Expert in secure backend coding practices specializing in input

安全自动化的专业技能和方法论

Security auditing, vulnerability scanning, and compliance validation for OWASP, SOC2, GDPR, and other standards.

Master smart contract security with auditing, vulnerability detection, and incident response

Guide for security-related Agent Skills including penetration testing, code auditing, threat hunting, and forensics skills.

Configure network security groups and firewall rules to control inbound/outbound traffic and implement network segmentation.

Use when implementing authentication/authorization, securing user input, or preventing OWASP Top 10 vulnerabilities. Invoke for authentication, authorization, input validation, encryption, OWASP...

Use when implementing authentication/authorization, securing user input, or preventing OWASP Top 10 vulnerabilities. Invoke for authentication, authorization, input validation, encryption, OWASP...

Configure HTTP security headers including CSP, HSTS, X-Frame-Options, and XSS protection. Use when hardening web applications against common attacks.

Deep security review patterns for authorization logic, data access boundaries, action isolation, rate limiting, and protecting sensitive operations

Deep security review patterns for authorization logic, data access boundaries, action isolation, rate limiting, and protecting sensitive operations

Scan for unprotected MCP servers using @contextware/mcp-scan package. Enables security auditing of local AI tools and network endpoints.

Quick security audit checklist covering authentication, function exposure, argument validation, row-level access control, and environment variable handling

Quick security audit checklist covering authentication, function exposure, argument validation, row-level access control, and environment variable handling

Security Incident Report templates drawing from NIST/SANS. DDoS post-mortem, CVE correlation, timeline documentation, and blameless root cause analysis.

Use when user needs Active Directory security analysis, privileged group design review, authentication policy assessment, or delegation and attack surface evaluation across enterprise domains.

Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. It provides a comprehensive security...

Credential exposure detection, OAuth flow validation, API key management testing, and data sanitization verification for n8n workflows. Use when validating n8n workflow security.

Use when symfony api platform security

Conduct comprehensive security compliance audits for SOC 2, GDPR, HIPAA, PCI-DSS, and ISO 27001. Use when preparing for certification, annual audits, or compliance validation.