from gstack (Korean docs)43
Manual Chief Security Officer auditing skill that runs an infrastructure-first security review: secrets archaeology, supply-chain checks, CI/CD analysis, LLM se
Provides a comprehensive, infrastructure-first security audit workflow designed as a Chief Security Officer persona. It guides the agent through stack detection, secrets archaeology, dependency and CI/CD analysis, webhook and integration checks, LLM/AI-specific security, skill supply-chain scanning, OWASP Top 10 validation, STRIDE threat modeling, and active verification filters. Produces a structured findings report with exploit scenarios and remediation recommendations.
Invoke manually with /cso for daily zero-noise audits or /cso --comprehensive for deeper monthly scans. Use when you need a first-pass security posture review, trend tracking across audits, or to triage high-risk CI/dependency issues. Not intended to run automatically — manual trigger only.
Designed for Claude Code environments and gstack-enabled Claude agent setups; expects Bash, Grep, Read, Write, WebSearch and Agent tool access.
This skill has not been reviewed by our automated audit pipeline yet.
Plan Design Review
Interactive, designer-eye review of design plans: rates dimensions, finds gaps, and edits the plan to add missing UI decisions and interaction states.
Canary — Post-deploy Monitor
Post-deploy canary monitor that watches production pages for console errors, performance regressions, and page failures; captures screenshots and compares them
