4. Security & Compliance

Detects security vulnerabilities in blockchain tokens including fee-on-transfer, rebasing, and callback patterns.

Provides critical security patterns for LayerZero cross-chain integrations, preventing vulnerabilities in peer validation, message composition, and gas configuration.

Detects DeFi security vulnerabilities including price manipulation, oracle staleness, and flash loan attacks using a Price Flow Map artifact.

Generates project-specific security review frameworks and sub-agent configurations for backend, frontend, and infrastructure without performing actual audits.

Provides security patterns for auditing ERC4626 vault smart contracts, addressing critical vulnerabilities like inflation attacks and first depositor exploits.

Provides security checklists and patterns for authentication, input validation, secrets handling, and secure API development in sensitive features.

Analyzes system documentation to extract invariants, trust assumptions, and protocol types for security audit reconnaissance.

Detects critical logical errors and security vulnerabilities in smart contract code using pattern analysis and calculation flow mapping.

Applies Florian Roth's detection engineering methodology to create portable, high-quality YARA and Sigma rules for cross-platform security threat detection.

Applies Roberto Rodriguez's threat hunting methodology using Threat Hunter Playbook and HELK for documented, data-driven security hunts in open-source environments.

Applies David Bianco's Pyramid of Pain and Threat Hunting Maturity Model to prioritize threat detection strategies and assess hunting program maturity.

Applies Google's continuous fuzzing methodology via OSS-Fuzz and ClusterFuzz for automated security vulnerability detection and triage in CI/CD pipelines.

Applies MITRE ATT&CK framework to map threats, build detections, and assess defensive coverage.

Performs deep defensive audits on Go and Kubernetes codebases to ensure production readiness by identifying race conditions, resource leaks, and lifecycle compliance issues.

Generates security audit documentation using a standardized template for vulnerability assessments and security reviews.

Verifies and enforces coding standards, AI guidelines, and workspace compliance across repositories to ensure adherence to development best practices.

Manages secure user authentication flows including login, registration, session handling, and password recovery for application access control.

Provides guidelines for requiring user consent on sensitive operations to prevent unauthorized actions and ensure compliance.

Provides security guidelines for system operations including network configuration (iptables), container management (Docker), and database schema changes (DDL).

Automates secure secret management by detecting plaintext secrets, converting environment files, and injecting secrets via 1Password CLI for enhanced security compliance.

Performs security audits on Rust and WebAssembly applications, identifying vulnerabilities and ensuring adherence to OWASP and Rust security best practices.

Conducts security audits to identify vulnerabilities in code, especially before releases, after auth changes, and when handling sensitive data.

Automated bug detection tool identifying security vulnerabilities and common coding errors across multiple languages, integrating with quality gate workflows.

Advanced vulnerability analysis tool for OWASP 2025, supply chain security, and risk prioritization.