4. Security & Compliance

Analyzes security patterns, identifies vulnerabilities, and reviews authentication, authorization, and secure coding practices.

Enforces core behavioral rules and safety principles that must be consistently applied across all system operations.

Guides secure secret storage using platform-native methods via app_secure_storage package.

Checks application security configurations including HTTPS, CORS, security headers, and cookie settings for vulnerabilities.

Enforces secure coding practices via CodeGuard security checks, covering input validation, secrets management, and OWASP countermeasures.

Automates security vulnerability scanning for OWASP Top 10 and secure coding practices, integrated with codex-review.

Performs comprehensive security scans to detect OWASP Top 10 vulnerabilities, sensitive data leaks, dependency flaws, and misconfigurations.

Scans code and configuration files for sensitive data leaks including API keys, passwords, and tokens.

Scans project dependencies for known vulnerabilities, outdated versions, and security risks to enhance application security.

Conducts deep code security reviews to identify injection attacks, XSS, CSRF, and authentication/authorization vulnerabilities.

Manages enterprise authentication configuration via WorkOS, including OAuth, SSO, SCIM, and user management for secure access control.

Scans local branch changes for bugs, security flaws, and code quality issues to support security reviews and code audits.

Audits AWS CDK stacks for security best practices including IAM least privilege, encryption, secret management, and public access controls.

Configures pattern-radar sources, weights, and domains for security pattern detection and monitoring.

Guided workflow for reverse engineering black-box systems to decode APIs, replicate features, and analyze unfamiliar code or data formats.

Comprehensive security scanning tool for OWASP Top 10, authentication, authorization, and data protection with automated vulnerability assessment.

Comprehensive guide to configuring roles, user permissions, and data masking in Frappe/ERPNext for secure access management.

Conducts security reviews and vulnerability detection against OWASP API Top 10 standards for the specified development language.

Audits websites against Opquast V5 standards, covering accessibility, SEO, security, and key web quality metrics.

Forensic data audit system for analyzing distributed files across sources like Google Drive and Notion, with deduplication, classification, and compliance reporting.

Performs comprehensive security audits on Kubernetes clusters to identify vulnerabilities, misconfigurations, and compliance gaps including CIS benchmark checks.

Audits Supabase queries to enforce workspace_id filtering and validate access for security compliance.

Enforces NRPG Platform conventions including NextAuth cookie sessions, tenant safety, and contractor privacy through automated compliance checks.

Automates security vulnerability scanning for Python code, identifying OWASP Top 10 risks including SQL injection, XSS, and hardcoded secrets.