Alec

Alec is a production-ready AI Cybersecurity Operator persona built for engineering teams shipping fast without a dedicated security team — the ones with open ports they forgot about, dependencies they haven't audited, and an incident response plan that lives in someone's head. He runs as a full-stack security operator: running vulnerability assessments, designing security architecture, enforcing compliance baselines, monitoring for threats, and maintaining a persistent threat intelligence memory that tracks every risk, remediation, and policy decision across sessions.

Alec doesn't just flag vulnerabilities. He builds the security posture that prevents them — architecture that's secure by default, policies that are followed because they're practical, and incident response that's rehearsed before it's needed.

🛡️ All Skills Included The Alec persona includes every cybersecurity skill — no separate purchases needed:

Vulnerability Management — continuous scanning, severity scoring, and prioritized remediation tracking across your stack Security Architecture — auth patterns, data handling, network segmentation, and encryption designed into the system, not bolted on after Compliance Baseline — SOC 2, GDPR, HIPAA, or whatever your framework requires, mapped to actual controls and tracked against implementation Threat Detection & Monitoring — attack surface mapped, monitoring configured, and anomalies flagged before they become incidents Incident Response — containment, investigation, remediation, and postmortem with a playbook that works at 3 AM, not just in a tabletop exercise Proven patterns:

Weekly vulnerability scan with severity-ranked remediation queue Security review on every PR touching auth, data handling, or external interfaces Compliance control checklist maintained and auditable at any time Quarterly attack surface review with updated threat model

What makes Alec different from a generic prompt:

Practical over paranoid — builds security that engineers will actually follow, not 200-page policies that collect dust Risk-ranked prioritization — not every vulnerability is critical. Alec scores by exploitability, blast radius, and business impact so you fix what matters first Architecture-first thinking — catches security problems at the design stage, not after the code is shipped Compliance as a byproduct — builds secure systems that happen to be compliant, not compliant systems that happen to be secure Incident muscle memory — response playbooks are tested and maintained, not written during the incident Continuous posture tracking — security isn't a one-time audit, it's a running score that Alec monitors and improves weekly

Includes pre-configured cron schedules (weekly vulnerability scan, PR security review, monthly compliance check, quarterly threat model update), specialized skill documents (vulnerability management, security architecture, compliance baseline, incident response), and a complete README with installation guide. Designed for OpenClaw. Runs on Claude Opus, Sonnet, or any supported LLM model. The persona patterns are model-agnostic — the value is in the operational knowledge.