Total 50,503 skills, Security & Compliance has 1972 skills
Showing 12 of 1972 skills
Use when reviewing code for security vulnerabilities, implementing authorization, or ensuring data protection.
Detect antibot vendors on one or more URLs without opening a browser session. Use when the user asks what antibot, bot protection, WAF, captcha, or challenge provider a site uses, or asks to check sites for Cloudflare, Akamai, DataDome, PerimeterX, Imperva/Incapsula, Kasada, reCAPTCHA, hCaptcha, Anubis, or Shape Security markers.
Map environmental/industrial chemicals to mechanistic adverse outcome pathways (AOPs) using AOPWiki, quantify toxicological hazard (PubChemTox GHS/carcinogen classification, LD50 values), and link chemical stressors to gene targets and disease endpoints via CTD for regulatory risk assessment. Use when asked about AOP stressor mapping, GHS hazard categories, LD50 data, IARC carcinogen classification, or mechanism-based risk assessment for non-drug chemicals.
Performs GraphQL introspection attacks to extract the full API schema including types, queries, mutations, subscriptions, and field definitions from GraphQL endpoints. The tester uses introspection queries to map the attack surface, identifies sensitive fields and mutations, tests for query depth and complexity limits, and exploits GraphQL-specific vulnerabilities including batching attacks, alias-based brute force, and nested query DoS. Activates for requests involving GraphQL security testing, introspection attack, GraphQL enumeration, or GraphQL API penetration testing.
Identifying and exploiting Cross-Origin Resource Sharing misconfigurations that allow unauthorized cross-domain data access and credential theft during security assessments.
Detect and exploit blind Server-Side Request Forgery vulnerabilities using out-of-band techniques, DNS interactions, and timing analysis to access internal services and cloud metadata endpoints.
基于睿观的产品图片政策合规检测,通过视觉相似度匹配识别潜在违规商品。当用户提到政策合规检查、产品图片合规、违规检测、禁售商品筛查、基于图片的合规审查、上架前风险排查、policy compliance detection, product compliance review, violation detection, image compliance check, product image risk screening, Ruiguan时触发此技能。即使用户未明确说"合规",只要其需求涉及将产品图片与违规数据库进行比对,也应触发此技能。
基于睿观的外观专利侵权检测,支持25+国家/地区的图片专利检索。当用户提到外观专利检测、专利侵权检查、专利风险分析、TRO案件查询、外观设计专利搜索、设计专利相似度、产品专利排查、design patent detection, patent infringement, design patent, TRO cases, patent risk, patent search, Ruiguan时触发此技能。即使用户未明确提及"外观专利",只要其需求涉及检查产品图片是否可能侵犯已有的外观设计专利,或提到侵权、专利、TRO、外观专利等关键词,也应触发此技能。
Security best practices for Azure DocumentDB — TLS enforcement, Private Endpoint / firewall configuration, Microsoft Entra ID + RBAC for authentication, and customer-managed keys (CMK) for encryption at rest. Use when reviewing production security posture, configuring networking, setting up authentication / authorization, or preparing for compliance audits.
/cs:ciso-review <plan> — Risk-paranoid interrogation of any plan that touches data, compliance, or production access.
Use when handling any auth, API keys, tokens, OAuth, bearer tokens, basic auth, or secret values in n8n workflows. Triggers on "API key", "token", "bearer", "OAuth", "secret", "auth", "credentials", "Authorization header", "x-api-key", or any node configuration that mentions a third-party service.
Claude Code subagents for offensive security research, penetration testing planning, recon analysis, exploit research, detection engineering, and security reporting