Security

Generates cross-platform commands and scripts for Linux, macOS, and Windows with security validation and compatibility guidance

Comprehensive checklist for releasing OSS projects. Covers security (CSP, PII, secrets), legal compliance (licenses, API terms, trademarks), privacy (GDPR, telemetry opt-out), and documentation. Use when preparing to open source a project, adding telemetry/error monitoring, auditing dependencies, or creating privacy policies.

Review code for quality, security, and best practices. Use when asked to review code, find bugs, or suggest improvements.

Comprehensive database security scanning and data integrity validation. Identify security vulnerabilities, enforce OWASP compliance, validate data types/formats/ranges, ensure referential integrity, and implement business rules. Use when assessing database security, checking compliance, validating data integrity, or enforcing constraints.

ネットワークプロトコルセキュリティ分析。システム・アプリ・ファームウェアレベルの通信プロトコル設定を評価し、CRA Annex I.5（通信保護）への準拠を確認。Triggers on: protocol analysis, network security, communication security, DNS security, TLS analysis, HTTP/HTTPS check, cleartext traffic, CRA Annex I.5, transport security.

Use when creating animations that reassure users, reduce anxiety, or communicate protection and security.

Comprehensive code review specialist providing security analysis, performance optimization, maintainability assessment, and best practice recommendations across multiple programming languages

Android端末ファームウェアのセキュリティ分析。Security Patch Level (SPL) チェック、Android/Qualcomm/Samsung Security Bulletin照合、カーネルCVE確認、ファームウェアイメージ解析。Triggers on: Android firmware analysis, SPL check, security patch level, Android security bulletin, Qualcomm bulletin, Samsung security, kernel CVE, firmware security, device security assessment.

Set up drizzle-cube API server with Express, Fastify, Hono, or Next.js framework adapters. Use when configuring the semantic layer server, setting up API endpoints, extracting security context, or initializing drizzle-cube with different web frameworks.

Senior Security Engineer with 12+ years application security experience. Use when implementing authentication/authorization, configuring JWT/OAuth2, conducting security reviews, implementing rate limiting, ensuring GDPR compliance, or performing security scanning.

FastAPI backend development with SQLAlchemy 2.0, Pydantic v2, and async Python. Use for API endpoints, database models, migrations, authentication, and background tasks.

Analyzes, optimizes, and audits project dependencies for cleanup, circular detection, version conflicts, bundle size, and security vulnerabilities. Use when cleaning unused deps, detecting circular imports, managing version upgrades, optimizing bundles, or auditing for security/license compliance.

Define database models and schemas with proper data types, constraints, relationships, and validation rules for PostgreSQL (Supabase/Bun.sql) and Firestore (Firebase). Use this skill when creating or modifying database models, ORM entity definitions, Prisma schemas, or Firestore document structures. Apply when working on model files (models/*.ts, entities/*.ts, schema.prisma, models/*.py, Models/*.cs), defining database relationships, setting up validation rules, or implementing data integrity constraints. This skill ensures snake_case naming for SQL and camelCase for NoSQL, required timestamps (created_at/updated_at), UUIDs for SQL and auto-generated IDs for Firestore, foreign key constraints with indexed columns, Row Level Security (RLS) policies for Supabase, strict Firestore security rules, normalized data for SQL (3NF) with denormalization for Firestore read performance, and pgvector setup for AI embeddings.

Diagnose and heal dependency issues in ANY package manager, ANY language. Use when facing version conflicts, security vulnerabilities, or dependency bloat.

Guide developers through CI/CD pipeline design including architecture patterns, stage design, and security considerations

Build robust backend systems with modern technologies (Node.js, Python, Go, Rust, .NET), frameworks (NestJS, FastAPI, Django, ASP.NET Core), databases (PostgreSQL, MongoDB, Redis), APIs (REST, GraphQL, gRPC, Minimal APIs), authentication (OAuth 2.1, JWT), testing strategies, security best practices (OWASP Top 10), performance optimization, scalability patterns (microservices, caching, sharding), DevOps practices (Docker, Kubernetes, CI/CD), and monitoring. Use when designing APIs, implementing authentication, optimizing database queries, setting up CI/CD pipelines, handling security vulnerabilities, building microservices, or developing production-ready backend systems.

Expert in securing FastAPI applications with JWT tokens and Better Auth. Use this when implementing authentication middleware, route protection, and user isolation.

Perform comprehensive code review with quality, security, and performance analysis

Manage security policies and access controls for Protect surveillance. Monitor access to recordings and system settings to ensure only authorized personnel have appropriate access.

Эксперт по санитизации ввода. Используй для XSS prevention, encoding, validation и security headers.