Azure compliance scanning, Key Vault expiration auditing, and resource configuration validation. Runs azqr (Azure Quick Review) for comprehensive compliance assessment against best practices across subscriptions and resource groups Monitors Key Vault keys, secrets, and certificates for expiration dates and identifies items without expiration policies Detects orphaned, misconfigured, and non-compliant resources using Resource Graph queries Classifies findings by priority (Critical, High, Medium, Low) with remediation guidance for each issue
Provision Microsoft Entra Agent Identity Blueprints, BlueprintPrincipals, and per-instance Agent Identities via Microsoft Graph, and configure OAuth 2.0 token…
Codebase auditor identifying Apple App Store rejection risks and compliance gaps. Systematically reviews Info.plist, entitlements, privacy manifests, permissions, IAP flows, account handling, and content moderation against App Store Review Guidelines Produces prioritized risk register with severity levels, evidence citations, and concrete remediation steps Includes reviewer experience checklist and draft App Review Notes to streamline submission and reduce re-review cycles Focuses on rejection prevention first, then optimization opportunities for faster approval
Comprehensive safety analysis and improvement framework for AI prompts with detailed assessment methodologies. Evaluates prompts across eight dimensions: safety, bias detection, security, effectiveness, best practices compliance, pattern analysis, technical robustness, and performance optimization Provides structured analysis reports with risk scoring, critical issue identification, and strength assessment across all evaluation criteria Delivers improved prompt versions with specific enhancements, safety measures, bias mitigation strategies, and security hardening recommendations Includes comprehensive testing frameworks covering standard test cases, edge cases, safety testing, and bias validation with expected outcomes Offers educational insights explaining prompt engineering principles applied, common pitfalls avoided, and responsible AI best practices from industry leaders
Declarative policies, intent classification, and audit trails for controlling AI agent tool access and behavior. Composable governance policies define allowed/blocked tools, content filters, rate limits, and approval requirements — stored as configuration, not code Semantic intent classification detects dangerous prompts (data exfiltration, privilege escalation, prompt injection) before tool execution using pattern-based signals Tool-level governance decorator enforces policies at function call time with rate limiting, content checking, and audit logging Trust scoring with temporal decay tracks agent reliability in multi-agent systems, gating sensitive operations based on historical success rates Append-only audit trails capture all governance events (allowed, denied, errors) for compliance and security review Works with any agent framework: PydanticAI, CrewAI, OpenAI Agents, LangChain, AutoGen
Know Your Agent (KYA). Billions decentralized identity for agents. Link agents to human identities using Billions ERC-8004 and Attestation Registries. Verify…
Define patterns and messages that trigger Claude warnings or blocks on specific agent actions. Supports four event types (bash commands, file edits, agent stop, user prompts) plus an "all" catch-all, each with regex or multi-condition matching Rules use markdown files with YAML frontmatter stored in .claude/hookify.{name}.local.md ; changes take effect immediately on next tool use Two matching modes: simple pattern field for single-condition rules, or advanced conditions array for multi-field logic with operators like regex_match, contains, equals, and starts_with Actions default to warn (show message, allow operation) or can be set to block (prevent operation or stop session) Includes regex pattern guide with common metacharacters, escaping rules, and examples for detecting dangerous commands, debug code, security risks, and sensitive files
Systematic security code review identifying high-confidence vulnerabilities with data-flow verification. Focuses exclusively on HIGH CONFIDENCE findings: vulnerable patterns with confirmed attacker-controlled input, skipping theoretical issues and framework-mitigated code Requires codebase research before reporting: traces data flow, checks for validation/sanitization, and verifies exploitability rather than pattern-matching alone Covers 14 vulnerability categories (injection, XSS, authorization, cryptography, deserialization, SSRF, and more) with language-specific guides for Python, JavaScript, Go, Rust, and Java Distinguishes server-controlled values (settings, env vars, hardcoded constants) from attacker-controlled input to eliminate false positives Reports findings with severity classification (Critical/High/Medium/Low), location, impact, evidence, and remediation guidance
Provides expert guidance on authenticating and authorizing to Google Cloud services and APIs, covering human users, service identities, Application Default…
Detects fail-open security vulnerabilities where applications run insecurely with missing or weak default configuration. Identifies hardcoded secrets, weak authentication defaults, permissive access controls, and weak cryptography that allow apps to start and operate without proper configuration Distinguishes between fail-open vulnerabilities (app runs insecurely with defaults) and fail-secure patterns (app crashes if config is missing) Focuses on production-reachable code; automatically excludes test fixtures, example files, documentation, and development-only configurations Includes verification workflow to trace code paths, confirm runtime behavior, and assess production impact before reporting findings
Smart contract security review through Trail of Bits' 5-step workflow with automated scanning, visual analysis, and property documentation. Runs Slither with 70+ detectors to identify known vulnerabilities, then checks for special features like upgradeability risks, ERC conformance, and token integration patterns Generates three security diagrams (inheritance graph, function visibility, state variable authorization) to reveal architectural vulnerabilities that text descriptions miss Guides documentation of critical security properties (state machines, access control, arithmetic constraints) and sets up property-based fuzzing with Echidna or formal verification with Manticore Analyzes manual review areas automated tools miss: privacy leaks, front-running risks, cryptography weaknesses, and DeFi interaction hazards with codebase pattern matching
Generates security-focused guidance for Google Cloud workloads based on the design principles and recommendations in the Google Cloud Well-Architected…
Identifies high-risk dependencies vulnerable to exploitation or takeover through systematic supply chain analysis. Evaluates all project dependencies against six risk criteria: single maintainers, unmaintained status, low popularity, high-risk features (FFI, deserialization), past CVEs, and missing security contacts Uses the gh CLI tool to query accurate GitHub metrics (stars, open issues, maintainer info) for each dependency Generates a structured markdown report with flagged high-risk dependencies, suggested alternatives, risk factor counts, and actionable recommendations Designed for pre-audit scoping and supply chain attack surface assessment, not active vulnerability scanning
Systematically verify suspected security bugs and classify them as true or false positives with documented evidence. Guides you through structured claim analysis, data flow tracing, and gate reviews to eliminate false positives before reporting Supports two verification routes: standard (single-pass checklist for straightforward bugs) and deep (full task orchestration for complex, cross-component, or concurrent bugs) Includes built-in escalation checkpoints, bug-class-specific verification requirements, and a 13-item false positive pattern checklist to catch common misclassifications Produces final verdicts with counts, vulnerability descriptions, and rejection reasons for each bug analyzed
Static security analysis for GitHub Actions workflows invoking AI coding agents. Detects nine attack vectors where attacker-controlled input reaches AI agents in CI/CD pipelines, including env var intermediaries, direct expression injection, CLI data fetches, dangerous sandbox configs, and wildcard user allowlists Scans .github/workflows/ for Claude Code Action, Gemini CLI, OpenAI Codex, and GitHub AI Inference steps; resolves one level of composite actions and reusable workflows Captures security context from step configuration ( with: blocks), workflow triggers, environment variables, and permissions to trace data flow from GitHub event context to AI prompts Produces structured findings reports with severity judgment, YAML evidence, annotated data flow traces, and action-specific remediation guidance