Skip to content

Security & Compliance Skills

838 curated security and compliance skills for AI coding agents. Access control, vulnerability scanning, compliance audit - all license-verified.

Suspicious Email Analyzer

Analyze emails for phishing, scam indicators, and security threats

#work-life#office#productivitySecurity & Compliance

Termination Review

Termination review — high-risk flag detection, severance + release, and final pay timing by jurisdiction. Jurisdiction-specific rules and release consideration periods are researched per review, not stored. Use when the user says "reviewing a termination", "can we fire this person", "term review", or describes a termination scenario.

#legal#contracts#ndaSecurity & Compliance

Testing Android Intents For Vulnerabilities

Tests Android inter-process communication (IPC) through intents for vulnerabilities including intent injection, unauthorized component access, broadcast sniffing, pending intent hijacking, and content provider data leakage. Use when assessing Android app attack surface through exported components, testing intent-based data flows, or evaluating IPC security. Activates for requests involving Android intent security, IPC testing, exported component analysis, or Drozer assessment.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing API Authentication Weaknesses

Tests API authentication mechanisms for weaknesses including broken token validation, missing authentication on endpoints, weak password policies, credential stuffing susceptibility, token leakage in URLs or logs, and session management flaws. The tester evaluates JWT implementation, API key handling, OAuth flows, and session token entropy to identify authentication bypasses. Maps to OWASP API2:2023 Broken Authentication. Activates for requests involving API authentication testing, token validation assessment, credential security testing, or API auth bypass.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing API For Broken Object Level Authorization

Tests REST and GraphQL APIs for Broken Object Level Authorization (BOLA/IDOR) vulnerabilities where an authenticated user can access or modify resources belonging to other users by manipulating object identifiers in API requests. The tester intercepts API calls, identifies object ID parameters (numeric IDs, UUIDs, slugs), and systematically replaces them with IDs belonging to other users to determine if the server enforces per-object authorization. This is OWASP API Security Top 10 2023 risk API1. Activates for requests involving BOLA testing, IDOR in APIs, object-level authorization testing, or API access control bypass.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing API For Mass Assignment Vulnerability

Tests APIs for mass assignment (auto-binding) vulnerabilities where clients can modify object properties they should not have access to by including additional parameters in API requests. The tester identifies writable endpoints, adds undocumented fields to request bodies (role, isAdmin, price, balance), and checks if the server binds these to the data model without filtering. Part of OWASP API3:2023 Broken Object Property Level Authorization. Activates for requests involving mass assignment testing, parameter binding abuse, auto-binding vulnerability, or API over-posting.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing API Security With Owasp Top 10

Systematically assessing REST and GraphQL API endpoints against the OWASP API Security Top 10 risks using automated and manual testing techniques.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing Cors Misconfiguration

Identifying and exploiting Cross-Origin Resource Sharing misconfigurations that allow unauthorized cross-domain data access and credential theft during security assessments.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing For Broken Access Control

Systematically testing web applications for broken access control vulnerabilities including privilege escalation, missing function-level checks, and insecure direct object references.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing For Business Logic Vulnerabilities

Identifying flaws in application business logic that allow price manipulation, workflow bypass, and privilege escalation beyond what technical vulnerability scanners can detect.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing For Email Header Injection

Test web application email functionality for SMTP header injection vulnerabilities that allow attackers to inject additional email headers, modify recipients, and abuse contact forms for spam relay.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing For Host Header Injection

Test web applications for HTTP Host header injection vulnerabilities to identify password reset poisoning, web cache poisoning, SSRF, and virtual host routing manipulation risks.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing For JSON Web Token Vulnerabilities

Test JWT implementations for critical vulnerabilities including algorithm confusion, none algorithm bypass, kid parameter injection, and weak secret exploitation to achieve authentication bypass and privilege escalation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing For Open Redirect Vulnerabilities

Identify and test open redirect vulnerabilities in web applications by analyzing URL redirection parameters, bypass techniques, and exploitation chains for phishing and token theft.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing For Sensitive Data Exposure

Identifying sensitive data exposure vulnerabilities including API key leakage, PII in responses, insecure storage, and unprotected data transmission during security assessments.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing For XML Injection Vulnerabilities

Test web applications for XML injection vulnerabilities including XXE, XPath injection, and XML entity attacks to identify data exposure and server-side request forgery risks.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing For Xss Vulnerabilities

Tests web applications for Cross-Site Scripting (XSS) vulnerabilities by injecting JavaScript payloads into reflected, stored, and DOM-based contexts to demonstrate client-side code execution, session hijacking, and user impersonation. The tester identifies all injection points and output contexts, crafts context-appropriate payloads, and bypasses sanitization and CSP protections. Activates for requests involving XSS testing, cross-site scripting assessment, client-side injection testing, or JavaScript injection vulnerability testing.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing For Xss Vulnerabilities With Burpsuite

Identifying and validating cross-site scripting vulnerabilities using Burp Suite's scanner, intruder, and repeater tools during authorized security assessments.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing For Xxe Injection Vulnerabilities

Discovering and exploiting XML External Entity injection vulnerabilities to read server files, perform SSRF, and exfiltrate data during authorized penetration tests.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing JWT Token Security

Assessing JSON Web Token implementations for cryptographic weaknesses, algorithm confusion attacks, and authorization bypass vulnerabilities during security engagements.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing Mobile API Authentication

Tests authentication and authorization mechanisms in mobile application APIs to identify broken authentication, insecure token management, session fixation, privilege escalation, and IDOR vulnerabilities. Use when performing API security assessments against mobile app backends, testing JWT implementations, evaluating OAuth flows, or assessing session management. Activates for requests involving mobile API auth testing, token security assessment, OAuth mobile flow testing, or API authorization bypass.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing Oauth2 Implementation Flaws

