Overview
The Security Team pack provides expert agents for comprehensive security assessments across applications, infrastructure, and blockchain systems. From security audits to penetration testing, from smart contract analysis to compliance frameworks — this pack covers offensive and defensive security. Perfect for security engineers, penetration testers, compliance teams, and organizations prioritizing security.Installation
Included Agents
security-auditor
Security Audit SpecialistCode security reviews, vulnerability assessments, risk evaluation, and OWASP Top 10 analysis
penetration-tester
Penetration Testing ExpertOffensive security testing, vulnerability exploitation, attack simulation, and risk demonstrations
smart-contract-auditor
Smart Contract SecurityBlockchain security audits, Solidity vulnerability detection, attack pattern analysis, and Web3 security
compliance-auditor
Compliance Framework SpecialistSOC2, GDPR, HIPAA, PCI-DSS, ISO 27001 compliance audits and framework implementation
Who Should Use This Pack?
Security Engineers
Security Engineers
Conduct comprehensive security audits and implement security controls
Penetration Testers
Penetration Testers
Perform offensive security testing and identify exploitable vulnerabilities
Compliance Teams
Compliance Teams
Ensure regulatory compliance and implement security frameworks
Blockchain Developers
Blockchain Developers
Audit smart contracts and secure Web3 applications
Example Workflow
Here’s how to perform a comprehensive security assessment:Key Capabilities
Security Auditing
- OWASP Top 10 vulnerability detection
- Code security reviews
- Architecture security assessment
- Threat modeling
- Security best practices guidance
Penetration Testing
- Application security testing (web, mobile, API)
- Network security assessment
- Social engineering simulations
- Vulnerability exploitation
- Attack path analysis
Smart Contract Security
- Solidity vulnerability detection
- Reentrancy and overflow analysis
- Access control verification
- Gas optimization review
- Upgrade pattern security
Compliance Frameworks
- SOC2 Type I and Type II
- GDPR data protection
- HIPAA healthcare compliance
- PCI-DSS payment security
- ISO 27001 information security
Common Use Cases
- Web Application Audit
- Smart Contract Audit
- Compliance Certification
- Penetration Test
Agents: security-auditor → penetration-tester → compliance-auditorComprehensive security assessment of web applications with compliance verification.
Vulnerability Categories
OWASP Top 10
OWASP Top 10
security-auditor and penetration-tester cover:
- Injection attacks (SQL, NoSQL, command)
- Broken authentication and session management
- Cross-Site Scripting (XSS)
- Security misconfiguration
- Sensitive data exposure
- And more…
Smart Contract Vulnerabilities
Smart Contract Vulnerabilities
smart-contract-auditor detects:
- Reentrancy attacks
- Integer overflow/underflow
- Access control issues
- Front-running vulnerabilities
- Gas optimization issues
Infrastructure Security
Infrastructure Security
security-auditor and penetration-tester assess:
- Network segmentation
- Firewall configurations
- Encryption in transit and at rest
- Container and orchestration security
- Cloud security posture
Compliance Controls
Compliance Controls
compliance-auditor verifies:
- Access controls and authentication
- Data encryption and protection
- Audit logging and monitoring
- Incident response procedures
- Business continuity planning
Security Assessment Process
| Phase | Agents | Activities |
|---|---|---|
| Reconnaissance | penetration-tester | Information gathering, attack surface mapping |
| Scanning | security-auditor, penetration-tester | Automated and manual vulnerability detection |
| Exploitation | penetration-tester | Attempt to exploit identified vulnerabilities |
| Reporting | security-auditor | Document findings, severity ratings, remediation |
| Compliance | compliance-auditor | Map findings to compliance requirements |
| Verification | penetration-tester | Re-test after fixes are implemented |
Compliance Frameworks
| Framework | Focus | Agent |
|---|---|---|
| SOC2 | Service organization controls for SaaS | compliance-auditor |
| GDPR | EU data protection and privacy | compliance-auditor |
| HIPAA | Healthcare data protection | compliance-auditor |
| PCI-DSS | Payment card data security | compliance-auditor, security-auditor |
| ISO 27001 | Information security management | compliance-auditor, security-auditor |
| OWASP ASVS | Application security verification | security-auditor, penetration-tester |
Complementary Agents
Consider adding these agents for expanded security coverage:- security-engineer — Design secure architectures and implement DevSecOps
- code-reviewer — Automated code quality and security reviews
- docker-specialist — Container security and image scanning
- kubernetes-specialist — Kubernetes security hardening
- aws-specialist — Cloud security posture and IAM policies
Security Tools Integration
The security pack agents work alongside these tools:- SAST Tools
- DAST Tools
- Smart Contract Tools
- Compliance Tools
Static Application Security Testing:
- Semgrep, SonarQube, Checkmarx
- Agents provide manual review and false positive filtering
Next Steps
Install Security Pack
Explore Individual Agents
Browse detailed documentation for each agent
DevOps Pack
Add infrastructure security and deployment automation
Backend Pack
Build secure backend systems and APIs