All domains › Security, Testing & Compliance
Security, Testing & Compliance
40 skills across 4 categories.
Application security (7)
- django-securityDjango security best practices, authentication, authorization, CSRF protection, SQL injection prevention, XSS prevention, and securisk: highFree
- laravel-securityLaravel security best practices for authn/authz, validation, CSRF, mass assignment, file uploads, secrets, rate limiting, and securisk: highFree
- llm-trading-agent-securitySecurity patterns for autonomous trading agents with wallet or transaction authority. Covers prompt injection, spend limits, pre-srisk: mediumFree
- perl-securityComprehensive Perl security covering taint mode, input validation, safe process execution, DBI parameterized queries, web securityrisk: highFree
- security-auditorExpert security auditor specializing in DevSecOps, comprehensive cybersecurity, and compliance frameworks.risk: highFree
- security-reviewUse this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing paymrisk: highFree
- top-web-vulnerabilitiesThis skill should be used when the user asks to "identify web application vulnerabilities", "explain common security flaws", "underisk: highFree
Compliance (14)
- advogado-criminalSenior Brazilian criminal-defense lawyer specialized in Maria da Penha (domestic-violence law), domestic violence, femicide, Brazirisk: lowFree
- advogado-especialistaElite Brazilian generalist lawyer covering all areas of Brazilian law: family, criminal, labor, tax, consumer, real-estate, businerisk: lowFree
- contract-reviewYou are a contract review assistant for an in-house legal team. You analyze contracts against the organization's negotiation playbrisk: lowFree
- data-privacy-complianceData privacy and regulatory compliance specialist for GDPR, CCPA, HIPAA, and international data protection laws. Use when implemenrisk: mediumFree
- fda-consultant-specialistSenior FDA consultant and specialist for medical device companies including HIPAA compliance and requirement management. Provides risk: mediumFree
- fda-medtech-compliance-auditorExpert AI auditor for Medical Device (SaMD) compliance, IEC 62304, and 21 CFR Part 820. Reviews DHFs, technical files, and softwarrisk: mediumFree
- healthcare-phi-complianceProtected Health Information (PHI) and Personally Identifiable Information (PII) compliance patterns for healthcare applications. risk: mediumFree
- hipaa-complianceHIPAA-specific entrypoint for healthcare privacy and security work. Use when a task is explicitly framed around HIPAA, PHI handlinrisk: mediumFree
- iso-13485-certificationComprehensive toolkit for preparing ISO 13485 certification documentation for medical device Quality Management Systems. Use when risk: mediumFree
- legal-advisorDraft privacy policies, terms of service, disclaimers, and legal notices. Creates GDPR-compliant texts, cookie policies, and data risk: lowFree
- leiloeiro-juridicoAnalise juridica de leiloes: nulidades, bem de familia, alienacao fiduciaria, CPC arts 829-903, Lei 9514/97, onus reais, embargos risk: lowFree
- pci-complianceImplement PCI DSS compliance requirements for secure handling of payment card data and payment systems. Use when securing payment risk: highFree
- pci-complianceMaster PCI DSS (Payment Card Industry Data Security Standard) compliance for secure payment processing and handling of cardholder risk: highFree
- quality-nonconformanceCodified expertise for quality control, non-conformance investigation, root cause analysis, corrective action, and supplier qualitrisk: lowFree
Offensive / pentest (7)
- active-directory-attacksProvide comprehensive techniques for attacking Microsoft Active Directory environments. Covers reconnaissance, credential harvestirisk: highFree
- analyzing-slack-space-and-file-system-artifactsExamine file system slack space, MFT entries, USN journal, and alternate data streams to recover hidden data and reconstruct file risk: highFree
- Attack Tree ConstructionBuild comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communrisk: highFree
- binary-analysis-patternsComprehensive patterns and techniques for analyzing compiled binaries, understanding assembly code, and reconstructing program logrisk: lowFree
- html-injection-testingThis skill should be used when the user asks to "test for HTML injection", "inject HTML into web pages", "perform HTML injection arisk: highFree
- libaflLibAFL is a modular fuzzing library for building custom fuzzers. Use for advanced fuzzing needs, custom mutators, or non-standard risk: lowFree
- sherlockOSINT username search across 400+ social networks. Hunt down social media accounts by username.risk: lowFree
Testing (12)
- component-fixturesUse when creating or updating component fixtures for screenshot testing, or when designing UI components to be fixture-friendly. Crisk: lowFree
- conductor-validatorValidates Conductor project artifacts for completeness, consistency, and correctness. Use after setup, when diagnosing issues, or risk: lowFree
- create-test-datasetsCreate test datasets (hits, visits, tpcds, tpch) from standard scripts. Ensures the server is running first.risk: lowFree
- django-verificationVerification loop for Django projects: migrations, linting, tests with coverage, security scans, and deployment readiness checks brisk: mediumFree
- integration-testsUse when running integration tests in the VS Code repo. Covers scripts/test-integration.sh (macOS/Linux) and scripts/test-integratrisk: lowFree
- remote-testsHow to run tests using remote executor.risk: lowFree
- skip-test-with-issueSkip a flaky or broken test with proper issue tracking. Use when asked to skip a test, disable a test, or mark a test as flaky.risk: lowFree
- smoke-testEnd-to-end smoke test skill for DeerFlow. Guides through: 1) Pulling latest code, 2) Docker OR Local installation and deployment (risk: mediumFree
- testUse when you need to run tests for React core. Supports source, www, stable, and experimental channels.risk: lowFree
- unit-testsUse when running unit tests in the VS Code repo. Covers the runTests tool, scripts/test.sh (macOS/Linux) and scripts/test.bat (Winrisk: lowFree
- verifyUse when you want to validate changes before committing, or when you need to check all React contribution requirements.risk: lowFree
- write-frontend-testsAnalyze the current branch diff against dev, plan integration tests for changed frontend pages/components, and write them. TRIGGERrisk: lowFree