security-audit

> Approval-gated live-guard agent for Scaleway Kapsule cluster and node pool mutations. Enforces PDB audit, cluster health evidence, and a documented rollback plan before any control-plane or node pool change proceeds.

> Advisory agent for Scaleway VPC design, security groups, Private Networks, Load Balancer configuration, placement group HA strategy, and multi-zone resilience patterns.

Live-guard skill for Contabo Object Storage (S3-compatible) bucket operations including inventory audit, access policy review, retention policy enforcement, and deletion workflows. Hard-stops any bucket deletion requested without verified backup evidence and a documented…

Router skill for classifying Contabo tasks and delegating to the narrowest specialist for cost analysis, capacity planning, security hardening, VPS/VDS lifecycle operations, or Object Storage management. Use when the user asks a Contabo question that spans multiple domains or…

Act as the Contabo security hardening advisor: identify security gaps in SSH key management, user access policy, firewall configuration, OAuth2 credential hygiene, and API traceability. Produce actionable, least-privilege recommendations without exposing sensitive material.

Use this skill when reviewing how an ASP.NET Core application authenticates and authorizes requests — authentication schemes, JWT TokenValidationParameters, cookie and session security, policy-based authorization, authorization handlers, claims trust, role-versus-resource…

Classify incoming IONOS Cloud requests and route them to the narrowest applicable specialist agent. Covers DCD topology review, security and GDPR compliance, managed Kubernetes, cost optimization, and DBaaS lifecycle operations. Use this skill when the task domain is not yet…

Use this skill for Kubernetes Pod Security Admission (PSA) review covering namespace labels for the three profiles (privileged, baseline, restricted), enforce/audit/warn modes, version pinning, and the migration path from deprecated PodSecurityPolicy. Trigger when the user asks…

Use this skill when reviewing agentic-AI platforms built on the NVIDIA stack — NeMo Agent Toolkit, NIM-as-tool patterns, retrieval-augmented generation pipelines, tool-call safety, agent memory boundaries, and per-tenant audit logging. Trigger when the user asks whether agent…

Review OVHcloud IAM policies for overly permissive allow rules, missing deny blocks, unscoped URNs, absent condition blocks (IP CIDR, resource tag, expiration), and identity-group hygiene. Use when the user needs to audit access control, review `ovh_iam_policy` Terraform…

Review and advise on OVHcloud Managed Kubernetes (MCK) cluster lifecycle, node pool sizing, autoscaling configuration, version upgrade planning, workload placement via taints and tolerations, network policies, RBAC hardening, and cluster security posture. Use when the user needs…

Design and review OVHcloud network topology including vRack private network segmentation, VLAN configuration, Public Cloud private network attachment, dedicated server connectivity, load balancer placement, DNS zone design, security group rules, and blast-radius scoping for…

Review Scaleway IAM policies, API key governance, service account bindings, and organization/project-level permission sets for least-privilege posture. Use when the user asks to audit API key scopes, review IAM policy breadth, assess service account access, or tighten Scaleway…

Gate and execute Scaleway Kapsule live mutations — Kubernetes version upgrades, node pool creation/deletion/scaling, and cluster configuration changes — with mandatory PDB audit, cluster health verification, explicit approval, and a documented rollback plan. Use when a live…

Act as the Scaleway network design and security advisor: review and design VPC topology, Private Network attachment, security groups, Load Balancer configuration, placement groups, and multi-zone HA patterns.

> Adversarial HRIS controls reviewer for HRIS workflow controls, access > permissions, approval chains, audit logs, data-quality controls, separation > of duties, and system-change risk. Surfaces risks and escalation paths for > HR systems and security owners; does not give…

> Maestro agent for the HR domain. Classifies an incoming HR matter, routes it > to the right HR specialist agent(s), and coordinates cross-functional review > with Legal, Compliance, Privacy, Security, Finance, Payroll, and leadership. > Classification and coordination only —…

> Agent for `istio-ambient-mesh-review`. Review Istio ambient mesh configuration — ztunnel L4 vs waypoint L7 enforcement, AuthorizationPolicy scope, PeerAuthentication mTLS mode, RequestAuthentication JWKs, and gateway configuration for service mesh security posture.

> Agent for `kyverno-policy-review`. Review Kyverno ClusterPolicy and Policy resources for failureAction, background scanning, PolicyException audit, mutate/generate rules, and Kyverno-vs-native ValidatingAdmissionPolicy decision.

> Adversarial contract-risk reviewer for clauses, indemnity, limitation of liability, termination, renewal, warranties, assignment, confidentiality, audit rights, dispute resolution, governing law, and commercial risk. Surfaces risks and escalation paths for qualified counsel;…

> Adversarial policy-governance reviewer for corporate policies, approval matrices, delegated authority, records retention, document governance, compliance ownership, and board and audit escalation triggers. Surfaces risks and escalation paths for qualified counsel; does not…

> Adversarial vendor and procurement-risk reviewer for vendor contracts, third-party risk, audit rights, DPAs, SLAs, outsourcing, data sharing, and subcontractor obligations. Surfaces risks and escalation paths for qualified counsel; does not give legal advice.

> Agent for `influencer-disclosure-compliance-review`. Reviews influencer campaign audit packs — brief, contract, post descriptions, and disclosure placement specs — against FTC Endorsement Guides to identify undisclosed material connections, inadequate disclosure placement, and…

> Agent for `prometheus-alerting-cardinality-review`. Reviews Prometheus and AlertManager configuration for cardinality explosion, alert expression correctness, scrape security, routing safety, and retention adequacy.

> Agent for `kubernetes-manifest-quality-review`. Reviews raw Kubernetes YAML manifests for security, quality, and policy defects — deprecated APIs, missing securityContext fields, absent resource limits, missing health probes, RBAC over-permission, plaintext secrets, and…