4. Security & Compliance

Conducts security code reviews against OWASP guidelines for database queries, API endpoints, authentication, and encryption.

Executes security review workflow including security assessments and data privacy compliance checks via dedicated review and audit commands.

Automates security-focused code reviews analyzing vulnerabilities, quality metrics, performance, and best practices adherence.

Expert guidance on exploiting vulnerabilities such as SQL injection, RCE, and reverse shells for penetration testing and ethical hacking.

Autonomous coordinator for penetration testing that uses ReAct methodology to automate reconnaissance, exploitation, and privilege escalation until user and root flags are captured.

Provides methodologies for network reconnaissance, service enumeration, port scanning, and vulnerability identification with best practices for structured data collection.

Provides comprehensive knowledge on Linux privilege escalation techniques, including enumeration and exploitation of common security vectors to gain root access.

Automates security analysis for code, detecting and fixing vulnerabilities like SQL injection, XSS, and authentication flaws across multiple programming languages and frameworks.

Conducts security audits using OWASP Top 10 patterns, secret scanning, and language-specific vulnerability checks.

Performs pattern-based security scanning on code to detect vulnerabilities and enforce coding standards through custom rules.

Automates security vulnerability discovery in Rust projects using libFuzzer via cargo-fuzz for bug hunting.

Automates security code review for pull requests and diffs, classifying risks, assessing blast radius, and simulating attack scenarios.

Assesses codebase maturity using a 9-category framework covering security and compliance aspects including auditing, access controls, and complexity.

Guides implementation of Content Security Policy (CSP) and security headers, with secure API and external service fetching using HMAC authentication.

Installs a pre-commit hook to scan .specstory/history for secrets before commits, preventing accidental exposure of sensitive data.

Provides safe command execution guidelines for Windows PowerShell, emphasizing secure command chaining to prevent accidental system damage or security risks.

Verifies that 'agent:' field references an existing agent to ensure proper permission mode configuration.

Validates MCP wildcard pattern support within security-critical allowed-tools configuration.

Audits code for security vulnerabilities, performance, accessibility, and OWASP compliance.

Provides comprehensive security vulnerability checklists with severity ratings, point deductions, and detection commands for audits, code reviews, and OWASP compliance checks.

Provides session-based authentication using Lucia Auth library for secure server-side session management and cookie handling.

Validates PopKit security posture through automated vulnerability scanning, secret detection, and OWASP-aligned assessments.

Manages CodeQL suppressions, troubleshoots security vulnerabilities, and enforces security best practices in code.

Provides rapid fixes for compliance violations in design tokens and import structures, ensuring adherence to coding standards.