4. Security & Compliance

Automates NIST 800-53r5 control implementation, tagging, and evidence collection for security compliance frameworks.

Provides modern security standards including Zero Trust Architecture, supply chain security, DevSecOps integration, and cloud-native protection.

Manages API keys, passwords, and sensitive data using HashiCorp Vault with NIST 800-53r5 SC-12 compliant rotation policies and detection tools.

Supports SOC operations including incident response, SIEM management, and threat hunting following NIST 800-61 guidelines.

Identifies and analyzes security threats like data and code tampering to protect system integrity and prevent malicious modifications.

Provides NIST compliance standards and best practices for security and regulatory environments.

Systematically applies STRIDE framework to identify security threats in authentication, file uploads, payments, and external API integrations.

Conducts formal compliance audits for standards like SOC2, PCI-DSS, HIPAA, and GDPR with enforced documentation requirements.

Enables STRIDE threat modeling, vulnerability assessment, and security architecture evaluation for comprehensive security analysis.

Comprehensive toolkit for evaluating Claude skills across security, quality, utility, and compliance dimensions, generating detailed markdown reports with scoring and recommendations.

Provides secure authentication solutions including JWT, API Key, and secure token/password storage for application security.

Provides secure methods for encrypting and decrypting data to protect sensitive information.

Checks license compatibility for Python package redistribution against SPDX database, ensuring legal compliance for building and distributing wheels.

Analyzes binaries, executables, and bytecode for security assessment, reverse engineering, and vulnerability identification.

Manages encrypted secrets (add, edit, rotate) securely using the agenix tool for sensitive credential handling.

Conducts security audits on changes affecting secrets, services, Terraform configurations, and host infrastructure to identify vulnerabilities.

Reduces false positives in security findings using adversarial agent to challenge existing claims, avoiding single-source verification.

Evaluates website safety through domain registration, WHOIS, DNS, and Trustpilot data to generate trust scores and security reports.

Scans a URL's HTTP security headers, scores the configuration, and provides recommendations for critical security headers like HSTS and CSP.

Scans source code for security vulnerabilities and unsafe patterns, enabling proactive security reviews before code commitment.

Scans code and dependencies for security vulnerabilities, providing critical insights for security audits and risk mitigation.

Specialized Android security analysis for APK auditing and ROM vulnerability research using JIAP (JADX + MCP).

Analyzes codebases for 12-Factor Agents compliance, enabling evaluation and auditing of LLM-powered agent architectures.

Provides solutions for Web security vulnerabilities in CTF challenges, including SQL Injection, XSS, and SSRF exploitation techniques.