Skill4Agent
Skill4Agent
All SkillsSearchTools
|
Explore
Skill4Agent
Skill4Agent

AI Agent Skills Directory with categorization, English/Chinese translation, and script security checks.

Sitemap

  • Home
  • All Skills
  • Search
  • Tools

About

  • About Us
  • Disclaimer
  • Copyright

Help

  • FAQ
  • Privacy
  • Terms
Contact Us:osulivan147@qq.com

© 2026 Skill4Agent. All rights reserved.

All Skills

Total 50,506 skills, Security & Compliance has 1972 skills

Categories

Showing 12 of 1972 skills

Per page
Downloads
Sort
Security & Compliancetransilienceai/communityt...

server-side

Server-side vulnerability testing - SSRF, HTTP Request Smuggling, Path Traversal, File Upload, Insecure Deserialization, and Host Header injection.

🇺🇸|EnglishTranslated
8
1 scripts/Checked
Security & Compliancearadotso/security-skills

malware-awareness-bitdefender-crack-fraud

Recognizes and warns about fraudulent "cracked" security software repositories that distribute malware

🇺🇸|EnglishTranslated
8
Security & Complianceallthingsida/idasql-skill...

xrefs

Analyze IDA cross-references. Use when asked about callers, callees, imports, data refs, call graphs, or dependency chains.

🇺🇸|EnglishTranslated
8
Security & Compliancehexrayssa/ida-claude-code...

ida-plugin-development

Develop plugins for IDA Pro in Python, using idiomatic patterns, lessons, and tricks, including the Python Domain API (ida-domain). Use when creating both GUI (Qt) and background plugins for inspecting and rendering things program structure, functions, disassembly, cross-references, and strings.

🇺🇸|EnglishTranslated
8
1 scripts/Checked
Security & Complianceallthingsida/idasql-skill...

connect

Connect to IDA databases and bootstrap sessions. Use when starting analysis, routing to other skills, or setting up CLI/HTTP/MCP connections.

🇺🇸|EnglishTranslated
8
Security & Compliancedaemon-blockint-tech/agen...

technical-program-manager-security-cvd

Guides technical program management for security coordinated vulnerability disclosure (CVD)— disclosure policy, intake and triage SLAs, researcher coordination, fix/remediation tracking, embargo and publication timelines, CVE/advisory coordination, bug bounty program operations, and cross-functional gates (security engineering, legal, comms, product). Use when running a CVD or responsible disclosure program, disclosure calendar, bounty ops, or unblocking multi-team remediation for reported vulnerabilities—not for hands-on pentest (offensive-security-analyst), SOC triage (defensive-security-analyst), vuln scanning in CI (devsecops), enterprise security strategy (cybersecurity), generic non-security programs (technical-program-manager), or contract redlines (commercial-counsel).

🇺🇸|EnglishTranslated
8
Security & Compliancedaemon-blockint-tech/agen...

digital-forensics-analyst

Guides digital forensics for security incidents—evidence acquisition and chain of custody, disk/memory/mobile/cloud artifact analysis, log and network forensics, timeline correlation, malware artifact triage, and investigation reports for legal/IR and expert-witness preparation outlines (not legal advice). Use when preserving and analyzing forensic artifacts, building super-timelines, documenting acquisition worksheets, triaging malware samples, or preparing forensic findings for counsel—not live incident command (incident-responder), SOC alert queue triage (soc-analyst), authorized penetration testing (penetration-tester), deep binary RE (reverse-engineer), LLM red team (ai-redteam), enterprise ISMS programs (information-security-engineer), audit control mapping (compliance-engineer), or cloud guardrail implementation (cloud-security-engineer).

🇺🇸|EnglishTranslated
8
Security & Compliancedaemon-blockint-tech/agen...

security-risk-analyst

Guides information security risk analysis—risk identification and scoring, risk registers, threat/vulnerability/control mapping, treatment recommendations (accept/mitigate/transfer/avoid), third-party and supply-chain risk framing, business impact analysis, KRIs, and risk committee or board narratives. Aligns with ISO 27005 and NIST RMF concepts without full compliance audits. Use for security risk assessment, risk register maintenance, inherent/residual risk scoring, FAIR-style quantitative framing, treatment decisions, third-party risk tiers, or executive risk reporting—not SOC alert triage (soc-analyst), pentest execution (penetration-tester, web-pentester, network-pentester), control implementation (information-security-engineer, cloud-security-engineer), GRC program and audit prep (compliance-specialist), audit evidence automation (compliance-engineer, cloud-compliance-specialist), AI model risk programs (ai-risk-governance), or adversary simulation (red-team-specialist).

🇺🇸|EnglishTranslated
8
Security & Compliancedaemon-blockint-tech/agen...

iam-specialist

Guides identity and access management—workforce and machine identity lifecycle, RBAC/ABAC/PBAC entitlement design, access reviews and recertification, SSO/SAML/OIDC federation, privileged access (PAM/JIT), cloud IAM least privilege (AWS/GCP/Azure concepts), service accounts and secrets hygiene, and separation of duties. Use for IAM, identity governance, access review, RBAC, least privilege, SSO federation, PAM, privileged access, cloud IAM policy, service account, or SoD—not full cloud landing zone architecture (enterprise-cloud-architect), broad cloud security controls (cloud-security-engineer), day-2 break-glass ticket execution only (cloud-system-administrator), pentest (penetration-tester), or legal/HR policy drafting only.

🇺🇸|EnglishTranslated
8
Security & Compliancedaemon-blockint-tech/agen...

markup-detection

This skill should be used when the user asks for markup detection, detect manipulation, image tampering, deepfake detection, document integrity, hidden markup, metadata forensics, EXIF analysis, content authenticity, synthetic media, altered image, C2PA, or provenance verification across documents, images, and video. Guides workflow-level assessment of visual tampering indicators (splicing, cloning, inconsistent lighting or shadows, compression artifacts), metadata and provenance checks (EXIF, hashes, source chain), document revision and hidden markup (tracked changes, comments, invisible text), synthetic-media and deepfake red flags, watermarking and content-credentials concepts, and structured reporting with confidence levels and explicit limitations—not training detection models (ml-research-engineer-safeguards), cryptographic watermark design (cryptographer-specialist), full digital forensics lab attribution or legal conclusions, or blockchain-only tracing unless the user scopes on-chain context.

🇺🇸|EnglishTranslated
8
Security & Compliancemukul975/anthropic-cybers...

analyzing-threat-intelligence-feeds

Analyzes structured and unstructured threat intelligence feeds to extract actionable indicators, adversary tactics, and campaign context. Use when ingesting commercial or open-source CTI feeds, evaluating feed quality, normalizing data into STIX 2.1 format, or enriching existing IOCs with campaign attribution. Activates for requests involving ThreatConnect, Recorded Future, Mandiant Advantage, MISP, AlienVault OTX, or automated feed aggregation pipelines.

🇺🇸|EnglishTranslated
8
1 scripts/Checked
Security & Compliancebagelhole/devops-security...

incident-response

Handle security incidents with IR playbooks and procedures. Implement detection, containment, eradication, and recovery processes. Use when responding to security events or building incident response capabilities.

🇺🇸|EnglishTranslated
8
1 scripts/Attention
1...8889909192...165
Page