4. Security & Compliance

Performs security audits on Stripe integrations, checking configuration, webhooks, and subscription logic to identify vulnerabilities and generate structured findings.

Performs security audits for Bitcoin payment integrations, verifying node connectivity, wallet status, UTXO management, and network configuration.

Provides a comprehensive security checklist for authentication, user input handling, secrets management, and API endpoints.

Automates the systematic introduction of new user roles (e.g., Auditor, Supervisor) into the ATLAS ecosystem, ensuring secure access control and compliance adherence.

Conducts comprehensive security audits of GitHub repositories and package dependencies using Semgrep and multi-layered defense frameworks to assess code integrity and supply chain risks.

Manages Google Workspace API authentication via OAuth, including credential setup and troubleshooting for secure API integration.

Manages secure secrets for Platxa services using Fernet encryption, Kubernetes Secret objects, and secure token patterns with key rotation and constant-time verification.

Generates secure RS256 JWT tokens with JWKS endpoint and key rotation for Platxa services.

Guides configuration of Tailscale Access Control Lists (ACLs) for secure network access and SSH rule management through the Admin Console.

Provides secure implementation of API authentication and authorization patterns, including OAuth and JWT.

Verifies smart contract source code against deployed contracts on Celo blockchain, ensuring security and transparency for block explorers.

Provides a comprehensive security guide for Capacitor mobile apps using Capsec scanner, covering 63+ security rules for secrets, storage, network, authentication, and cryptography.

Scans custom Claude Code skills for malicious code, triggered by security-related user queries.

Expert guidance for implementing iOS authentication features including Sign in with Apple, Face ID, and Keychain integration.

Evaluates security verifier models on network-logs (E1) and config-verification (E2) tasks, generating performance metrics and comparative reports.

Scans dependencies in package manifests, lock files, SBOMs, and container images for known vulnerabilities using Google OSV-Scanner.

Performs security-focused static code analysis using Semgrep for vulnerability detection, custom rule creation, and CI/CD integration.

Performs attack surface analysis and API endpoint discovery using OWASP Noir to identify shadow APIs, hidden routes, and security vulnerabilities across multiple frameworks.

Scans project dependencies for vulnerabilities, generates VEX documents, and ensures license compliance using OWASP Depscan for SCA.

Generates security-focused codebase documentation in Markdown for security assessments, threat modeling, and code review.

Audits skill files for adherence to Claude Code best practices, ensuring security and quality compliance.

Scans source code and git history for hardcoded secrets like API keys, passwords, and tokens to prevent security breaches.

Provides open-source SAST security scanning with community-driven rules for fast vulnerability detection without proprietary license constraints.

Analyzes application technology stack and security features using Microsoft Application Inspector to detect vulnerabilities and generate security reports.