4. Security & Compliance

Prevents destructive operations by AI coding agents through a Rust-based safety hook that blocks dangerous commands like 'rm -rf' and 'git reset'.

Automates OWASP Top 10 vulnerability scanning and provides remediation guidance.

Performs security vulnerability and license compliance audits on software dependencies to ensure safe and legal usage.

Designs security controls including authentication, authorization, threat modeling, and data protection based on system architecture and data artifacts.

Scans code repositories and configurations for exposed secrets, credentials, and API keys to prevent security breaches.

Validates and generates secure HTTP headers configurations to protect web applications from common vulnerabilities.

Provides secure API design patterns including authentication, authorization, input validation, rate limiting, and protection against common vulnerabilities.

Reviews code for security vulnerabilities using OWASP guidelines and static analysis to enforce secure coding practices.

Performs comprehensive codebase analysis to identify security vulnerabilities, technical debt, and assess overall code health for compliance and quality assurance.

Provides security best practices to prevent vulnerabilities in user input handling, authentication, and data storage.

Enforces Supabase backend security through schema validation, Row-Level Security (RLS) policy enforcement, and API security best practices to prevent data breaches.

Builds secure authentication integrations for TypeScript/JavaScript applications with secure defaults, supporting bootstrapping, migration, and feature addition.

Comprehensive project auditor delivering multi-dimensional analysis across security, code quality, infrastructure, and performance with confidence-tracked findings.

Generates a security review from a Product Requirements Document (PRD), explicitly outlining security requirements, threats, and mitigations before development begins.

Optimizes Claude Code security settings by analyzing permissions, detecting risks, and migrating to secure sandbox configurations for enhanced safety.

Customizes security protection patterns for projects, allowing rule adjustments, command permissions, and path-specific configurations to meet security needs.

Scans code repositories for accidental exposure of secrets and sensitive data prior to public commits.

Provides security checklist and patterns for authentication, input handling, secrets management, and secure API development in sensitive features.

Manages MagicLink authentication service across backend, storage, and UI with enforced security, TTL, and revocation policies.

Expert implementation guidance for Identity and Access Management (IAM) systems including authentication, RBAC, and multi-tenancy logic.

Provides anonymization utilities for vaccine development and clinical trial data to ensure compliance with privacy regulations.

Anonymizes patient data for medical case reports and academic presentations to meet privacy regulations and protect sensitive information.

Anonymizes educational materials to remove personal identifiers, ensuring compliance with data privacy regulations.

Audits cryptocurrency wallet security by reviewing private key management and transaction signing to identify vulnerabilities.