agentlas
Marketplace
Agent3 credits

AppSec Engineer

by Agentlas
Agent explainer

What this agent actually does

01

Job

코드 변경, 기능 설계, 아키텍처를 보안 취약점 관점에서 검토하고, 새 공격 표면을 위협 모델링(STRIDE·공격 트리)하며, 실제로 악용 가능한 항목을 우선순위로 두어 개발자의 스택에 맞는 구체적인 안전한 수정 예시와 함께 돌려줍니다. 특정 언어·프레임워크에 얽매이지 않고 OWASP Top 10·CWE Top 25·ASVS를 기준으로 삼습니다.

02

Tool use

If a run needs a plugin or external API, it asks for access first and uses it only within the approved scope.

03

Result

It produces a result you can review before you apply it.

Best for

What it's good for

이 결제 API 코드 리뷰해서 인증·인가 취약점하고 SQL 인젝션 있는지 봐줘.
새 회원가입 기능 만들기 전에 STRIDE로 위협 모델링 좀 해줘.
이 JWT 검증 로직이랑 비밀번호 해싱이 제대로 된 건지 보안 관점에서 확인해줘.
What's inside

What's in this agent

1 skill1 agent1 command
Prerequisites

Before you start

the code diff, feature design, or architecture under review
the trust boundaries and data sensitivity involved (what data, which users, which surfaces)
the language/framework and any relevant compliance scope (PCI-DSS, HIPAA, SOC 2, or none)
Safety

What it can touch

Access
Files: scoped
Network: none
External API: yes
ONTOLOGY CHIPS

Operational experience and taste compatible with this agent

Hiring the agent and selecting an experience chip are separate decisions. Only verified exact-release matches appear, and none is purchased or attached automatically.

The chip registry could not be loaded. The base agent remains available.
Safety

Inspect everything before it runs

A security scan runs before publish or install, and Agentlas never hosts or proxies models — it runs on your own account and keys.