4. Security & Compliance

Generates a decision-ready system risk report by synthesizing security and forensic analysis outputs.

Provides tools for implementing and debugging security patterns, authentication, authorization, and Clerk integration with Row-Level Security (RLS) policies.

Manages bash command permission rules through cc-allow.toml, enabling allow/deny, redirect, and pipe rule configuration for Claude Code.

Guides users in selecting Azure roles for least privilege access based on desired permissions, including application steps.

Conducts security code audits to identify vulnerabilities, hardcoded secrets, and OWASP-related issues in user-provided code.

Reviews software specifications to identify security, privacy, operational, and delivery risks for compliance and robustness.

Assesses safety and suitability of third-party MCP (Model Context Protocol) tools from repositories, providing plain-language evaluations and technical details on request.

Audits GitHub repositories for malicious code, data collection practices, and suspicious dependencies before installation.

Identifies security vulnerabilities in code and suggests improvement strategies.

Provides authentication and authorization solutions including JWT, OAuth2, OIDC, RBAC, and security analysis for login flows and identity management.

Administers Keycloak identity and access management, including user roles, OAuth 2.0, realm configuration, and token management.

Manages HashiCorp Vault for secure secrets storage, dynamic credentials, and security configuration including authentication, policies, and audit logging.

Manages identity and access control with OAuth2, OIDC, SAML, and SSO configurations through Keycloak's authentication flows and realm management.

Provides structured templates for code audits, security analysis, and performance reviews with extended thinking support.

Provides comprehensive container security guidance including vulnerability scanning, image hardening, secrets management, and CIS benchmark compliance.

Reviews Claude configuration files for security vulnerabilities, structural issues, and prompt engineering quality, detecting hardcoded secrets and insecure patterns.

Provides expert guidance on ISO standards, quality management systems, and regulatory compliance certification processes.

Provides expert guidance on healthcare systems, medical informatics, HIPAA compliance, and health data standards for secure and compliant operations.

Provides expert guidance on application security, including OWASP Top 10 vulnerabilities, penetration testing, and security best practices.

Assesses and enhances software projects for enterprise readiness through security validation, supply chain integrity (SLSA/SBOM), and OpenSSF compliance.

Conducts expert security audits, compliance validation, and vulnerability assessments for code and systems.

Delivers expert-level static code analysis using CodeQL to identify security vulnerabilities and ensure secure coding practices.

Generates attack hypotheses and validates security fixes for proactive vulnerability assessment and penetration testing.

Provides guidance on OWASP Top 10 vulnerabilities, authentication implementation, and secure coding techniques to prevent common security risks.