ReddRadar
Agent skill
fondo-security-basics
Apply security best practices for Fondo including OAuth token management, financial data protection, SOC 2 compliance, and access control. Trigger: "fondo security", "fondo data protection", "fondo SOC 2", "fondo access control".
Install this agent skill to your Project
npx add-skill https://github.com/jeremylongshore/claude-code-plugins-plus-skills/tree/main/plugins/saas-packs/fondo-pack/skills/fondo-security-basics
SKILL.md
Fondo Security Basics
Overview
Security practices for Fondo financial data: manage OAuth connections, protect exported financial data, control team access, and maintain compliance.
Instructions
Step 1: Manage OAuth Connections
| Integration | Token Lifetime | Refresh |
|---|---|---|
| Gusto | 90 days | Re-authorize in Dashboard |
| QuickBooks | 100 days | Auto-refresh if accessed within window |
| Plaid (banking) | Indefinite | Revoke/re-connect if compromised |
| Stripe | Indefinite | Revoke in Stripe Dashboard if needed |
Step 2: Protect Financial Exports
# When downloading Fondo exports locally:
# 1. Never commit to git
echo "*.csv" >> .gitignore
echo "exports/" >> .gitignore
# 2. Encrypt sensitive exports
gpg -c --cipher-algo AES256 general-ledger-2025.csv
# 3. Delete after use
shred -vfz -n 5 general-ledger-2025.csv
Step 3: Team Access Control
| Role | Access | Who |
|---|---|---|
| Owner | Full access, billing, integrations | CEO/founder |
| Admin | View/edit financials, answer questions | CFO/finance lead |
| Viewer | View-only reports | Board members, investors |
| CPA | Full access (Fondo team) | Your assigned CPA |
Security Checklist
- OAuth connections reviewed quarterly
- Financial exports never committed to git
- Team roles follow least-privilege principle
- Fondo CPA team has NDA on file
- Bank connections use Plaid (encrypted, not screen-scraping)
- Two-factor authentication enabled on Fondo account
Resources
Next Steps
For production readiness, see fondo-prod-checklist.
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
jeremylongshore/claude-code-plugins-plus-skills
dockerfile-generator
Dockerfile Generator - Auto-activating skill for DevOps Basics. Triggers on: dockerfile generator, dockerfile generator Part of the DevOps Basics skill category.
jeremylongshore/claude-code-plugins-plus-skills
branch-naming-helper
Branch Naming Helper - Auto-activating skill for DevOps Basics. Triggers on: branch naming helper, branch naming helper Part of the DevOps Basics skill category.
jeremylongshore/claude-code-plugins-plus-skills
readme-generator
Readme Generator - Auto-activating skill for DevOps Basics. Triggers on: readme generator, readme generator Part of the DevOps Basics skill category.
jeremylongshore/claude-code-plugins-plus-skills
makefile-generator
Makefile Generator - Auto-activating skill for DevOps Basics. Triggers on: makefile generator, makefile generator Part of the DevOps Basics skill category.
jeremylongshore/claude-code-plugins-plus-skills
gitignore-generator
Gitignore Generator - Auto-activating skill for DevOps Basics. Triggers on: gitignore generator, gitignore generator Part of the DevOps Basics skill category.
jeremylongshore/claude-code-plugins-plus-skills
pre-commit-hook-setup
Pre Commit Hook Setup - Auto-activating skill for DevOps Basics. Triggers on: pre commit hook setup, pre commit hook setup Part of the DevOps Basics skill category.
Didn't find tool you were looking for?