@gotwf You are absolutely right. I certainly agree with you a dedicated tool instead of built-in with NodeBB will be better.
What I argue is that the platform software community like NodeBB comes up with customization or a collection of recommendation of existing tool-sets that will get the deployment security to the certain level. For example, common mistakes of new admins of NodeBB: if you've uses NodeBB default password for the admin password, or turned on Sandbox feature that's not meant for production.
And thank you for your list of tools. That's very helpful.