Audits Move contracts for security vulnerabilities before deployment using 7-category checklist. Triggers on: 'audit contract', 'security check', 'review security', 'check for vulnerabilities', 'security audit', 'is this secure', 'find security issues'.

Probe for hardcoded secrets, injection surfaces, unguarded routes, business logic flaws, and platform-specific weaknesses across backend (Node, Go, Java, Python, Rust), frontend (React, Angular, Vue), and mobile (iOS, Android, Flutter) codebases. Use when performing security audits, vulnerability scans, secrets detection, or penetration testing.

Deep security review patterns for authorization logic, data access boundaries, action isolation, rate limiting, and protecting sensitive operations

Comprehensive AWS security posture assessment using AWS CLI and security best practices

Security Auditor Agent. 보안 감사, 취약점 분석, 컴플라이언스 검토를 담당합니다. 보안, 감사(audit), 취약점, 컴플라이언스 관련 요청 시 사용됩니다.

Analyze code, infrastructure, and configurations by conducting comprehensive security audits. It leverages tools within the security-pro-pack plugin, including vulnerability scanning, compliance checking, and cryptography review. Use when assessing security or running audits. Trigger with phrases like 'security scan', 'audit', or 'vulnerability'.

Run Azure compliance and security audits with azqr plus Key Vault expiration checks. Covers best-practice assessment, resource review, policy/compliance validation, and security posture checks. WHEN: compliance scan, security audit, BEFORE running azqr (compliance cli tool), Azure best practices, Key Vault expiration check, expired certificates, expiring secrets, orphaned resources, compliance assessment.

**ANALYSIS SKILL** — Azure compliance and security auditing: best practices, Key Vault expiration monitoring, resource validation. WHEN: "compliance scan", "security audit", "Key Vault expiration check", "expired certificates", "orphaned resources". DO NOT USE FOR: cost analysis (azure-cost-optimization), governance discovery (azure-governance-discovery).

Run Azure compliance and security audits with azqr plus Key Vault expiration checks. Covers best-practice assessment, resource review, policy/compliance validation, and security posture checks. WHEN: compliance scan, security audit, BEFORE running azqr (compliance cli tool), Azure best practices, Key Vault expiration check, expired certificates, expiring secrets, orphaned resources, compliance assessment.

Audit wallet security by analyzing token approvals, permissions, and transaction patterns. Use when checking wallet security, reviewing approvals, or assessing risk exposure. Trigger with phrases like "audit wallet", "check approvals", "security scan", or "revoke tokens".

Automated compliance checking against CIS, PCI-DSS, HIPAA, and SOC 2 benchmarks

Audit cloud infrastructure (AWS, GCP, Azure) for misconfigurations, excessive permissions, and security gaps. Use when the user mentions 'cloud security,' 'cloud audit,' 'AWS security,' 'GCP security,' 'Azure security,' 'IAM audit,' 'S3 bucket,' 'cloud misconfiguration,' 'cloud hardening,' or needs to review cloud infrastructure security.

Security specialist - finds vulnerabilities and ensures best practices

Quick security audit checklist covering authentication, function exposure, argument validation, row-level access control, and environment variable handling

Auditing Terraform infrastructure-as-code for security misconfigurations using Checkov, tfsec, Terrascan, and OPA/Rego policies to detect overly permissive IAM policies, public resource exposure, missing encryption, and insecure defaults before cloud deployment.

When the user needs a security assessment — threat modeling, vulnerability review, auth flow audit, dependency scanning, or says "is this secure", "review for vulnerabilities", "threat model", "security audit", "pen test prep".

Identifies security vulnerabilities, generates structured audit reports with severity ratings, and provides actionable remediation guidance. Use when conducting security audits, reviewing code for vulnerabilities, or analyzing infrastructure security. Invoke for SAST scans, penetration testing, DevSecOps practices, cloud security reviews, dependency audits, secrets scanning, or compliance checks. Produces vulnerability reports, prioritized recommendations, and compliance checklists.

A general skill for performing security reviews and auditing codebases for vulnerabilities. ALWAYS run this at the end of each task.

A general skill for performing security reviews and auditing codebases for vulnerabilities. ALWAYS run this at the end of each task.