Total 44,010 skills, Security & Compliance has 1638 skills
Showing 12 of 1638 skills
Audit and harden authentication code for security best practices. Use when the user wants to check their auth implementation for vulnerabilities, harden session handling, fix credential storage, or apply OWASP-recommended security patterns.
Open Source Intelligence gathering and attack surface management for external reconnaissance.
Produce a report-only HIPAA, PHI, and PII audit for healthcare codebases and delivery systems. Inspects code, configs, data flows, integrations, logging, and deployment boundaries for privacy and security gaps without modifying code.
Safety guardrails that warn before destructive commands. Use to protect beginners from accidentally running dangerous operations like rm -rf, DROP TABLE, git push --force, or git reset --hard. Provides beginner-friendly explanations of WHY a command is dangerous and suggests safer alternatives. Activate when the user mentions safety, careful mode, guardrails, protection, or when working with beginners on tasks involving file deletion, database changes, or git operations.
Triage GitHub security advisories for OpenClaw with high-confidence close/keep decisions, exact tag and commit verification, trust-model checks, optional hardening notes, and a final reply ready to post and copy to clipboard.
Apply GDPR-compliant engineering practices across your codebase. Use this skill whenever you are designing APIs, writing data models, building authentication flows, implementing logging, handling user data, writing retention/deletion jobs, designing cloud infrastructure, or reviewing pull requests for privacy compliance. Trigger this skill for any task involving personal data, user accounts, cookies, analytics, emails, audit logs, encryption, pseudonymization, anonymization, data exports, breach response, CI/CD pipelines that process real data, or any question framed as "is this GDPR-compliant?". Inspired by CNIL developer guidance and GDPR Articles 5, 25, 32, 33, 35.
Use when designing, planning, implementing, or reviewing any non-trivial change — enforces defense in depth, input validation, secure defaults, and OWASP best practices to prevent vulnerabilities before they ship
Builds and queries multi-language source code graphs for security analysis. Includes pre-analysis passes for blast radius, taint propagation, privilege boundaries, and entry point enumeration. Use when analyzing call paths, mapping attack surface, finding complexity hotspots, enumerating entry points, tracing taint propagation, measuring blast radius, or building a code graph for audit prioritization. Supports 16 languages including Solidity, Cairo, Circom, Rust, Go, Python, C/C++, TypeScript.
Compares Trailmark code graphs at two source code snapshots (git commits, tags, or directories) to surface security-relevant structural changes. Detects new attack paths, complexity shifts, blast radius growth, taint propagation changes, and privilege boundary modifications that text diffs miss. Use when comparing code between commits or tags, analyzing structural evolution, detecting attack surface growth, reviewing what changed between audit snapshots, or finding security-relevant changes that text diffs miss.
Use when managing Alibaba Cloud Key Management Service (KMS) via OpenAPI/SDK, including the user needs key lifecycle/resource operations, policy/configuration changes, status inspection, or troubleshooting KMS API workflows.
PHP Web source code CRLF/response splitting audit tool. Identifies user input that enters HTTP response headers, analyzes filtering and encoding of newlines/control characters, and outputs severity ratings, PoCs and fix suggestions (omission is prohibited).
Chef InSpec integration. Manage data, records, and automate workflows. Use when the user wants to interact with Chef InSpec data.