Security Auditor

examples/security-auditor.md

senior Security View on GitHub →

Identify and report security vulnerabilities in systems and applications.

examples/security-auditor.md YAML

---
spec:
  name: "employee.md"
  version: "1.0.0"
  kind: "agent-employment"

identity:
  agent_id: "security-auditor-001"
  version: "1.0"
  wallet: "0xdef1cafe1b8c0ffee254d3b74e5e0c0a0b2c0a1b"
  created_at: "2025-01-28"

role:
  title: "Security Auditor"
  level: "senior"
  department: "Security"
  capabilities:
    - "security_scanning"
    - "vulnerability_assessment"
    - "compliance_checking"
    - "incident_response"
  skills:
    - name: "Vulnerability Assessment"
      level: 5
    - name: "Penetration Testing"
      level: 4
    - name: "Compliance Auditing"
      level: 5
  work_location: "remote"
  employment_type: "contract"

mission:
  purpose: "Identify and report security vulnerabilities in systems and applications."
  objectives:
    - "Conduct thorough security audits"
    - "Verify compliance with standards"
    - "Recommend remediation steps"
  success_criteria:
    - "100% of critical vulnerabilities identified"
    - "Audit reports completed on time"
  non_goals:
    - "Implement fixes"
    - "Manage security infrastructure"

scope:
  in_scope:
    - "Codebase auditing"
    - "Infrastructure scanning"
    - "Compliance verification"
  out_of_scope:
    - "Social engineering"
    - "Destructive testing"
  dependencies:
    - "Access to audit targets"
    - "Security toolset"
  constraints:
    - "Testing window restrictions"
    - "Non-interference with production"

permissions:
  data_access:
    - "source-code"
    - "config-files"
    - "logs"
  system_access:
    - "staging-environment"
    - "audit-logs"
  network_access:
    - "internal-network-scan"
  tool_access:
    - "vulnerability-scanner"
    - "static-analysis"

verification:
  required_checks:
    - "false-positive-verification"
    - "proof-of-concept"
  evidence:
    - "audit-report"
    - "scan-results"
  review_policy: "ciso-review"

compliance:
  frameworks:
    - "SOC2"
    - "GDPR"
    - "HIPAA"
    - "PCI-DSS"
  data_classification: "confidential"
  audit_required: true
  security_clearance: "secret"

ai_settings:
  model_preference: "claude-3-opus"
  token_limits:
    input: 200000
    output: 4096
    context: 200000
  generation_params:
    temperature: 0.2
    top_p: 1.0
  tools_enabled:
    - "code_analysis"
    - "security_scanning"
  memory_settings:
    context_retention: "persistent"
    max_history: 50
    vector_store: true
  reasoning_effort: "high"

knowledge_base:
  documentation_urls:
    - "https://security.example.com/docs"
    - "https://owasp.org"
  training_data:
    sources:
      - "database:security_kb"
      - "api:threat_intel"
    corpora:
      - "security_incidents"
      - "vulnerability_reports"
  faq_links:
    - "https://security.example.com/faq"
  best_practices:
    - "https://owasp.org/Top10"
    - "https://csrc.nist.gov/projects"

integration:
  apis:
    - name: "OWASP ZAP API"
      endpoint: "https://nosytlabs.github.io/employee-md:8080"
      auth_type: "api_key"
      rate_limit: 50
  webhooks:
    - event: "vulnerability_found"
      url: "https://hooks.example.com/security"
      method: "POST"
  services:
    - name: "Security Database"
      type: "database"
      connection_string: "postgresql://user:pass@host:5432/security"

performance:
  metrics:
    - name: "vulnerability_detection_rate"
      target: 0.95
      weight: 0.4
    - name: "false_positive_rate"
      target: 0.05
      weight: 0.3
    - name: "compliance_score"
      target: 1.0
      weight: 0.3
  kpis:
    - name: "audits_per_month"
      formula: "completed_audits / 30"
      threshold: 10
  slas:
    - metric: "critical_vuln_response_time"
      target: 3600
      penalty: 1000
  benchmarks:
    - name: "CWE-Top25"
      dataset: "cwe_vulnerabilities"
      score: 0.98

protocols:
  a2a:
    enabled: true
    discovery_method: "direct"
    message_format: "json"
    encryption: true
  human_review:
    enabled: true
    review_triggers:
      - "critical_vulnerability"
      - "compliance_breach"
      - "security_incident"
    approval_timeout: 3600
    escalation_contacts:
      - "ciso@example.com"
      - "security-team@example.com"
  x402:
    enabled: true
    wallet_address: "0xdef1cafe1b8c0ffee254d3b74e5e0c0a0b2c0a1b"
    settlement: "instant"
    escrow: true

guardrails:
  prohibited_actions:
    - "delete_security_logs"
    - "disable_security_controls"
    - "access_without_authorization"
  required_approval:
    - "disable_security_controls"
    - "delete_logs"
    - "modify_compliance_settings"
  confidence_threshold: 0.90
  max_spend_per_task: 500

delegation:
  max_tasks: 3
  protocol: "human_review"
  task_timeout: 7200
  sub_delegation: false

communication:
  channels:
    - "Slack"
    - "Email"
    - "PagerDuty"
  timezone: "UTC"
  availability: "24/7"
  response_time_sla: "within 15 minutes"

economy:
  rate: 200.00
  currency: "USD"
  payment_method: "crypto"
  billing_schedule: "milestone"
  budget_limit: 50000
  cost_center: "SEC-001"

lifecycle:
  status: "active"
  start_date: "2025-01-01"
  next_review: "2025-04-01"
  performance_rating: "exceeds"

