proagent-security

Apply production security hardening for autonomous agent deployments (reference: `casdk-harness/src/harness/security.py`, `casdk-harness/docs/HARDENING.md`).

Scan the repository for accidentally committed secrets and credentials.

Run a structured security audit using formula-based workflows (reference: `gastown/.beads/formulas/security-audit.formula.toml`).

Assess the project against a specified compliance framework.

Set up encryption for data protection.

Assess the access control implementation:

Review autonomous agent security posture (reference: `casdk-harness/src/harness/security.py`, `casdk-harness/docs/HARDENING.md`):

- Secrets hardcoded in pipeline configuration

Check for these vulnerability patterns:

- Running as root (missing `USER` directive in Dockerfile)

Check for these issues:

Check for XSS and CSRF vulnerabilities (reference: `agents/plugins/frontend-mobile-security/commands/xss-scan.md`, `agents/plugins/frontend-mobile-security/agents/frontend-security-coder.md`):

- Overly permissive security groups or firewall rules (0.0.0.0/0 ingress)

For Solidity smart contracts (reference: `agents/plugins/blockchain-web3/skills/solidity-security/SKILL.md`):

Analyze code changes and classify risk level (reference: `Auto-Claude/apps/backend/analysis/risk_classifier.py`, `Auto-Claude/apps/backend/analysis/security_scanner.py`).

Execute a multi-layer vulnerability scan on the codebase.

Create a structured threat model for the application.

Scan frontend code for cross-site scripting vulnerabilities (reference: `agents/plugins/frontend-mobile-security/commands/xss-scan.md`).

Overview of all security capabilities: vulnerability scanning, compliance enforcement, secrets management, encryption, threat modeling, OWASP Top 10, and Zero Trust architecture.

Review security posture: code security, dependency vulnerabilities, access controls, container security, CI/CD pipeline security, and infrastructure configuration.

Execute security operations: scan-vulnerabilities, audit-secrets, threat-model, compliance-check, encrypt-setup, xss-scan, risk-classify, agent-harden, or audit-workflow.

Expert security auditor specializing in DevSecOps, OWASP compliance, threat modeling (STRIDE, PASTA), Zero Trust architecture, vulnerability assessment (SAST/DAST/SCA/XSS/VirusTotal), compliance frameworks (GDPR, HIPAA, SOC2, PCI-DSS, ISO 27001), secrets management, encryption, secure coding practices, incident response, agent sandboxing, risk classification, frontend security, and Solidity smart contract auditing. Use PROACTIVELY for security audits, vulnerability scanning, compliance checks, threat modeling, or any security-related task.

Securing Software & Infrastructure - vulnerability scanning (SAST, DAST, XSS, VirusTotal), compliance enforcement (PCI, GDPR, SOC2, HIPAA), secrets management, encryption, audit logging, threat modeling, OWASP Top 10 protection, Zero Trust architecture, agent sandboxing, risk classification, frontend security, and smart contract security. Use when performing any security assessment, hardening, compliance, or threat analysis task.

5 hooks across 2 events

GitHub MCP server for repository security management, code scanning alerts, secret scanning alerts, Dependabot alerts, branch protection rules, and pull request security reviews.

GitLab MCP server for project security management, vulnerability reports, SAST/DAST pipeline results, dependency scanning, and merge request security approvals.