npx claudepluginhub drnabeelkhan/maxim --plugin mxm-pack-l3-4-govtechThis skill uses the workspace's default tool permissions.
> Office: CSO | Lead: security-analyst
Generates design tokens/docs from CSS/Tailwind/styled-components codebases, audits visual consistency across 10 dimensions, detects AI slop in UI.
Records polished WebM UI demo videos of web apps using Playwright with cursor overlay, natural pacing, and three-phase scripting. Activates for demo, walkthrough, screen recording, or tutorial requests.
Delivers idiomatic Kotlin patterns for null safety, immutability, sealed classes, coroutines, Flows, extensions, DSL builders, and Gradle DSL. Use when writing, reviewing, refactoring, or designing Kotlin code.
Office: CSO | Lead: security-analyst Sub-skills: 8 | Frameworks: OWASP Top 10, NIST CSF, Zero Trust, STRIDE, DREAD
The CSO auto-loop domain -- activates automatically on any task containing security, compliance, PII, or regulated industry signals. This skill provides security analysis, threat modeling, penetration testing, incident response, vulnerability scanning, and security architecture design. Unlike raw external security tools, Maxim applies behavioral science to security culture, proactively routes to the right specialist agent, and tags every output with confidence and risk signals.
| Task Signal | Routes To | SKILL.md Path |
|---|---|---|
| regulatory compliance, audit prep, policy enforcement | compliance-officer | compliance-officer/SKILL.md |
| ethical hacking, bug bounty, vulnerability exploitation | ethical-hacker | ethical-hacker/SKILL.md |
| incident management, containment, post-incident review | incident-responder | incident-responder/SKILL.md |
| penetration testing, offensive security, vulnerability testing | penetration-tester | penetration-tester/SKILL.md |
| secure system design, zero trust architecture, encryption design | security-architect | security-architect/SKILL.md |
| security audit, risk assessment, controls validation | security-auditor | security-auditor/SKILL.md |
| threat analysis, threat intelligence, attack pattern mapping | threat-analyst | threat-analyst/SKILL.md |
| vulnerability scan, CVE monitoring, dependency check | vulnerability-scanner | vulnerability-scanner/SKILL.md |
This domain activates when:
/mxm-security or /mxm-csoethics_required: true on penetration-tester and ai-ethics-reviewer -- engagement authorization required before offensive testing; AI outputs require ethics review before deploymentCopyright (c) 2026 iSystematic Inc. Maxim product. BSL 1.1.