4. Security & Compliance

Network utility for TCP/UDP data transfer, port scanning, and authorized penetration testing including reverse shells.

Analyzes authentication and authorization patterns to identify security vulnerabilities in application design.

Enables independent verification of task completion, eliminating self-attestation to enhance reliability and trust in process outcomes.

Scans code repositories to identify and alert on accidentally committed secrets, credentials, and sensitive data.

Scans web servers for vulnerabilities, misconfigurations, and outdated software to ensure security compliance and hardening.

Enables endpoint forensic investigations, threat hunting, and incident response using Velociraptor Query Language (VQL) for scalable security analysis.

Enables UART console interaction with IoT devices using picocom for penetration testing, including device enumeration and vulnerability discovery.

Performs security audits on command execution, tool permissions, and API key handling to identify vulnerabilities before production deployment.

Enforces file system and network isolation boundaries for Claude Code sandboxes to enhance security and prevent unauthorized access.

Runs a local SharePoint audit by verifying dependencies, executing PowerShell with certificate auth, parsing results, and generating Markdown/HTML reports.

Performs security audits on code, architecture, and infrastructure, including threat modeling and security reviews of pull requests.

Provides structured methodologies for network reconnaissance, port scanning, service fingerprinting, and vulnerability identification with best practices for data collection.

Scans IaC files for security misconfigurations and compliance violations against standards like CIS and PCI-DSS.

Performs rapid vulnerability scanning using Nuclei templates for web applications, APIs, and infrastructure, covering CVEs and OWASP Top 10.

Enforces security and compliance policies across infrastructure and applications using Open Policy Agent (OPA) for frameworks like GDPR, HIPAA, and SOC2.

Validates and implements HTTP security headers to enhance web application security against common vulnerabilities.

Performs security validation, vulnerability scanning, and compliance checks to ensure system security and regulatory adherence.

Processes administrative cases for Crown fiduciary duty negligence, including fund mismanagement and reserve land protection failures.

Automated security analysis tool detecting critical vulnerabilities like SQL injection, XSS, and CSRF across multiple programming languages and frameworks.

Autonomously orchestrates penetration testing workflows including reconnaissance, exploitation, and privilege escalation until target flags are captured.

Real-time constitutional compliance checker for development documents, blocking insecure practices like hardcoded secrets and incomplete implementations during editing.

Analyzes network traffic patterns using DPI to identify applications, monitor bandwidth, and optimize traffic management for security and efficiency.

Analyzes binary files (exe, dll, etc.) for malware, extracts technical details, and provides threat assessment. Triggered by safety queries.

Provides installation and configuration guides for reverse engineering tools including radare2, Ghidra, GDB, and QEMU to support security analysis and malware research.