Total 43,892 skills, Security & Compliance has 1637 skills
Showing 12 of 1637 skills
Use this skill to remediate security findings by producing minimal, surgical code patches. Triggers on 'patch security findings', 'fix vulnerabilities', 'remediate findings', 'threat patch', or when the user provides a findings.json (from threat-model), a Codex security findings CSV, a THREAT-MODEL.md, or individual vulnerability descriptions and wants them fixed. Also trigger when reviewing code flagged by a security scanner and the user wants actionable fixes rather than just reports.
Use this skill whenever performing security threat modeling, attack surface mapping, or trust boundary analysis on a codebase. Triggers on 'threat model', 'security review', 'attack surface', 'trust boundaries', or when assessing a project's security posture. Also trigger when the user is about to build security-sensitive features (auth, crypto, file I/O, network services, native bridges) and needs to understand the threat landscape first — even if they don't explicitly say "threat model." Also triggers on 'what changed' or 'diff analysis' for incremental security review of recent commits.
Source code security audit using backward taint analysis, slot type classification, render context verification, and 3-phase parallel review producing an exploitation queue.
Step-by-step wallet investigation workflow using Range AI MCP tools (risk score, sanctions, connections, transfers, funded-by, entities, cross-chain pivots) plus a one-shot prompt template. Use when the user runs investigations inside an MCP-connected client with Range enabled, or needs a structured checklist alongside crypto-investigation-compliance—not as legal advice or a substitute for Range’s live docs and API scopes.
Investigates hypotheses that MEV activity (bundles, searchers, same-block ordering) temporally overlaps or co-occurs with launch-phase rug signals—using public txs, bundle IDs, and clustering with explicit confidence. Use when the user asks about MEV plus rug coordination, launch sniper bundles, Jito or Flashbots overlap with dev exits, or joint profit-flow case studies—not for alleging collusion without evidence, harassing addresses, or live interference.
Operates as an on-chain forensics investigator using only public chain data and OSINT—tracing flows across chains, clustering addresses, reviewing contracts for risk patterns, detecting scam vectors, and producing evidence-backed reports. Use when the user asks for blockchain investigation, forensic tracing, scam or rug analysis from public data, transaction trail documentation, or structured intelligence reports without private keys or insider access.
Investigates completed flash-loan and atomic DeFi incidents across EVM and Solana from public txs—borrow-execute-repay fingerprints, oracle/pool/governance vectors, full trace reconstruction, impact quantification, and mitigations. Use when the user asks for flash loan exploit analysis, atomic attack post-mortems, large-borrow suspicious tx triage, or evidence-structured case studies from explorer data and read-only simulation—not for designing new attacks on live protocols.
Mitigation patterns for privileged-access and governance-adjacent DeFi failures, anchored on the public Drift Protocol incident analysis in Chainalysis’s blog—social engineering, Solana durable nonces, oracle and collateral abuse, multisig governance, and operational monitoring. Use when hardening signer processes, reviewing admin surfaces, or teaching post-incident lessons—not for designing exploits or attributing actors without evidence.
Points to Michał Zalewski’s (lcamtuf) canonical American Fuzzy Lop (AFL) documentation at lcamtuf.coredump.cx/afl—coverage-guided fuzzing concepts, afl-fuzz usage, and historical technical notes for C/C++ targets. Use when the user cites AFL classic, lcamtuf’s AFL page, or needs the original upstream reference—not as a substitute for current AFL++ docs or authorized fuzzing policy.
Routes to Chainalysis public Sanctions Screening surfaces—the free Sanctions REST API (address checks against OFAC SDN crypto listings) and the EVM on-chain oracle—plus how they differ from paid Chainalysis customer data. Use when the user references Chainalysis sanctions tooling, public.chainalysis.com, or repo notes in Chainalysis.md—not for legal conclusions, full vendor ToU reproduction, or substituting official government sanctions lists.
Security auditor for Claude Code skills and agent definitions. Scans a skill or agent directory for prompt injection, data exfiltration, privilege escalation, memory poisoning, obfuscation, malicious persistence, and 12 other threat categories (18 total). Returns a graded verdict (OK / WARNING / CRITICAL) with detailed findings. Use this skill whenever you need to audit, review, or validate the safety of a skill, an agent definition, a system prompt, or any set of instruction files before installing or trusting them. Also use it when the user mentions security scanning, threat detection, prompt injection checking, or wants to verify that a skill is safe. Triggers on: /maton, "audit this skill", "is this skill safe", "check for injection", "scan for threats", "review this agent", "security check".
DORA (EU 2022/2554) digital operational resilience compliance automation for financial entities. Assesses readiness against all 5 DORA pillars, classifies ICT incidents, validates third-party risk management, and generates resilience testing plans. Use for DORA compliance assessments, ICT risk management, incident classification, third-party ICT oversight, and digital operational resilience testing.