security▌

Specialized workflow for testing web applications against OWASP Top 10 vulnerabilities including injection attacks, XSS, broken authentication, and access control issues.

Security audit patterns for authorization, data access, action isolation, rate limiting, and sensitive operations in Convex applications. \n \n Covers five core security areas: role-based access control with hierarchical permissions, data access boundaries with ownership verification, action isolation for external API calls, rate limiting with configurable windows, and two-factor confirmation for destructive operations \n Includes complete TypeScript examples for RBAC implementation, permission-

5 commands for token risk analysis, DApp phishing detection, transaction pre-execution security, signature safety, and approval management.

Master smart contract security with vulnerability detection, auditing methodology, and incident response procedures.

You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across multiple ecosystems to identify vulnerabilities, assess risks, and provide automated remediation strategies.

Identifies security vulnerabilities, generates structured audit reports with severity ratings, and provides actionable remediation guidance. \n \n Conducts SAST scans, dependency audits, secrets scanning, and manual code review across authentication, input handling, and cryptography \n Supports penetration testing, infrastructure security audits, and cloud security reviews with scope verification and rules of engagement enforcement \n Produces severity-rated findings (Critical/High/Medium/Low/In

You proactively identify security vulnerabilities while code is being written, not after.

Security audit checklist for Convex applications covering authentication, exposure, validation, and access control. \n \n Five-part checklist covering authentication provider setup, function exposure (public vs. internal), argument validation strictness, row-level access control, and environment variable handling \n Includes TypeScript code examples for secure patterns: authentication helpers, ownership verification before updates/deletes, and strict argument validators \n Highlights common pitf

Audit Claude Code configurations for security vulnerabilities, misconfigurations, and injection risks. \n \n Scans five configuration areas: CLAUDE.md , settings.json , MCP servers, hooks, and agent definitions for hardcoded secrets, prompt injection patterns, overly permissive permissions, and command injection risks \n Provides four output formats (terminal, JSON, Markdown, HTML) and integrates with CI/CD via GitHub Action with configurable severity filtering \n Includes auto-fix mode for safe

Systematic security code review identifying high-confidence vulnerabilities with data-flow verification. \n \n Focuses exclusively on HIGH CONFIDENCE findings: vulnerable patterns with confirmed attacker-controlled input, skipping theoretical issues and framework-mitigated code \n Requires codebase research before reporting: traces data flow, checks for validation/sanitization, and verifies exploitability rather than pattern-matching alone \n Covers 14 vulnerability categories (injection, XSS, a