AI Agent Skill HUB

tizen-security-compliance

Maps security requirements to implementation. Coordinates compliance against FIPS 140-3, OCF, CommonCriteria, and Tizen specification.

16 stars
byplurigrid
View on GitHubInstallation ↓

Best use case

tizen-security-compliance is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Maps security requirements to implementation. Coordinates compliance against FIPS 140-3, OCF, CommonCriteria, and Tizen specification.

Teams using tizen-security-compliance should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/tizen-security-compliance/SKILL.md --create-dirs "https://raw.githubusercontent.com/plurigrid/asi/main/plugins/asi/skills/tizen-security-compliance/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/tizen-security-compliance/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How tizen-security-compliance Compares

Feature / Agenttizen-security-complianceStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Maps security requirements to implementation. Coordinates compliance against FIPS 140-3, OCF, CommonCriteria, and Tizen specification.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Tizen Security Compliance Skill

**Trit**: 0 (ERGODIC)
**Category**: tizen-infrastructure
**Author**: Tizen Community
**Source**: tizen/security
**License**: Apache-2.0

## Description

Maps security requirements to implementation. Coordinates compliance against FIPS 140-3, OCF, CommonCriteria, and Tizen specification.

## When to Use

This is a Tizen security/IoT skill. Use when:
- Developing Tizen applications (web, native, .NET)
- Auditing Tizen app security
- Provisioning TizenRT/ARTIK IoT devices
- Implementing Tizen compliance
- Analyzing SMACK policies or Cynara access control

## Tizen Security Model

### SMACK (Simplified Mandatory Access Control Kernel)
- Linux kernel 3.12+ mandatory access control
- Process isolation via labels
- Prevent inter-app resource access

### Cynara
- Fast privilege access control service
- Policy-based permission checking
- External agent integration

### KeyManager
- Central secure storage repository
- Password-protected data access
- Certificate and key management

### Tizen Manifest
- Privilege declarations (public, partner, platform)
- App sandboxing configuration
- Resource access specifications

## Related Skills

- manifest-privilege-validator
- smack-policy-auditor
- tizen-cve-scanner
- sandbox-escape-detector
- cynara-policy-checker
- iot-device-provisioning

## References

- Tizen Official Docs: https://docs.tizen.org/
- Samsung Security Manager: https://github.com/Samsung/security-manager
- Samsung Cynara: https://github.com/Samsung/cynara
- TizenRT: https://github.com/Samsung/TizenRT

Related Skills

triaging-security-incident

16
from plurigrid/asi

Performs initial triage of security incidents to determine severity, scope, and required response actions using the NIST SP 800-61r3 and SANS PICERL frameworks. Classifies incidents by type, assigns priority based on business impact, and routes to appropriate response teams. Activates for requests involving incident triage, security alert classification, severity assessment, incident prioritization, or initial incident analysis.

triaging-security-incident-with-ir-playbook

16
from plurigrid/asi

Classify and prioritize security incidents using structured IR playbooks to determine severity, assign response teams, and initiate appropriate response procedures.

triaging-security-alerts-in-splunk

16
from plurigrid/asi

Triages security alerts in Splunk Enterprise Security by classifying severity, investigating notable events, correlating related telemetry, and making escalation or closure decisions using SPL queries and the Incident Review dashboard. Use when SOC analysts face queued alerts from correlation searches, need to prioritize investigation order, or must document triage decisions for handoff to Tier 2/3 analysts.

tizen-cve-scanner

16
from plurigrid/asi

Scans for known Tizen CVEs in app dependencies and kernel. Checks OpenCVE database and Samsung security updates.

tizen-compliance-checker

16
from plurigrid/asi

Validates Tizen app compliance with TCT (Tizen Compliance Tests). Checks conformance to IoT, TV, or mobile profiles.

tizen-certification-coordinator

16
from plurigrid/asi

Orchestrates Tizen certification workflow. Coordinates TCT test execution, compliance verification, and certification documentation.

tizen-app-scaffold

16
from plurigrid/asi

Generates secure Tizen app projects (native/web/.NET) with privilege declarations, SMACK labels, and secure storage templates pre-configured.

testing-websocket-api-security

16
from plurigrid/asi

Tests WebSocket API implementations for security vulnerabilities including missing authentication on WebSocket upgrade, Cross-Site WebSocket Hijacking (CSWSH), injection attacks through WebSocket messages, insufficient input validation, denial-of-service via message flooding, and information leakage through WebSocket frames. The tester intercepts WebSocket handshakes and messages using Burp Suite, crafts malicious payloads, and tests for authorization bypass on WebSocket channels. Activates for requests involving WebSocket security testing, WS penetration testing, CSWSH attack, or real-time API security assessment.

testing-jwt-token-security

16
from plurigrid/asi

Assessing JSON Web Token implementations for cryptographic weaknesses, algorithm confusion attacks, and authorization bypass vulnerabilities during security engagements.

testing-api-security-with-owasp-top-10

16
from plurigrid/asi

Systematically assessing REST and GraphQL API endpoints against the OWASP API Security Top 10 risks using automated and manual testing techniques.

static-security-analyzer

16
from plurigrid/asi

Wrapper around Tizen Studio static analyzer. Detects memory leaks, buffer overflows, and coding vulnerabilities in C/C++/JavaScript.

spec-to-code-compliance

16
from plurigrid/asi

Verifies code implements exactly what documentation specifies for blockchain audits. Use when comparing code against whitepapers, finding gaps between specs and implementation, or performing compliance checks for protocol implementations.