Total 50,483 skills, Security & Compliance has 1971 skills
Showing 12 of 1971 skills
Financial regulatory knowledge base — A-shares (10% / 5% ST price limits, T+1 settlement, short-selling rules, new delisting rules), HK (T+0 short-selling, no price limits, odd-lot / grey market, profit test, insider dealing ordinance), US (PDT rule $25k threshold, Reg T margin, circuit breakers, SEC rules), crypto regulation, cross-border tax basics. Triggers: "监管规则", "涨跌停", "T+1", "融券", "退市", "做空规则", "PDT规则", "熔断", "保证金", "印花税", "監管規則", "漲跌停", "融券", "退市", "做空規則", "PDT規則", "熔斷", "保證金", "印花稅", "regulatory rules", "circuit breaker", "short selling rules", "PDT rule", "margin requirements", "stamp duty", "delisting rules", "trading rules", "settlement rules".
Security review and penetration testing: evaluate your application against OWASP Top 10, authentication security, HTTP headers, CORS, CSP, supply chain risks, and common attack vectors with browser-based validation.
Guides structured security log analysis across authentication, network, endpoint, and cloud audit log sources. Auto-invoked when the user shares log data, asks about suspicious events, needs help interpreting Windows Event IDs or Linux auth logs, or is establishing baselines for anomaly detection. Produces log source taxonomy, anomaly identification, baseline recommendations, and correlation findings mapped to MITRE ATT&CK v16 techniques.
Comprehensive security review framework for AI agents to audit skills, repositories, URLs, on-chain addresses, and services in adversarial environments
Guides compliance with Brazil's Lei Geral de Proteção de Dados (LGPD, Lei 13.709/2018). Covers the 10 lawful bases under Art. 7, DPO appointment, ANPD enforcement, data subject rights under Arts. 17-22, and international transfer mechanisms. Keywords: LGPD, Brazil data protection, ANPD, lawful bases, data subject rights, international transfers.
Interact with the Infisical REST API to manage secrets, projects, environments, machine identities, and more. Supports secret CRUD operations, machine identity authentication, pagination, and rate limiting on cloud deployments.
Guide identification, measurement, and management of operational risk in trading and brokerage operations. Use when designing trade error detection and correction procedures, investigating trade breaks and reconciliation failures, classifying loss events under Basel taxonomy, developing key risk indicators (KRIs) and dashboards, responding to system outages or data feed failures or order routing errors, conducting root cause analysis after a trade error or settlement fail, planning business continuity and disaster recovery for trading desks, preparing for FINRA or SEC operational risk examinations, or assessing technology risk in OMS and market data systems. Also covers fat-finger errors, error account P&L, and corrective action tracking.
Re-source IDA binaries. Use when asked for recursive annotation, structure recovery, type reconstruction, or bottom-up program understanding.
Triage and audit IDA binaries. Use when asked to analyze a binary, find suspicious behavior, detect crypto/network activity, review decompiled code against source, or run multi-table queries.
Guides OT/ICS and SCADA cyber security—Purdue zones, IEC 62443 and NIST SP 800-82 (practitioner), OT asset inventory (PLCs, RTUs, HMIs, historians), secure remote access, OT patch/vuln management, ICS protocol monitoring (Modbus, DNP3, OPC, BACnet high level), safety-first IR, OT threat classes (TRITON, Industroyer), hardening roadmaps, IT/OT convergence. Use for OT program scope, ICS segmentation, OT vuln/patch, detection/IR playbooks, vendor remote access, IEC 62443 or NIST 800-82 gaps—not IT network pentest (network-pentester), web apps (web-pentester), HIL bench only (hardware-in-the-loop-security-tester), GRC only (compliance-specialist), SOC triage (soc-analyst), or IT IR without OT safety (incident-responder). Safety over aggressive testing; no unsafe live-plant steps.
Guides cloud compliance—mapping SOC 2, ISO 27001, HIPAA, PCI DSS, FedRAMP, and data-residency requirements to cloud controls; collecting audit evidence from AWS, GCP, and Azure APIs; shared-responsibility narratives; CSPM/Config continuous monitoring; customer assurance questionnaires (CAIQ/SIG); and cloud-specific gap remediation before attestations. Use when scoping regulated workloads in cloud, preparing cloud control evidence for auditors, interpreting provider compliance artifacts (BAA, PCI AOC, FedRAMP packages), or proving residency and logging in multi-account estates—not for org-wide GRC programs and audit coordination without cloud evidence (compliance-specialist), non-cloud systems evidence automation (compliance-engineer), implementing security guardrails (cloud-security-engineer), legal DPAs or contract redlines (commercial-counsel), security strategy (cybersecurity), or CI pipeline gates only (devsecops).
This skill should be used when the user asks to draft or structure STR reports, suspicious transaction reports, SAR, suspicious activity reports, draft STR, STR narrative, file suspicious activity, AML STR, goAML, FinCEN SAR, suspicion narrative, or MLRO report. Guides jurisdiction-agnostic STR/SAR drafting—narrative structure (who, what, when, where, why suspicious), red flags and typologies, transaction aggregation and chronology, subject identification fields, supporting documentation checklists, quality review before filing, and escalation to MLRO/compliance—not TM rule building (aml-compliance), full LE case management, legal filing duty determination (commercial-counsel), or deep blockchain tracing (blockint skills). Complements aml-compliance, aml-cft, auditor, compliance-engineer, and commercial-counsel.