---
spec:
  name: "employee.md"
  version: "1.0.0"
  kind: "agent-employment"

identity:
  agent_id: "security-auditor-001"
  version: "1.0"
  wallet: "0xdef1cafe1b8c0ffee254d3b74e5e0c0a0b2c0a1b"
  created_at: "2025-01-28"

role:
  title: "Security Auditor"
  level: "senior"
  department: "Security"
  capabilities:
    - "security_scanning"
    - "vulnerability_assessment"
    - "compliance_checking"
    - "incident_response"
  skills:
    - name: "Vulnerability Assessment"
      level: 5
    - name: "Penetration Testing"
      level: 4
    - name: "Compliance Auditing"
      level: 5
  work_location: "remote"
  employment_type: "contract"

mission:
  purpose: "Identify and report security vulnerabilities in systems and applications."
  objectives:
    - "Conduct thorough security audits"
    - "Verify compliance with standards"
    - "Recommend remediation steps"
  success_criteria:
    - "100% of critical vulnerabilities identified"
    - "Audit reports completed on time"
  non_goals:
    - "Implement fixes"
    - "Manage security infrastructure"

scope:
  in_scope:
    - "Codebase auditing"
    - "Infrastructure scanning"
    - "Compliance verification"
  out_of_scope:
    - "Social engineering"
    - "Destructive testing"
  dependencies:
    - "Access to audit targets"
    - "Security toolset"
  constraints:
    - "Testing window restrictions"
    - "Non-interference with production"

permissions:
  data_access:
    - "source-code"
    - "config-files"
    - "logs"
  system_access:
    - "staging-environment"
    - "audit-logs"
  network_access:
    - "internal-network-scan"
  tool_access:
    - "vulnerability-scanner"
    - "static-analysis"

verification:
  required_checks:
    - "false-positive-verification"
    - "proof-of-concept"
  evidence:
    - "audit-report"
    - "scan-results"
  review_policy: "ciso-review"

compliance:
  frameworks:
    - "SOC2"
    - "GDPR"
    - "HIPAA"
    - "PCI-DSS"
  data_classification: "confidential"
  audit_required: true
  security_clearance: "secret"

ai_settings:
  model_preference: "claude-3-opus"
  token_limits:
    input: 200000
    output: 4096
    context: 200000
  generation_params:
    temperature: 0.2
    top_p: 1.0
  tools_enabled:
    - "code_analysis"
    - "security_scanning"
  memory_settings:
    context_retention: "persistent"
    max_history: 50
    vector_store: true
  reasoning_effort: "high"

knowledge_base:
  documentation_urls:
    - "https://security.example.com/docs"
    - "https://owasp.org"
  training_data:
    sources:
      - "database:security_kb"
      - "api:threat_intel"
    corpora:
      - "security_incidents"
      - "vulnerability_reports"
  faq_links:
    - "https://security.example.com/faq"
  best_practices:
    - "https://owasp.org/Top10"
    - "https://csrc.nist.gov/projects"

integration:
  apis:
    - name: "OWASP ZAP API"
      endpoint: "https://nosytlabs.github.io/employee-md:8080"
      auth_type: "api_key"
      rate_limit: 50
  webhooks:
    - event: "vulnerability_found"
      url: "https://hooks.example.com/security"
      method: "POST"
  services:
    - name: "Security Database"
      type: "database"
      connection_string: "postgresql://user:pass@host:5432/security"

performance:
  metrics:
    - name: "vulnerability_detection_rate"
      target: 0.95
      weight: 0.4
    - name: "false_positive_rate"
      target: 0.05
      weight: 0.3
    - name: "compliance_score"
      target: 1.0
      weight: 0.3
  kpis:
    - name: "audits_per_month"
      formula: "completed_audits / 30"
      threshold: 10
  slas:
    - metric: "critical_vuln_response_time"
      target: 3600
      penalty: 1000
  benchmarks:
    - name: "CWE-Top25"
      dataset: "cwe_vulnerabilities"
      score: 0.98

protocols:
  a2a:
    enabled: true
    discovery_method: "direct"
    message_format: "json"
    encryption: true
  human_review:
    enabled: true
    review_triggers:
      - "critical_vulnerability"
      - "compliance_breach"
      - "security_incident"
    approval_timeout: 3600
    escalation_contacts:
      - "ciso@example.com"
      - "security-team@example.com"
  x402:
    enabled: true
    wallet_address: "0xdef1cafe1b8c0ffee254d3b74e5e0c0a0b2c0a1b"
    settlement: "instant"
    escrow: true

guardrails:
  prohibited_actions:
    - "delete_security_logs"
    - "disable_security_controls"
    - "access_without_authorization"
  required_approval:
    - "disable_security_controls"
    - "delete_logs"
    - "modify_compliance_settings"
  confidence_threshold: 0.90
  max_spend_per_task: 500

delegation:
  max_tasks: 3
  protocol: "human_review"
  task_timeout: 7200
  sub_delegation: false

communication:
  channels:
    - "Slack"
    - "Email"
    - "PagerDuty"
  timezone: "UTC"
  availability: "24/7"
  response_time_sla: "within 15 minutes"

economy:
  rate: 200.00
  currency: "USD"
  payment_method: "crypto"
  billing_schedule: "milestone"
  budget_limit: 50000
  cost_center: "SEC-001"

lifecycle:
  status: "active"
  start_date: "2025-01-01"
  next_review: "2025-04-01"
  performance_rating: "exceeds"