cloudyrion-security

Review APIs for security vulnerabilities against the OWASP API Security Top 10 (2023). Accepts OpenAPI/Swagger specs, API code, or both. Analyzes authentication, authorization, data exposure, rate limiting, input validation, and business logic flaws. Generates a formal API Security Report with per-endpoint findings and remediation guidance. Use this skill whenever the user asks to review an API for security, audit an OpenAPI spec, check REST/GraphQL endpoints for vulnerabilities, assess API auth patterns, or validate API design against security best practices. Also trigger on: 'API security', 'OWASP API Top 10', 'OpenAPI review', 'Swagger audit', 'endpoint security', 'API pentest review', 'REST security', 'GraphQL security', 'is my API secure', or any request to find security issues in API definitions or implementations.

Review system architecture documents (HLD, LLD, design specs, diagrams) against security best practices, Secure by Design principles, and regulatory requirements. Identifies architectural anti-patterns, missing security controls, and design-level risks. Produces a formal Security Architecture Review Report with findings, framework traceability, and prescriptive recommendations. Use this skill whenever the user asks to review an architecture for security, assess a system design, evaluate a high-level or low-level design document, check if an architecture follows security best practices, or perform a Secure by Design review. Also trigger on: 'architecture review', 'design review', 'HLD review', 'LLD review', 'Secure by Design', 'security assessment of architecture', 'zero trust review', 'is this architecture secure', 'review my design', or any request to evaluate whether a system's structure and design decisions are secure — even informal phrasing like 'does this design look safe' or 'what security concerns do you see in this architecture'.

Design structured penetration test attack playbooks from architecture documents, code, threat models, or system descriptions. Produces an Attack Scenario Playbook with attack trees, step-by-step exploitation plans with tool commands, MITRE ATT&CK mapping, OWASP WSTG coverage, risk ratings, detection indicators, and mitigation recommendations. Use this skill when the user asks to create pentest scenarios, design attack playbooks, plan red team exercises, identify attack paths, build attack trees, or define penetration test cases. Also trigger on: 'pentest', 'attack scenario', 'attack playbook', 'red team', 'attack path', 'exploitation plan', 'penetration test', 'attack tree', 'offensive security assessment', or any request to systematically design attacks against a system.

Perform a full security code review with SAST scanning, taint analysis, CWE mapping, OWASP Top 10 coverage, and generation of a formal Security Code Review Report. Use this skill whenever the user asks to review code for security vulnerabilities, audit a codebase or file for security issues, prepare a security assessment before merging, run a SAST scan, check for injection flaws, hardcoded secrets, broken auth, or crypto weaknesses. Also trigger when the user mentions 'security review', 'vulnerability scan', 'code audit', 'pen test the code', 'OWASP check', 'CWE mapping', or wants to generate a security findings report — even if they don't use the exact phrase 'security code review'.

Map security controls, findings, or risk registers across regulatory frameworks to produce a compliance cross-reference matrix. Supports NIS2, DORA, EU CRA, ISO 27001:2022, SOC 2, GDPR, BSI IT-Grundschutz, NIST CSF 2.0, and OWASP ASVS. Identifies compliance gaps where framework requirements have no corresponding control. Use this skill whenever the user asks to map controls to frameworks, check compliance coverage, create a compliance matrix, perform a gap analysis against NIS2/DORA/CRA/ISO 27001, cross-reference security controls, or prepare for an audit. Also trigger on: 'compliance mapping', 'regulatory mapping', 'framework mapping', 'NIS2 compliance', 'DORA compliance', 'CRA compliance', 'ISO 27001 gap analysis', 'SOC 2 mapping', 'audit readiness', 'control mapping', 'compliance gap', or any request to assess how security controls align with regulatory requirements — even 'are we NIS2 compliant' or 'what do we need for DORA'.

3 hooks across 1 event