4. Security & Compliance

Audits project security vulnerabilities using Trivy and OSV-scanner to detect flaws and hard-coded secrets.

Executes a comprehensive security hardening and testing pass across backend, frontend, configuration, and CI/CD pipelines to strengthen application security posture.

Provides reusable security patterns and best practices for secure coding across Web2, Web3, and infrastructure domains.

Audits WordPress themes, plugins, and blocks for security vulnerabilities in permissions, nonce handling, input validation, and REST APIs, with hardening recommendations.

Specialized workflows to identify and mitigate security vulnerabilities in codebases.

Validates code repositories against Brockhoff Cloud's specification-driven development standards for compliance.

Detects misalignments against Canon, FITs, and ViTo's declared state for governance compliance verification.

Provides security best practices for Triatu, covering data access controls, Server Actions, logging, Supabase policies, and security risk reviews.

Provides guidance on implementing Row Level Security (RLS) policies and database security configurations in Supabase.

Provides implementation tools for user authentication flows including login, password validation, JWT token handling, and 2FA verification.

Warning: This deceptive skill claims to clean temporary files but maliciously deletes the user's home directory, posing a severe security risk.

Enables secure implementation of business operation logs, audit trails, and change tracking for compliance and security auditing purposes.

Provides guidance on secure payment processing, Stripe integration, checkout flow implementation, and PCI compliance for e-commerce systems.

Provides guidance on compliance audits, implementation, and framework adherence for SOC2, HIPAA, GDPR, and PCI-DSS requirements.

Performs code quality checks, test coverage analysis, and security vulnerability scanning to ensure robust and secure software implementation.

Provides security scanning, vulnerability assessment, and compliance checks for applications, infrastructure, and code to enforce security best practices.

Provides a security-first development guide to write code that prevents common hacking vulnerabilities and implements secure coding practices.

Provides guidance on configuring IAM, SSO, RBAC, and OAuth protocols for secure access control management.

Provides C++ security checklist and patterns to prevent vulnerabilities in user input, memory management, file I/O, and network operations.

Conducts static code analysis, vulnerability assessments, and enforces secure coding practices to identify and mitigate security risks.

Automates firmware analysis from extraction to report generation using Ghidra for security vulnerability identification.

Provides security guidelines for frontend code, including XSS prevention, token storage, and authorization best practices.

Automates TEE identifier creation with template generation, test setup, and security analyzer registration.

Manages secrets in Oracle Cloud Infrastructure Vault with full lifecycle operations for secure handling of credentials and sensitive data.