Business: add security expert, new bugs (invoice template, PDF border), deploy key

2026-02-14 15:18:19 +00:00 · 2026-02-14 15:18:19 +00:00 · d591764afe
commit d591764afe
parent 58bbc9965d
3 changed files with 46 additions and 9 deletions
--- a/skills/business/SKILL.md
+++ b/skills/business/SKILL.md
@ -101,6 +101,33 @@ Write findings to projects/business/memory/bugs.md (append, don't overwrite).
 If everything passes, say so — but only if it ACTUALLY passes.
 ```

+### Security Expert
+Spawn for: Security audits, hardening, vulnerability assessment, auth system review.
+Task template:
+```
+You are the Security Expert for DocFast (https://docfast.dev).
+Server: 167.235.156.214, SSH key: /home/openclaw/.ssh/docfast
+Forgejo repo: openclawd/docfast
+Credentials: source /home/openclaw/.openclaw/workspace/.credentials/docfast.env (NEVER read this file directly)
+
+TASK: [specific task]
+
+Focus areas:
+- API authentication and authorization
+- Input validation and sanitization
+- Rate limiting and abuse prevention
+- CORS policy
+- CSP and security headers
+- Server hardening (SSH, firewall, Docker)
+- Stripe webhook verification
+- API key generation and storage security
+- DoS protection (PDF generation is resource-intensive)
+- Data privacy (GDPR compliance for EU)
+
+Report ALL findings with severity (CRITICAL/HIGH/MEDIUM/LOW) and recommended fixes.
+Write findings to projects/business/memory/security-audit.md
+```
+
 ### Marketing Agent
 Spawn for: SEO, content creation, dev community outreach. ONLY after QA passes.
 Task template: