4. Security & Compliance

Automated code auditing agent that detects bugs, security flaws, and performance issues in source code.

Provides a defense manual against AI hacking threats including prompt injection, smuggling, and agentic exploits.

Provides authentication, RBAC, and security hardening standards for NestJS applications.

Comprehensive guide to OWASP Top 10:2025 web security vulnerabilities, including prevention methods and CWE references for security audits and code reviews.

Provides secure coding guidelines and best practices for TypeScript to prevent common vulnerabilities in application development.

Conducts comprehensive codebase audits for release readiness, identifying cruft via parallel exploration of code, docs, config, tests, and specs with interactive triage.

Centralized repository for architectural standards and security protocols, defining the foundational rules of the indiiOS codebase.

Implements secure authentication and authorization patterns using Clerk and Role-Based Access Control (RBAC).

Manages Supabase authentication sessions, user state persistence, and secure session handling for application access control.

Performs automated security vulnerability scanning and dependency audits to identify risks and enforce security best practices.

Provides secure implementation of authentication, authorization, data protection, and vulnerability checks for applications.

Provides a detailed checklist to validate implementation plans against safety and compliance contracts, ensuring adherence to required standards.

Validates implementation plans against safety contracts with a fail-closed checklist to enforce security compliance.

Provides security checklists and patterns for authentication, input validation, secrets management, and secure API development.

AFL++ enhances C/C++ security testing with multi-core fuzzing capabilities to identify software vulnerabilities efficiently.

Analyzes smart contract codebases to identify state-changing entry points for security auditing, categorizing functions by access level and generating structured reports.

Analyzes the Trail of Bits Testing Handbook to generate Claude Code skills for security testing tools and techniques.

Professional tool for identifying web application security vulnerabilities via HTTP interception and automated vulnerability scanning.

Provides security expertise for React, Next.js, and NestJS applications, covering OWASP Top 10, authentication, authorization, and data protection best practices.

Creates custom Semgrep rules to detect security vulnerabilities and bug patterns in code through static analysis.

Guides secure configuration of Claude Code permissions in settings.json, covering allow, ask, deny rules for tool access and security hardening.

Provides authentication best practices for Better Auth framework, supporting email/password, OAuth, magic links, and Passkey via plugins.

Audits code for security vulnerabilities and ensures compliance with the Nexus Sovereignty Protocol.

Specialist in secure multi-tenant credential management with encryption, scope control, and Vault integration.