Security Review Pack

Cloud security and compliance covering IAM policies, network segmentation, secrets management, encryption, container security, logging, and audit across AWS, GCP, and Azure.

Application security hardening covering OWASP ASVS, secure coding patterns, DevSecOps pipelines, dependency scanning, secrets management, and security headers.

GDPR, CCPA/CPRA, and HIPAA compliance implementation covering lawful processing, consent management, privacy impact assessments, data subject rights, and breach notification protocols.

When a new partnership or vendor contract is about to take effect, the agent compiles a kickoff packet covering the status of legal review, the obligations the organization just committed to, key dates, named owners, and risk flags. Delivered to the deal owner before the contract effective date so nothing slips on day one.

NEAR Protocol JSON-RPC integration. 27 actions covering account state, access keys, contract storage and code, view function calls, blocks, chunks, validators, transaction lifecycle, gas and protocol config, state changes, network status, and light-client proofs. No credentials required for read actions.

No description.

Output evaluation, hallucination detection, bias assessment, red-teaming, guardrails, content filtering, and EU AI Act compliance for AI systems.

Open source license evaluation, compatibility analysis, SBOM generation, CLA/DCO workflows, and compliance auditing across permissive and copyleft licenses.

WCAG 2.2 compliance guide covering POUR principles, semantic HTML, keyboard navigation, ARIA patterns, contrast ratios, and screen reader testing.

Threat modeling and security architecture using STRIDE, DREAD, attack trees, data flow diagrams, trust boundaries, and risk-driven control selection.

Smart contract security auditing covering vulnerability taxonomy, static analysis, invariant testing, formal verification, exploit pattern analysis, and remediation for EVM and NEAR.

Authorized penetration testing methodology covering reconnaissance, enumeration, exploitation, privilege escalation, and reporting with OWASP Top 10 focus.

Runs a weekly data-quality and hygiene check on the BLOG on-chain bookkeeping ledger. Reads the ledger account's recent transactions, flags missing references, anomalies, and gaps, and writes a findings report to Notion for finance review.

Watches community channels for engagement signals (members asking questions repeatedly, members offering help in their domain, members at risk of churning) and produces a daily digest for community leads with suggested actions covering who needs a personal follow-up, who to introduce to whom, and where attention is most needed. All actions go through the community lead, never auto-DM.

Verifies a new crypto wallet on-chain before it is added as a payee, then prepares a small test payment for the user's own wallet to sign. The agent never holds or signs keys; it verifies the address, hands the unsigned test payment to the user's wallet, and confirms the result on-chain.

Stores the user's DeFi positions in memory and sends a daily Telegram report: it pulls live TVL for each of their protocols from DefiLlama, rates each position's risk from the 24h and 7d TVL change (a 7-day drop over 20% reads as HIGH RISK), and scans DefiLlama's yield database for the best current stablecoin yields above 5% APY. One report covers position risk, a one-line read per protocol, and where better yield is available right now.

No description.

Scans expense submissions for missing or non-compliant receipts, sends automated follow-up requests to submitters, and triages exceptions into a Notion register for finance review.