Security

Secure environment variable management with Varlock. Use when handling secrets, API keys, credentials, or any sensitive configuration. Ensures secrets are never exposed in terminals, logs, traces, or Claude's context. Trigger phrases include "environment variables", "secrets", ".env", "API key", "credentials", "sensitive", "Varlock".

Security scanner for Claude Code skills. Use when users want to scan a skill before installing, check an installed skill's security, or analyze any skill from a GitHub URL, local path, or installed location. Triggers on "scan this skill", "check skill security", "is this skill safe", or when users provide a skill URL/path asking about its safety.

Create or refine a concise, normative security policy ("Blue Book") for sensitive applications. Use when users need a threat model, data classification rules, auth/session policy, logging and audit requirements, retention/deletion expectations, incident response, or security gates for apps handling PII/PHI/financial data.