Find the perfect skill
SSRF Detection and Exploitation
Security
Detects and exploits Server-Side Request Forgery (SSRF) vulnerabilities. Use when the target has URL parameters, remote file loading, webhooks, PDF generation, or URL preview features. It can probe internal networks, read local files via file protocol, attack internal services like Redis, and access cloud metadata endpoints (AWS, GCP, Azure, etc.).
Database Audit Logging Implementation
Security
Implements database audit logging using triggers, application-level logging, change data capture (CDC), or native logs to track data modifications for compliance and security. Automatically captures detailed audit trails (user, timestamp, old/new values) for regulated environments like GDPR, HIPAA, SOX, and PCI-DSS. Helps ensure accountability and simplifies compliance reporting without requiring application code changes.
Backend Application Security
Security
Secures backend applications by addressing OWASP Top 10 vulnerabilities, implementing authentication (JWT, OAuth2) and encryption (bcrypt, TLS), and configuring vulnerability scanning tools (SAST, DAST, SCA). Helps achieve compliance with frameworks like GDPR, HIPAA, PCI-DSS, and SOC2, and includes incident response procedures.
SSL/TLS Configuration Validator
Security
Validate and optimize SSL/TLS configurations for web servers, ensuring strong ciphers and proper certificate chains.
Dependency Audit and Security Analysis
Security
Scans project dependencies for known vulnerabilities, license conflicts, and outdated packages, prioritizing fixes by severity. Provides actionable remediation strategies and upgrade paths with compatibility notes. Best used for security audits, license compliance checks, or supply chain risk assessments.
Lokalise Data Handling
Security
Implement Lokalise translation data handling with PII detection, privacy management, and GDPR/CCPA compliance patterns using automated scanning and safe logging.
Access Control Manager
Security
Audits user access permissions across cloud services, SaaS applications, and internal systems to enforce least-privilege principles. Connects to identity providers like Okta, Auth0, and AWS IAM to identify over-privileged accounts, unused access rights, and stale users. Generates access review reports and prioritized remediation playbooks.
Full Threat Modeling Workflow
Security
Orchestrates the complete threat modeling workflow from initialization through reporting, including asset discovery, threat analysis, control verification, compliance mapping, and documentation generation. Use when performing a full security assessment or generating comprehensive threat documentation.
Global Validation
Security
Implement comprehensive input validation on both client and server sides with clear error feedback. Use this skill when validating user input in forms, API endpoints, or data processing to ensure data integrity, security, and consistent error messaging across all application entry points.
Technical Writing for Security Audit Reports
Security
Writes formal security audit report content: generates detailed issue write-ups (context, impact, recommendation) and system overview / security model sections. Helps security auditors produce polished, consistent reports.
PHI Compliance Checker
Security
Scans code and data for Protected Health Information (PHI) to ensure HIPAA compliance. Use when reviewing code that handles patient data, healthcare records, or medical information. Checks for 18 HIPAA identifiers, logs, encryption, access controls, and flags PHI in comments, test data, or configuration files.
Content Security Policy Generator
Security
Generate and test Content Security Policy headers to prevent XSS and data injection attacks.