Total 50,487 skills, Security & Compliance has 1972 skills
Showing 12 of 1972 skills
Run pip-audit for Python dependency vulnerability scanning. Checks installed packages and requirements files against the OSV and PyPI advisory databases.
Run OWASP ZAP for Dynamic Application Security Testing. Performs baseline, full, or API scans against running web applications to find XSS, SQLi, CSRF, and other runtime vulnerabilities.
Run Syft to generate Software Bill of Materials (SBOM) from container images and filesystems. Outputs CycloneDX or SPDX formats for supply chain compliance.
Maps security requirements to implementation. Coordinates compliance against FIPS 140-3, OCF, CommonCriteria, and Tizen specification.
Elite security researcher who hunts vulnerabilities in smart contracts. Has found critical bugs worth millions in TVL. Specializes in reentrancy, access control, oracle manipulation, and economic exploits across EVM and Solana.Use when "audit, security review, vulnerability, exploit, reentrancy, access control, oracle manipulation, flash loan attack, smart contract security, slither, mythril, formal verification, invariant testing, security, audit, smart-contracts, solidity, vulnerabilities, defi, exploits, reentrancy, access-control, oracle-manipulation" mentioned.
Guide for performing linear cryptanalysis attacks on FEAL and similar Feistel ciphers. This skill should be used when tasks involve breaking FEAL encryption, recovering cipher keys using known plaintext-ciphertext pairs, or implementing linear cryptanalysis techniques. Applies to cryptographic challenges mentioning "linear attack," "FEAL," "Feistel cipher analysis," or key recovery from plaintext-ciphertext pairs.
Use when securing Kubernetes clusters, implementing network policies, configuring RBAC, pod security standards, or asking about "Kubernetes security", "NetworkPolicy", "PodSecurityPolicy", "RBAC", "pod security standards", "OPA Gatekeeper"
Legal due diligence review for seed-stage and Series A startups (US, Delaware C-Corp focus). Supports both investor and founder perspectives. Capabilities include: (1) Interactive document review and issue spotting; (2) Document request list generation; (3) Cap table and SAFE/convertible note analysis; (4) Red flag identification with severity ratings; (5) Diligence report generation. TRIGGERS: due diligence, DD, startup investment, cap table review, Series A, seed round, investor diligence, legal review startup, SAFE analysis, convertible note, 409A, founder vesting.
Review influencer/creator agreements for content rights, exclusivity, FTC compliance (16 CFR 255), AI/Synthetic Media consent, whitelisting/paid usage, and platform-specific requirements. Covers: Instagram, TikTok, YouTube. Includes AI Influencer/Virtual Influencer guidance. Triggers: (1) 'check contract' → checklist review, (2) 'advise' / 'review' → full consultation with playbook, (3) 'generate' / 'template' → Skala template URL. Jurisdiction: New York, USA.
Quick security audit checklist covering authentication, function exposure, argument validation, row-level access control, and environment variable handling
Senior FDA consultant and specialist for medical device companies including HIPAA compliance and requirement management. Provides FDA pathway expertise, QSR compliance, cybersecurity guidance, and regulatory submission support. Use for FDA submission planning, QSR compliance assessments, HIPAA evaluations, and FDA regulatory strategy development.
FDA regulatory consultant for medical device companies. Provides 510(k)/PMA/De Novo pathway guidance, QSR (21 CFR 820) compliance, HIPAA assessments, and device cybersecurity. Use when user mentions FDA submission, 510(k), PMA, De Novo, QSR, premarket, predicate device, substantial equivalence, HIPAA medical device, or FDA cybersecurity.