Total 43,945 skills, Security & Compliance has 1637 skills
Showing 12 of 1637 skills
Audits project dependencies for license compliance, maintenance health, security vulnerabilities, and bloat. Analyzes both direct and transitive dependency trees, detects abandoned packages, identifies license conflicts (copyleft, unknown), checks for known CVEs, and finds unused or duplicate dependencies. Triggers on: "audit dependencies", "dependency check", "license check", "dependency health", "abandoned packages", "bloat check", "unused dependencies", "security audit dependencies", "dependency review", "license compliance", "package audit", "supply chain", "dependency risk". Use this skill when reviewing project dependencies for risk.
Background legal and regulatory context for the shinkoku tax filing plugin. Contains the standard disclaimer about the scope of tax information provided, the relationship to the Tax Accountant Act (税理士法), and tool limitations. This skill is not user-invocable — Claude loads it automatically when generating tax-related responses that require a disclaimer.
Background context for the Electronic Bookkeeping Act (電子帳簿保存法) in the shinkoku tax filing plugin. Contains requirements for electronic bookkeeping, scanner storage, mandatory electronic transaction data storage, and shinkoku's compliance status. This skill is not user-invocable — Claude loads it automatically when responding to electronic bookkeeping compliance questions.
Test skill for security scanning
When the user faces brand impersonation, fake websites, phishing sites, or trademark infringement. Also use when the user mentions "fake site," "impersonation," "phishing site," "trademark infringement," "domain squatting," or "brand abuse."
Automation skill for designing, verifying, and improving auth, cost, logging, and security compliance based on the internal AI tool mandatory implementation guide (P0/P1). Supports the full lifecycle of RBAC design, Gateway principles, Firestore policy, behavior logs, cost transparency, and the criteria verification system.
Smart contract and secure API contract security analysis — invariant checking, access control, reentrancy, and integer overflow patterns. Implements Checks-Effects-Interactions pattern, formal invariant verification, and OpenSCV vulnerability taxonomy for Solidity/EVM and Rust/Solana contracts.
Process use when you need to track database changes for compliance and security monitoring. This skill implements audit logging using triggers, application-level logging, CDC, or native logs. Trigger with phrases like "implement database audit logging", "add audit trails", "track database changes", or "monitor database activity for compliance".
Cryptography expert for TLS, symmetric/asymmetric encryption, hashing, and key management
Use when testing a web application for security vulnerabilities, before deployment or during security review — guides through a structured 10-phase penetration testing methodology covering mapping, authentication, session management, access controls, injection, logic flaws, and server configuration.
Advise startup founders on choosing the best jurisdiction and legal entity for their business. Triggers when users ask about where to incorporate, which state/country to register a company, choosing between Delaware vs other states, offshore vs US incorporation, entity types (C-Corp, LLC, PBC), or jurisdiction selection for specific industries (crypto, AI, SaaS, GameDev, solopreneurs). Also triggers for questions about startup formation, company registration, or corporate structure decisions.
Java and Spring Boot security patterns. Covers Spring Security, dependency auditing, secure coding practices, and OWASP for Java ecosystem. USE WHEN: user works with "Java", "Spring Boot", "Spring Security", asks about "Java vulnerabilities", "Maven security", "Gradle security", "Java injection", "Java authentication" DO NOT USE FOR: general OWASP concepts - use `owasp` or `owasp-top-10` instead, Node.js/Python security - use language-specific skills