Security

Review code for language-specific security vulnerabilities with automated checks.

Generate repo-specific threat models identifying trust boundaries and attack surfaces.

Static analysis toolkit with CodeQL, Semgrep, and SARIF result processing for security auditing.

Find similar vulnerabilities across codebases via pattern-based analysis.

Create and refine custom Semgrep rules for automated vulnerability detection.

Smart contract security toolkit with vulnerability scanners for 6 blockchains.

Security-focused diff review with git history analysis for code changes.

Property-based testing for multiple languages and smart contracts.

Security skill suite with drift detection, automated audits, and skill integrity verification.

Manage secrets, keys, and certificates on Azure Key Vault: access policies vs RBAC, soft-delete, HSM-backed keys, and rotation. Requires the mcp_microsoftdocs MCP for live docs.

Comprehensive website security audit covering vulnerabilities and misconfigurations.

Secure environment variable management — secrets never appear in sessions, logs, or git.