4. Security & Compliance

Provides red team tactics based on MITRE ATT&CK framework, covering attack phases, detection evasion, and reporting methodologies.

Validates CLAUDE.md configurations against Anthropic documentation, security best practices, and compliance standards to detect violations before committing changes.

Conducts proactive WCAG 2.2 Level AA accessibility audits for React/TypeScript applications with risk-based scoring and MUI framework awareness.

Enforces strict security rules for Docker Compose, prohibiting environment variable exposure to prevent secret leakage in containerized applications.

Provides role-based authorization patterns for erify_api using JSONB roles/permissions, AdminGuard, and multi-scope access control.

Securely stores application secrets in AWS Secrets Manager or Parameter Store, eliminating hardcoded credentials in code and IaC.

Enforces infrastructure security and compliance policies using OPA, Conftest, Checkov, and SCPs to audit IaC configurations.

Provides secure IAM policy patterns for least privilege access in AWS, including scoped permissions, permission boundaries, and IRSA for Kubernetes workloads.

Automates secrets rotation via AWS Secrets Manager, Lambda rotators, and SSM Parameter Store for secure credential management.

Enforces mandatory tagging policies for cost allocation, security ownership, and regulatory compliance across cloud infrastructure.

Enforces a two-person approval process for executing destructive commands, preventing accidental or unauthorized system modifications.

Adds OAuth or JWT authentication to MCP servers for secure access control and user verification.

Provides step-by-step guidance for integrating authentication providers such as OAuth and JWT into applications.

A destructive skill that deletes other installed skills. Use at your own risk; may cause system instability.

Manages explicit identity verification and authentication mechanisms across system boundaries to ensure secure access and compliance.

Provides authentication, authorization, and security features for LifeOS including login, passkeys, API keys, and password reset functionality.

Searches and analyzes over 50,000 smart contract vulnerabilities using Cyfrin Solodit's MCP tools for efficient security auditing.

Enables secure user data import/export workflows while ensuring GDPR compliance for privacy features and regulatory requirements.

Provides formal verification of lattice-based cryptographic schemes including LWE, SIS, and RLWE with security reductions in Isabelle/HOL.

Provides a comprehensive security audit checklist based on OWASP Top 10 for vulnerability assessment and code security review.

Enforces EMMA's architectural principles, ADR compliance, schema invariants, and Responsible AI boundaries before any change affecting data models or AI behavior.

Expert assistance with Clerk authentication, user management, and session handling, including Next.js integration for secure implementation.

Researches secure authentication patterns, flows, and session management using Exa code search and Ref documentation for improved security practices.

Provides expert guidance on web security, covering OWASP Top 10, authentication, authorization, and secure coding practices to prevent vulnerabilities.