4. Security & Compliance
Found 3608 skills
fix-review
trailofbits
Verifies that git commits address security audit findings without introducing bugs, ensuring remediation aligns with security reports.
code-maturity-assessor
trailofbits
Assesses codebase maturity against Trail of Bits' security framework, delivering evidence-based ratings and actionable security recommendations.
testing-handbook-generator
trailofbits
Generates Claude Code skills for security testing tools and techniques using the Trail of Bits Testing Handbook.
codeql
trailofbits
Performs CodeQL static analysis for security vulnerability detection, taint tracking, and data flow analysis in code audits and CI/CD pipelines.
audit-context-building
trailofbits
Enables line-by-line code analysis to establish architectural context for security audits and vulnerability detection.
constant-time-analysis
trailofbits
Analyzes cryptographic code for timing side-channel vulnerabilities across multiple programming languages.
secret-code
UKGovernmentBEIS
Reads an asset file and executes a script to reveal a hidden secret code.
1password
steipete
Manages secure access to credentials and secrets using 1Password CLI, enabling installation, account setup, and safe secret retrieval/injection.
security-review
sickn33
Provides comprehensive security checklist and patterns for authentication, user input handling, secrets management, and sensitive feature implementation.
clay-enterprise-rbac
jeremylongshore
Configures enterprise SSO, RBAC, and organization management for Clay platform security controls.
coderabbit-data-handling
jeremylongshore
Enables PII handling, data retention policies, and GDPR/CCPA compliance for CodeRabbit data integrations.
checking-session-security
jeremylongshore
Analyzes codebase for session security vulnerabilities including insecure session IDs and session fixation attacks.
encryption-at-rest-checker
jeremylongshore
Verifies encryption at rest implementation for data storage, ensuring compliance with security standards and identifying unencrypted assets.
windsurf-enterprise-rbac
jeremylongshore
Configures enterprise SSO, RBAC, and organization management for Windsurf security implementation.
perplexity-webhooks-events
jeremylongshore
Validates Perplexity webhook signatures and securely handles event notifications to prevent spoofing and ensure integrity.
key-rotation-manager
jeremylongshore
Automates cryptographic key rotation processes to enhance security and compliance in key management systems.
scanning-for-vulnerabilities
jeremylongshore
Enables comprehensive vulnerability scanning for security issues, including CVE detection in code, dependencies, and configurations.
https-certificate-checker
jeremylongshore
Validates SSL/TLS certificate expiration and integrity for HTTPS websites to ensure secure communications.
attack-surface-analyzer
jeremylongshore
Analyzes and audits an organization's attack surface to identify security vulnerabilities and potential entry points.
performing-penetration-testing
jeremylongshore
Automates web application penetration testing, identifying OWASP Top 10 vulnerabilities and providing detailed security flaw reports.
granola-enterprise-rbac
jeremylongshore
Configures user roles, permissions, and access control policies for Granola enterprise systems using RBAC.
validating-pci-dss-compliance
jeremylongshore
Validates payment systems against PCI-DSS security standards to ensure compliance with payment card data security requirements.
fireflies-enterprise-rbac
jeremylongshore
Configures enterprise SSO, role-based access control, and organization management for Fireflies.ai.
performing-penetration-testing
jeremylongshore
Automates web application penetration testing, identifying OWASP Top 10 vulnerabilities and providing detailed security flaw reports.