4. Security & Compliance

Provides security and environment configuration standards for web applications, including environment variable management and secure deployment practices.

Scans React Native and Expo applications for security vulnerabilities, hardcoded secrets, and unsafe patterns to ensure secure code before merging.

Performs code and policy reviews to detect and classify defects without suggesting improvements.

Troubleshoots PII encryption/decryption issues including ciphertext display and decryption failures in secure data systems.

Provides comprehensive security guidance for Cloudflare, including WAF configuration, Zero Trust setup, rate limiting, and DDoS protection.

Restores critical system instructions to prevent degradation, ensuring proper tool usage, delegation, and adherence to safety constraints.

Provides safety checks and best practices for devnet vs mainnet environment management to prevent accidental mainnet deployments and fund loss.

Analyzes Istio, Consul, and Linkerd service mesh configurations for security vulnerabilities and maps to NIST 800-53 for compliance audits and FedRAMP readiness.

Audits GitHub repositories for security vulnerabilities and implements security best practices including secret scanning and dependency checks.

Provides secure authentication and route protection for FastAPI applications using JWT and Better Auth.

Provides authentication and security tools for Dutch government software, supporting DigiD, eHerkenning, OAuth, OIDC, and PKIoverheid standards.

Scans code for security vulnerabilities and anti-patterns, providing feedback on issues related to user input, sensitive data, and security best practices.

Provides security best practices and guidelines for the Jarvy CLI codebase, which executes system commands with elevated privileges.

Conducts comprehensive code audits to identify security vulnerabilities, dependency risks, and improper data handling practices.

Performs network reconnaissance and vulnerability scanning to identify security weaknesses in target systems for penetration testing.

Provides security vulnerability analysis, threat modeling, and regulatory compliance reviews (FDA/DoD/CRA/SOC2) with an attacker mindset.

Provides security testing methodologies for detecting and mitigating Sybil attacks in networked applications.

Reviews BOMvault code for security vulnerabilities, regulatory compliance, and multi-tenancy safety to ensure tenant isolation and RLS adherence.

Manages trusted domain policies and security assessment patterns for WebFetch permissions, ensuring secure web access.

Conducts security code reviews and vulnerability checks to identify and mitigate potential security risks in software.

Manages and fixes permissions in Claude Code, supporting operations like add, remove, consolidate, and ensure access control.

Specializes in application security, vulnerability assessment, penetration testing, and security auditing to implement robust security controls across the SDLC.

Expert in secure JWT implementation, token management, and OAuth 2.0 integration for RESTful API authentication.

Automates prioritization of Java security findings during plan-finalize phase to streamline vulnerability remediation.