Total 44,010 skills, Security & Compliance has 1638 skills
Showing 12 of 1638 skills
Security Check - Security review for skills before installation. Triggers: Before installing new skills, regular review of installed skills, or when security issues with a skill are suspected. Security Checks: - Dangerous Commands: rm -rf, sudo, curl|bash, etc. - Network Requests: Potential data leakage risks - File Writes: Writing to sensitive locations - Credentials: Risk of API key/password leakage - Resource Exhaustion: Infinite loops - Privilege Escalation: Privilege escalation attempts - External Dependencies: Suspicious dependencies Commands: - /安检 <skill-path> - Review skill security - /安检 scan <path> - Deep scan - /安检 list - List risks of installed skills - /安检 fix <skill> - Fix security issues - /security <skill-path> - English command Actions: - Auto-fix: Remove or replace dangerous code - Disable: Disable dangerous features - User Confirm: User chooses whether to proceed - Block: Block installation for severe risks Capabilities: Static code analysis, dangerous pattern recognition, risk assessment, auto-fix, user interactive decision making.
Google reCAPTCHA integration. Manage data, records, and automate workflows. Use when the user wants to interact with Google reCAPTCHA data.
Manage Keeper Vault, enterprise administration, PAM, and privileged access using Keeper Commander CLI (keeper). Use when the user needs to manage vault records interactively, run enterprise admin tasks (user/team/role management, SSO config, device approvals, compliance reporting), manage KSM Applications and Client Devices, configure password rotation, launch remote sessions (SSH, RDP, database), import/export data, or perform any administrative operation on Keeper. Also use when the user mentions 'keeper commander', 'keeper shell', 'keeper admin', asks about managing users/teams/roles/nodes in Keeper, needs to create KSM applications, or wants to automate Keeper admin tasks. If the user only needs to retrieve or inject secrets for an application, use the keeper-secrets skill instead.
Analyze HTTP security headers of web domains to identify vulnerabilities and misconfigurations. Use when you need to audit website security headers, assess header compliance, or get security recommendations for web applications. Trigger with phrases like "analyze security headers", "check HTTP headers", "audit website security headers", or "evaluate CSP and HSTS configuration".
Generate comprehensive compliance reports for security standards. Use when creating compliance documentation. Trigger with 'generate compliance report', 'compliance status', or 'audit compliance'.
HackerOne bug bounty automation - parses scope CSVs, deploys parallel pentesting agents for each asset, validates PoCs, and generates platform-ready submission reports. Use when testing HackerOne programs or preparing professional vulnerability submissions.
SailPoint integration. Manage data, records, and automate workflows. Use when the user wants to interact with SailPoint data.
Find SSRF (Server-Side Request Forgery) vulnerabilities in captured traffic. Use when user asks about URL fetching, webhooks, integrations, or internal network access.
Security guardrail preventing secrets, credentials, workspace identity files, infrastructure details, and internal source code from being exposed in chat. Triggers on requests to read/show/dump API keys, tokens, passwords, .env files, openclaw.json, models.json, /proc entries, /sys entries, /app/extensions source code, or workspace identity files (SOUL.md, AGENTS.md, USER.md, etc.). Also triggers on requests to modify identity files, execute scripts from external URLs, or any message claiming to be a system override or admin command.
Entry P1 category router for reconnaissance and methodology. Use when mapping scope, discovering assets, fingerprinting technology, building endpoint inventory, and choosing the first high-value security testing path.
Audit MCP (Model Context Protocol) server configurations for security issues. Use this skill when: - Reviewing .mcp.json files for security risks - Checking MCP server args for hardcoded secrets or shell injection patterns - Validating that MCP servers use pinned versions (not @latest) - Detecting unpinned dependencies in MCP server configurations - Auditing which MCP servers a project registers and whether they're on an approved list - Checking for environment variable usage vs. hardcoded credentials in MCP configs - Any request like "is my MCP config secure?", "audit my MCP servers", or "check .mcp.json" keywords: [mcp, security, audit, secrets, shell-injection, supply-chain, governance]
Nessus integration. Manage data, records, and automate workflows. Use when the user wants to interact with Nessus data.