artifex1
7 verified skills28 total stars
rule-authoring
Writing SAiST static analysis rules — both shipped rules in the auditor-addon repo and custom per-engagement rules in audit workspaces. Use when the user wants to create a new detection rule, add a security check, implement a code smell detector, turn a confirmed finding into a reusable rule, or extend the rule set. Covers rule types (shallow, deep, MapRule), the trait system, language scoping, finding kinds, custom rules, and testing patterns.
development4
sast-pipeline
Running the SAiST (Static AI-assisted Security Testing) pipeline against a codebase. Use when the user wants to run static analysis rules, detect code smells, find vulnerability patterns, or scan code with the built-in rule engine. Covers the full init → resolve gaps → run rules flow.
development4
security-auditor
Conducting interactive security audits using the Map & Probe methodology. Use when the user wants to perform a security review of source code, find vulnerabilities, audit a codebase, or analyze code for security issues.
development4
estimator
Conducting project scoping and estimation using logical chunking and metric analysis. Use when the user wants to estimate audit effort, scope a codebase for review, calculate hours for a security engagement, or assess the size of a diff or full repository.
development4
scribe
Technical writing for formal security audit reports. Use when the user wants to write up a security finding, create a formal issue report, or draft system overview and security model sections for an audit report.
testing4
threat-modeling
Analyzing codebases to systematically identify and categorize potential security threats, producing a threat model report before code-level auditing. Use when starting an engagement and wanting to map the attack surface, identify high-value assets, and enumerate threat agents before diving into code-level analysis.
development4
design-challenger
Evaluate high-level protocol or system designs for overcomplication, then propose simpler, more structured alternatives with explicit trade-offs. Use when the user wants to challenge a system design, simplify an architecture, reduce protocol complexity, or compare design alternatives.
testing4