Explorar skills

Build a minimal but real security policy for sensitive apps. The output is a single, coherent Blue Book document using MUST/SHOULD/CAN language, with explicit assumptions, scope, and security gates.

Automate AWS secrets rotation for RDS, API keys, and credentials

You are a compliance expert specializing in regulatory requirements for software systems including GDPR, HIPAA, SOC2, PCI-DSS, and other industry standards. Perform comprehensive compliance audits and provide implementation guidance for achieving and maintaining compliance.

Derive security requirements from threat models and business context. Use when translating threats into actionable requirements, creating security user stories, or building security test cases.

Comprehensive AWS security posture assessment using AWS CLI and security best practices

Secure secrets management practices for CI/CD pipelines using Vault, AWS Secrets Manager, and other tools.

Expert security auditor specializing in DevSecOps, comprehensive cybersecurity, and compliance frameworks.

'Static Application Security Testing (SAST) for code vulnerability

Automated compliance checking against CIS, PCI-DSS, HIPAA, and SOC 2 benchmarks

IAM policy review, hardening, and least privilege implementation

Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.

Text the user's phone when a long-running task, agent turn, or scheduled job finishes — via @sendblue/cli for outbound, optionally wired to a Claude Code Stop hook for automatic fire.