Security

Python-based threat modeling using pytm library for programmatic STRIDE analysis, data flow diagram generation, and automated security threat identification. Use when: (1) Creating threat models programmatically using Python code, (2) Generating data flow diagrams (DFDs) with automatic STRIDE threat identification, (3) Integrating threat modeling into CI/CD pipelines and shift-left security practices, (4) Analyzing system architecture for security threats across trust boundaries, (5) Producing threat reports with STRIDE categories and mitigation recommendations, (6) Maintaining threat models as code for version control and automation.

Dockerfile security linting and best practice validation using Hadolint with 100+ built-in rules aligned to CIS Docker Benchmark. Use when: (1) Analyzing Dockerfiles for security misconfigurations and anti-patterns, (2) Enforcing container image security best practices in CI/CD pipelines, (3) Detecting hardcoded secrets and credentials in container builds, (4) Validating compliance with CIS Docker Benchmark requirements, (5) Integrating shift-left container security into developer workflows, (6) Providing remediation guidance for insecure Dockerfile instructions.

Infrastructure as Code (IaC) security scanning using Checkov with 750+ built-in policies for Terraform, CloudFormation, Kubernetes, Dockerfile, and ARM templates. Use when: (1) Scanning IaC files for security misconfigurations and compliance violations, (2) Validating cloud infrastructure against CIS, PCI-DSS, HIPAA, and SOC2 benchmarks, (3) Detecting secrets and hardcoded credentials in IaC, (4) Implementing policy-as-code in CI/CD pipelines, (5) Generating compliance reports with remediation guidance for cloud security posture management.

Expert in tenant creditworthiness assessment and financial statement analysis. Use when evaluating tenant credit quality, analyzing financial ratios, assessing default risk, or structuring security requirements. Key terms include DSCR, current ratio, debt-to-equity, working capital, liquidity analysis, credit scoring, personal guarantee, security deposit, financial covenants

Web server vulnerability scanner for identifying security issues, misconfigurations, and outdated software versions. Use when: (1) Conducting authorized web server security assessments, (2) Identifying common web vulnerabilities and misconfigurations, (3) Detecting outdated server software and known vulnerabilities, (4) Performing compliance scans for web server hardening, (5) Enumerating web server information and enabled features, (6) Validating security controls and patch levels.

Engineering judgment, decision-making principles, and code quality standards. Use when making architectural choices, evaluating trade-offs, determining implementation approaches, assessing code quality, or balancing speed vs thoroughness. Provides foundational senior engineer mindset covering when to proceed vs ask, when to refactor, security awareness, and avoiding over-engineering.

Network protocol analyzer and packet capture tool for traffic analysis, security investigations, and forensic examination using Wireshark's command-line interface. Use when: (1) Analyzing network traffic for security incidents and malware detection, (2) Capturing and filtering packets for forensic analysis, (3) Extracting credentials and sensitive data from network captures, (4) Investigating network anomalies and attack patterns, (5) Validating encryption and security controls, (6) Performing protocol analysis for vulnerability research.

Автоматизация JWT аутентификации, Telegram OAuth и security middleware

Audits Helm charts for anti-patterns, security issues, and best practice violations. Use when asked to audit, review, or check Helm chart quality. Generates a comprehensive report under reports/YYYY-MM-DD/helm-charts-audit.md. (project)

Use when assessing or improving code quality, maintainability, performance, or security hygiene - provides workflows for analysis, code review, and systematic improvements with validation steps.

Comprehensive Ash framework guidelines for Elixir applications. Use when working with Ash resources, domains, actions, queries, changesets, policies, calculations, or aggregates. Covers code interfaces, error handling, validations, changes, relationships, and authorization. Read documentation before using Ash features - do not assume prior knowledge.

API Gateway patterns for routing, authentication, rate limiting, and service composition in microservices architectures. Use when implementing API gateways, building BFF layers, or managing service-to-service communication at scale.

Organize long or disorganized className attributes in React components into semantic groups using cn() or className

AshAuthentication guidelines for implementing authentication in Ash Framework. Use when adding password, magic link, API key, or OAuth2 authentication strategies. Covers token configuration, UserIdentity resources, confirmation add-ons, and customizing authentication actions. Never hardcode credentials.

Audits ArgoCD Application manifests and raw K8s resources for anti-patterns, security issues, and best practice violations. Use when asked to audit, review, or check ArgoCD/GitOps quality. Generates a comprehensive report under reports/YYYY-MM-DD/argocd-audit.md. (project)

This skill should be used when describing patterns or anti-patterns for detection by LLM agents across any domain (code analysis, business processes, security audits, UX design, data quality, medical diagnosis, etc.). Uses narrative storytelling structure ("The Promise" → "The Betrayal" → "The Consequences" → "The Source") to achieve 70% faster pattern identification compared to checklist or formal specification approaches. Triggers when creating pattern descriptions for any systematic analysis, detection tasks, or when delegating pattern-finding to sub-agents.

Secure coding practices and defensive programming patterns for building security-first applications. Use when implementing authentication, handling user input, managing sensitive data, or conducting secure code reviews.

Endpoint visibility, digital forensics, and incident response using Velociraptor Query Language (VQL) for evidence collection and threat hunting at scale. Use when: (1) Conducting forensic investigations across multiple endpoints, (2) Hunting for indicators of compromise or suspicious activities, (3) Collecting endpoint telemetry and artifacts for incident analysis, (4) Performing live response and evidence preservation, (5) Monitoring endpoints for security events, (6) Creating custom forensic artifacts for specific threat scenarios.

OpenShift-specific cluster health analysis and troubleshooting based on Popeye's issue detection patterns. Use this skill when: (1) Analyzing OpenShift cluster operators and platform health (2) Troubleshooting Security Context Constraints (SCC) violations (3) Diagnosing BuildConfig, ImageStream, and Route issues (4) Analyzing Projects, Quotas, and resource management (5) Validating OpenShift-specific security configurations (6) Monitoring OpenShift networking (Routes, Routers, OVNKubernetes) (7) OpenShift performance and reliability analysis (8) ARO/ROSA managed service troubleshooting (9) OpenShift CI/CD pipeline issues (Builds, Deployments) (10) Operator Lifecycle Manager and Operator issues

Provides REST and GraphQL API design patterns for Node.js, Flask, and FastAPI. Use when designing endpoints, request/response structures, API architecture, pagination, authentication, rate limiting, or when working in /api/ or /routes/ directories.