Tests OAuth 2.0 and OpenID Connect implementations for security flaws including authorization code interception, redirect URI manipulation, CSRF in OAuth flows, token leakage, scope escalation, and PKCE bypass. The tester evaluates the authorization server, client application, and token handling for common misconfigurations that enable account takeover or unauthorized access. Activates for requests involving OAuth security testing, OIDC vulnerability assessment, OAuth2 redirect bypass, or authorization code flow testing.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing Ransomware Recovery Procedures

Test and validate ransomware recovery procedures including backup restore operations, RTO/RPO target verification, recovery sequencing, and clean restore validation to ensure organizational resilience against destructive ransomware attacks.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing Websocket API Security

Tests WebSocket API implementations for security vulnerabilities including missing authentication on WebSocket upgrade, Cross-Site WebSocket Hijacking (CSWSH), injection attacks through WebSocket messages, insufficient input validation, denial-of-service via message flooding, and information leakage through WebSocket frames. The tester intercepts WebSocket handshakes and messages using Burp Suite, crafts malicious payloads, and tests for authorization bypass on WebSocket channels. Activates for requests involving WebSocket security testing, WS penetration testing, CSWSH attack, or real-time API security assessment.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Threat Mitigation Mapping

Map identified threats to appropriate security controls and mitigations. Use when prioritizing security investments, creating remediation plans, or validating control effectiveness.

#broad-capability#engineering#agent-skillsSecurity & Compliance

Threat Model Analyst

Full STRIDE-A threat model analysis and incremental update skill for repositories and systems. Supports two modes: (1) Single analysis — full STRIDE-A threat model of a repository, producing architecture overviews, DFD diagrams, STRIDE-A analysis, prioritized findings, and executive assessments. (2) Incremental analysis — takes a previous threat model report as baseline, compares the codebase at the latest (or a given commit), and produces an updated report with change tracking (new, resolved, still-present threats), STRIDE heatmap, findings diff, and an embedded HTML comparison. Only activate when the user explicitly requests a threat model analysis, incremental update, or invokes /threat-model-analyst directly.

#github-copilot#application#securitySecurity & Compliance

Tracking Threat Actor Infrastructure

Threat actor infrastructure tracking involves monitoring and mapping adversary-controlled assets including command-and-control (C2) servers, phishing domains, exploit kit hosts, bulletproof hosting, a

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Triaging Security Alerts In Splunk

Triages security alerts in Splunk Enterprise Security by classifying severity, investigating notable events, correlating related telemetry, and making escalation or closure decisions using SPL queries and the Incident Review dashboard. Use when SOC analysts face queued alerts from correlation searches, need to prioritize investigation order, or must document triage decisions for handoff to Tier 2/3 analysts.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Triaging Security Incident

Performs initial triage of security incidents to determine severity, scope, and required response actions using the NIST SP 800-61r3 and SANS PICERL frameworks. Classifies incidents by type, assigns priority based on business impact, and routes to appropriate response teams. Activates for requests involving incident triage, security alert classification, severity assessment, incident prioritization, or initial incident analysis.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Triaging Security Incident With Ir Playbook

Classify and prioritize security incidents using structured IR playbooks to determine severity, assign response teams, and initiate appropriate response procedures.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Triaging Vulnerabilities With Ssvc Framework

Triage and prioritize vulnerabilities using CISA's Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree framework to produce actionable remediation priorities.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Validating Backup Integrity For Recovery

Validate backup integrity through cryptographic hash verification, automated restore testing, corruption detection, and recoverability checks to ensure backups are reliable for disaster recovery and ransomware response scenarios.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Venice Auth

Authenticate to the Venice API with a Bearer API key or with an x402 / SIWE wallet. Covers header formats, the SIWE message fields, TTL and nonce rules, the venice-x402-client SDK, and how to choose between the two modes.

#broad-capability#image-generation#video-generationSecurity & Compliance

VibeSec-Skill

This skill helps Claude write secure web applications. Use this when working on any web application or when a user requests a scan or audit to ensure security best practices are followed.

#behisecc-vibesec#security#applicationSecurity & Compliance

Wcag Aaa

WCAG AAA conformance specialist. Audits web content against WCAG 2.2 Level AAA success criteria that go beyond the standard AA target. Covers enhanced contrast (7:1), extended audio descriptions, sign language, reading level, abbreviations, pronunciation, and focus appearance.

#broad-capability#accessibility#a11ySecurity & Compliance

Web Accessibility Wizard

Interactive web accessibility review wizard. Runs a guided, step-by-step WCAG audit of your web application. Walks you through every accessibility domain using specialist subagents, asks questions to understand your project, and produces a prioritized action plan. Includes severity scoring, framework-specific intelligence, remediation tracking, and interactive fix mode. For document accessibility (Word, Excel, PowerPoint, PDF), use the document-accessibility-wizard instead.

#broad-capability#accessibility#a11ySecurity & Compliance

Web Component Specialist

Audits web components (custom elements, Shadow DOM) for accessibility. Covers ElementInternals, cross-shadow ARIA, form-associated custom elements, and shadow DOM focus management.

#broad-capability#accessibility#a11ySecurity & Compliance

Web CSV Reporter

Internal helper agent. Invoked by orchestrator agents via Task tool. Internal helper for exporting web accessibility audit findings to CSV format. Generates structured CSV reports with severity scoring, WCAG criteria mapping, Accessibility Insights help links, and actionable remediation guidance for each finding.

#broad-capability#accessibility#a11ySecurity & Compliance