4. Security & Compliance

Securely stores and retrieves sensitive credentials (API keys, passwords, tokens) using AES-256-GCM encryption for confidential data handling.

Manages user permissions for the ekkOS tool, enabling viewing, granting, and revoking access to control automatic execution.

Provides PHP security best practices and patterns to prevent common vulnerabilities such as SQL injection and XSS.

Provides expert guidance for implementing secure web applications, covering OWASP Top 10, authentication, data protection, and API security to prevent common vulnerabilities.

Conducts pre-deployment security audits for web applications, covering authentication, input validation, secrets management, and compliance basics.

Provides production-ready secure authentication patterns for login, registration, and session management, avoiding common security pitfalls.

Provides security hardening patterns for REST APIs including rate limiting, input validation, CORS, and API key management with implementations for Express, FastAPI, and serverless.

Automates detection of security vulnerabilities such as hardcoded credentials, command injection, and shell injection in code.

Performs focused security reviews on code changes to identify vulnerabilities, insecure patterns, and ensure adherence to security best practices.

Provides RBAC and multi-tenant authorization patterns for laneweaverTMS, including Echo middleware and RLS policies.

Automates secure deletion or archiving of secrets in 1Password vaults via op CLI for credential lifecycle management.

Updates existing secrets in 1Password via op CLI, allowing modification of passwords, fields, item names, vaults, and tags for various item types.

Creates and stores secrets (passwords, API keys, credentials) in 1Password via CLI, supporting item types and vault selection for secure management.

Provides expert guidance for creating, modifying, and troubleshooting Supabase PostgreSQL row-level security (RLS) policies to enforce granular access control.

Provides security best practices for Slack app authentication, including OAuth flows, token management, and securing multi-workspace installations.

Provides iOS security implementation best practices covering authentication, encryption, Keychain, certificate pinning, and jailbreak detection.

Securely transmits clipboard contents (e.g., passwords) to a recipient without exposing data to the agent, using macOS's pbpaste and a secure CLI tool.

Routes user requests for secure secret sharing to specialized skills, ensuring encrypted and safe transmission of sensitive credentials.

Securely retrieves encrypted secrets and credentials from designated secure sharing links, such as trycloudflare.com/s/.

Securely shares sensitive files (e.g., API keys, SSH keys) via locally encrypted AES-256-GCM and one-time Cloudflare tunnel.

Provides secure authentication features including signup, signin, password hashing, JWT token management, and Better Auth integration.

Generates and updates Energize Denver compliance proposals for commercial/multifamily buildings, ensuring adherence to Article XIV through benchmarking, energy audits, and cost estimation.

Delivers compliance requirements, deadlines, penalties, and performance metrics for Denver's Article XIV building regulations across commercial and multifamily properties.

Performs security scans including dependency audits, secret detection, and static analysis to identify vulnerabilities and enforce security policies.