4. Security & Compliance

Configures allowed commands for AI agents in permission settings, enhancing security for OpenCode and Claude Code platforms.

Automates MIT license compatibility checks for project dependencies, identifying non-compliant licenses and generating audit reports for Node.js and Rust projects.

Analyzes dismech knowledge base compliance by checking disorder file completeness, identifying missing ontology terms/evidence, and applying weighted priority scoring for systematic coverage enhancement.

Consults external AI models via LiteLLM for security audits, architectural reviews, and deep code analysis with async session management.

Runs WCAG 2.1 accessibility audits on Webflow pages, checking elements like forms and keyboard navigation, and generates remediation reports.

Audits Firebase code for security compliance, configuration, and best practices, ensuring adherence to Firebase security model and rules.

Performs deep static analysis on binary executables using radare2 and Ghidra for disassembly, decompilation, and function analysis.

Provides installation and configuration guides for reverse engineering tools including radare2, Ghidra, GDB, and QEMU.

Quickly identifies architecture, ABI, dependencies, and strings in unknown binaries (ELF, executables, firmware) using rabin2.

Analyzes binary execution via QEMU emulation, GDB debugging, and Frida hooking for syscall tracing, memory inspection, and function interception.

Enables reverse engineering of binaries via IDAPython scripts for disassembly, decompilation, string analysis, import tables, and cross-references.

Provides technical vulnerability check items from KISA and Financial Security Agency for server (Unix/Windows) and web penetration testing assessments.

Reviews code for security vulnerabilities including OWASP Top 10, credentials, and injection flaws during auth, input handling, and API development.

Supports ISMS-P certification preparation with item lookup, checklist generation, and implementation planning.

Supports electronic financial supervision regulations certification by enabling clause inquiries, checklist generation, and implementation planning.

Generates regulatory compliance documentation for projects requiring FSS, ISMS, or PCI DSS standards. Streamlines setup of compliance frameworks.

Validates software implementation against specified requirements, acceptance criteria, and design documents.

Specializes in implementing secure backend practices including input validation, authentication, and API security to prevent common vulnerabilities.

Provides secure mobile coding practices including input validation, WebView security, and mobile-specific security patterns for implementation and code reviews.

Specializes in implementing and reviewing frontend security measures to prevent XSS and ensure safe client-side code execution.

Conducts comprehensive security audits, vulnerability assessments, and ensures compliance with GDPR, HIPAA, and SOC2 frameworks.

Prevents accidental execution of destructive or irreversible actions by validating them through a quality assurance gate before proceeding.

Provides red team-style security critiques to identify vulnerabilities, weak assumptions, and edge cases in code and plans.

Fixes memory-related issues identified by mem-audit, with a dry-run preview feature to safely apply changes.