4. Security & Compliance

Provides security review criteria aligned with OWASP Top 10, including severity levels and language-specific vulnerability checks.

Performs invariant-based code reviews to identify security vulnerabilities by testing assumptions and adversarial scenarios, reporting with severity and confidence evidence.

Prevents accidental leaks of secrets and credentials in code repositories via automated detection, removal, and documentation.

Automates copyright and licensing checks for images and assets to ensure site policy compliance.

Configures actor-based authorization, public/authenticated access, and custom authentication interceptors in JUDO Runtime for secure application deployment.

Detailed guide to JUDO's permission checking flow for CRUD operations, including debugging authorization failures and implementing custom authorizers.

Scans AI skill files for prompt injection, malicious instructions, and security risks to prevent exploitation.

Provides production-grade security features including authentication (JWT, API keys), authorization (RBAC), rate limiting, and request validation for secure application development.

Step-by-step guide for implementing custom authentication providers in JUDO applications, covering SSO, MFA, and identity integrations.

Automates security audits through vulnerability scanning and verification to identify and remediate security issues.

Runs on-demand security audits on user-specified work, using specialized auditors to identify and fix vulnerabilities.

Comprehensive guide for implementing JUDO Access Manager API features including authorization workflows, authentication interceptors, and access control integration.

Comprehensive guide to JUDO authentication pipeline, covering OAuth2/OpenID Connect configuration and integration with identity providers like Keycloak.

Configures OAuth client credentials for Interactor platform authentication, including account setup, client creation, token management, and secret rotation.

Provides anti-exploit systems for games, including sanity checks, secure networking, and data protection to prevent cheating and ensure fair play.

Manages OAuth authentication flows and credential handling for third-party service integrations, including token retrieval and status monitoring.

Manages iOS 18+ privacy manifest, permission flows (calendar/Siri), data protection, and App Store privacy labels for regulatory compliance.

Performs advanced vulnerability scanning and analysis, including OWASP 2025 compliance, supply chain security assessment, and risk prioritization.

Provides red team tactics based on MITRE ATT&CK, covering attack phases, detection evasion, and reporting guidelines.

Conducts security audits against OWASP standards, identifying vulnerabilities and reviewing code for security flaws.

Provides foundational security definitions, safety rules, and boundary protocols for GitHub skills to ensure secure tool usage and compliance.

Provides authentication utilities for Hono applications using better-auth, JWT, and OAuth for secure session management.

Displays current session status including authentication state and session validity for security and compliance monitoring.

Enforces a secure backup policy for Git commits and pushes, preventing data loss and ensuring commit integrity through automated checks.