Skip to main content
5 specialized agents covering offensive security, compliance, threat modeling, and blockchain security.

Agents

Security Auditor

Security audits, compliance assessments, and risk evaluations
  • Mode: subagent
  • Quality: 4.25/5 (Good)
  • Tags: security-audit, compliance, risk, vulnerabilities, assessment
npx github:dmicheneau/opencode-template-agent install security-auditor

Penetration Tester

Offensive security testing, vulnerability exploitation, and risk demos
  • Mode: subagent
  • Quality: 4.62/5 (Excellent)
  • Tags: penetration-testing, security, exploitation, vulnerabilities, offensive
npx github:dmicheneau/opencode-template-agent install penetration-tester

Security Engineer

Threat modeling, secure SDLC, vulnerability management, and security architecture
  • Mode: subagent
  • Quality: 4.25/5 (Good)
  • Tags: security, threat-modeling, sdlc, vulnerability-management, devsecops
npx github:dmicheneau/opencode-template-agent install security-engineer

Compliance Auditor

Compliance framework specialist for SOC2, GDPR, HIPAA, PCI-DSS, and ISO 27001
  • Mode: subagent
  • Quality: 4.75/5 (Excellent)
  • Tags: compliance, soc2, gdpr, hipaa, pci-dss, iso-27001, audit
npx github:dmicheneau/opencode-template-agent install compliance-auditor

Smart Contract Auditor

Smart contract security audits, vulnerability detection, and attack analysis
  • Mode: subagent
  • Quality: 4.75/5 (Excellent)
  • Tags: smart-contracts, blockchain, solidity, security, web3, audit
npx github:dmicheneau/opencode-template-agent install smart-contract-auditor

Usage Examples

@security/security-auditor Audit this authentication system

Quality Stats

  • Average score: 4.52/5
  • 3 Excellent, 2 Good rating
  • Total tokens: ~8,600 (avg ~1,720 per agent)
  • Coverage: Offensive + defensive + compliance + blockchain

Common Workflows

Comprehensive security coverage:
npx github:dmicheneau/opencode-template-agent install --pack security
Includes: security-auditor, penetration-tester, smart-contract-auditor, compliance-auditor
Security + DevOps + testing:
npx github:dmicheneau/opencode-template-agent install --pack ship-it-safely
Includes: ci-cd-engineer, docker-specialist, kubernetes-specialist, sre-engineer, security-engineer, qa-expert
  1. Security Engineer — Threat modeling and architecture review
  2. Security Auditor — Code and configuration audit
  3. Penetration Tester — Offensive testing
  4. Compliance Auditor — Compliance validation (if needed)
  1. Smart Contract Auditor — Full contract audit
  2. Security Engineer — Threat modeling for contract interactions
  3. Penetration Tester — Exploit scenario testing

When to Use

  • Conducting security assessments
  • Reviewing code for vulnerabilities
  • Evaluating security posture
  • Preparing for security certifications
  • Testing application security
  • Finding exploitable vulnerabilities
  • Validating security controls
  • Demonstrating risk to stakeholders
  • Designing secure systems
  • Implementing threat modeling
  • Building security into SDLC
  • Vulnerability management
  • Preparing for SOC2, GDPR, HIPAA, PCI-DSS, ISO 27001
  • Conducting compliance gap analysis
  • Implementing compliance controls
  • Maintaining certification readiness
  • Auditing Solidity contracts
  • Reviewing DeFi protocols
  • Detecting reentrancy, overflow, access control issues
  • Pre-deployment security validation

Security Best Practices

All security agents follow responsible disclosure practices. Use offensive security tools (like penetration testing) only on systems you own or have explicit permission to test.

Defense in Depth

Use multiple agents for comprehensive coverage:
  • Security Engineer for architecture
  • Security Auditor for code review
  • Penetration Tester for validation

Shift Left Security

Integrate security early:
  • Security Engineer during design
  • Code Reviewer in PRs (with security focus)
  • Security Auditor before deployment

Build docs developers (and LLMs) love

Get started for freeTalk to us