security-audit

Review and harden Azure platform or workload posture using operator-grade controls:

This skill conducts a structured security audit of Salesforce infrastructure controls — network access policies, session security settings, sandbox isolation, Hyperforce deployment configuration, and CSP Trusted Sites. It produces a tiered risk register of findings without…

> Live-guard agent for Contabo Object Storage and S3-compatible bucket operations: inventory audit, access policy review, retention policy enforcement, and deletion with backup verification before any destructive mutation.

> Approval-gated live-guard agent for OVHcloud KMS key version destruction: enforces usage audit, waiting period confirmation, and documented rollback plan before any destructive key operation.

> Advisory agent for Scaleway VPC design, security groups, Private Networks, Load Balancer configuration, placement group HA strategy, and multi-zone resilience patterns.

Review OVHcloud IAM policies for overly permissive allow rules, missing deny blocks, unscoped URNs, absent condition blocks (IP CIDR, resource tag, expiration), and identity-group hygiene. Use when the user needs to audit access control, review `ovh_iam_policy` Terraform…

Act as the Scaleway network design and security advisor: review and design VPC topology, Private Network attachment, security groups, Load Balancer configuration, placement groups, and multi-zone HA patterns.

> Maestro agent for the HR domain. Classifies an incoming HR matter, routes it > to the right HR specialist agent(s), and coordinates cross-functional review > with Legal, Compliance, Privacy, Security, Finance, Payroll, and leadership. > Classification and coordination only —…

> Agent for `kyverno-policy-review`. Review Kyverno ClusterPolicy and Policy resources for failureAction, background scanning, PolicyException audit, mutate/generate rules, and Kyverno-vs-native ValidatingAdmissionPolicy decision.

> Adversarial contract-risk reviewer for clauses, indemnity, limitation of liability, termination, renewal, warranties, assignment, confidentiality, audit rights, dispute resolution, governing law, and commercial risk. Surfaces risks and escalation paths for qualified counsel;…

> Adversarial policy-governance reviewer for corporate policies, approval matrices, delegated authority, records retention, document governance, compliance ownership, and board and audit escalation triggers. Surfaces risks and escalation paths for qualified counsel; does not…

> Adversarial vendor and procurement-risk reviewer for vendor contracts, third-party risk, audit rights, DPAs, SLAs, outsourcing, data sharing, and subcontractor obligations. Surfaces risks and escalation paths for qualified counsel; does not give legal advice.

> Agent for `influencer-disclosure-compliance-review`. Reviews influencer campaign audit packs — brief, contract, post descriptions, and disclosure placement specs — against FTC Endorsement Guides to identify undisclosed material connections, inadequate disclosure placement, and…

> Agent for `kubernetes-manifest-quality-review`. Reviews raw Kubernetes YAML manifests for security, quality, and policy defects — deprecated APIs, missing securityContext fields, absent resource limits, missing health probes, RBAC over-permission, plaintext secrets, and…

> Agent for `rpa-workflow-resilience-review`. Reviews exported RPA workflow definitions (UiPath XAML, Automation Anywhere, Power Automate Desktop, Blue Prism) for resilience and security defects that cause unattended bots to fail silently in production.

Use this skill to assign consistent risk labels to a Legal or HR matter — severity ratings, privilege and privacy sensitivity labels, retaliation and discrimination risk labels, matter-type classes, escalation-gate triggers, and the audit-log schema. It standardizes the…

Use this skill when reviewing Falco rules files, falco.yaml configuration, or runtime security posture for a Kubernetes workload. Trigger when a user provides Falco rules YAML, asks whether their Falco setup covers a specific threat, questions rule exception scope, or wants to…

Use this skill when reviewing an influencer campaign audit pack — campaign brief, creator agreement excerpt, platform post descriptions or screenshot descriptions, and the disclosure format and placement specification — against FTC Endorsement Guides to identify undisclosed…

Use this skill when a user provides a Helm chart or asks to review Helm chart quality, security, or testability — including Chart.yaml, values.yaml, templates/, tests/, or chart-testing CI configuration.

Audit Alibaba Cloud RAM users, groups, roles, and policies; review STS token lifecycle and scope; assess Resource Directory permission boundaries; review Control Policy statements for org-wide gaps or over-privilege.

Manage Huawei DEW (Data Encryption Workshop) — KMS key lifecycle and rotation, CSMS secret rotation automation, CBH (Cloud Bastion Host) privileged access session management, and DBSS database encryption and SQL audit.

Review Scaleway IAM policies, API key governance, service account bindings, and organization/project-level permission sets for least-privilege posture. Use when the user asks to audit API key scopes, review IAM policy breadth, assess service account access, or tighten Scaleway…

Gate and execute Scaleway Kapsule live mutations — Kubernetes version upgrades, node pool creation/deletion/scaling, and cluster configuration changes — with mandatory PDB audit, cluster health verification, explicit approval, and a documented rollback plan. Use when a live…

Run online login brute-force and password spraying with THC Hydra. Use when a user asks to test the login strength of SSH/FTP/HTTP/SMB/RDP services they own, validate a credential list against a target during an authorized engagement, or run a CTF login brute challenge.

> Agent for `gcp-security-posture-hardening`. Review GCP security posture via Security Command Center findings, CIS GCP Benchmark gaps, org policy enforcement baseline, Assured Workloads controls, and CSPM recommendations.