4. Security & Compliance

Manages the creation and enforcement of new security policies and compliance rules within organizational systems.

Conversational security advisor that runs audits, explains findings, and suggests fixes for Clawdbot security issues.

Conducts security code reviews focusing on vulnerabilities, authentication, input validation, and OWASP risks.

Provides comprehensive definitions, root causes, impacts, and mitigation strategies for web vulnerabilities across OWASP-aligned categories.

Provides expert guidance on cryptographic best practices, including code reviews and security analysis for encryption, hashing, and secure channel implementation to prevent vulnerabilities.

Ensures required secure configuration files (e.g., google-services.json) exist in all environments (dev/stg/prd) for security compliance.

Enforces security best practices, RBAC permissions, and input validation for the RuoYi framework to prevent common vulnerabilities.

Assesses software features for security vulnerabilities, risk factors, and compliance through rigorous analysis and evaluation.

Provides comprehensive WordPress security assessments including vulnerability scanning, user/theme/plugin enumeration, and exploitation using WPScan.

Enables secure management of credentials and secrets using 1Password CLI, including desktop integration and secret injection for development workflows.

Reviews authentication and authorization patterns (JWT, OAuth2, RBAC) to secure APIs and implement robust access control systems.

Resolves a security flaw where preference toggling bypasses rate limits, causing email/notification spam due to flawed preference-based cooldown tracking.

Prevents common security vulnerabilities in Go applications through patterns for input handling, authentication, and secure coding practices.

Provides advanced security validation for Clawdbot including pattern detection, command sanitization, and real-time threat monitoring to prevent breaches.

Audits code line by line for cybersecurity vulnerabilities using the Dot Dager methodology.

Validates component ports against an 8-category compliance checklist to ensure security standard adherence.

Analyzes code changes pre-commit for security vulnerabilities, quality issues, and best practice violations.

Provides secure FastAPI implementation patterns and authentication best practices for API security.

Conducts comprehensive security audits and identifies system vulnerabilities to strengthen security posture and mitigate risks.

Specializes in implementing secure authentication systems including JWT, cookie-based auth, and MFA for robust application security.

Provides security review and vulnerability analysis for RetentionAI, covering authentication, data handling, and API security.

Provides security analysis, vulnerability scanning, and compliance checks to enhance system security and meet regulatory standards.

Provides security best practices for Node.js and web applications, emphasizing vulnerability reviews and secure implementation of authentication and data handling features.

Conducts comprehensive codebase audits to map structure, dependencies, and identify security risks for quality and compliance assessment.