrets, auth, authentication, authorization, token, sensitive data, input validation, CORS, CSP, dependency audit.
Parses API Gateway access logs (AWS API Gateway, Kong, Nginx) to detect BOLA/IDOR attacks, rate limit bypass, credential scanning, and injection attempts. Uses pandas for statistical analysis of request patterns and anomaly detection. Use when investigating API abuse or building API-specific threat detection rules.
Local pentest sandbox for a full black-box engagement. Triggers on "kage", "pentest", "security audit on", "audit the security of". Runs recon, deep testing, exploit verification, and judging inside a per-engagement Kali Docker container. Each host working directory gets its own isolated sandbox. Produces `./results/<target>/audit-report.md`.
Citadel ID integration. Manage data, records, and automate workflows. Use when the user wants to interact with Citadel ID data.