Security

This skill enables Claude to conduct a security-focused code review using the security-agent plugin. It analyzes code for potential vulnerabilities like SQL injection, XSS, authentication flaws, and insecure dependencies. Claude uses this skill when the user explicitly requests a security audit, asks for a code review with a focus on security, or mentions security concerns related to code. The security-agent plugin then provides structured security findings with severity ratings, code locations, impact assessments, and remediation guidance.

This skill enables Claude to seamlessly integrate with various secrets managers like HashiCorp Vault and AWS Secrets Manager. It generates configurations and setup code, ensuring best practices for secure credential management. Use this skill when you need to manage sensitive information, generate production-ready configurations, or implement a security-first approach for your DevOps infrastructure. Trigger terms include "integrate secrets manager", "configure Vault", "AWS Secrets Manager setup", "manage credentials securely", or requests for secure configuration generation.

Dual-AI engineering loop orchestrating Claude Code (planning/implementation) and Gemini (validation/review). Use when (1) complex feature development requiring validation, (2) high-quality code with security/performance concerns, (3) large-scale refactoring, (4) user requests gemini-claude loop or dual-AI review. Do NOT use for simple one-off fixes or prototypes.

GitHub ActionsでのDockerビルド/プッシュを設計・実装するスキル。レジストリ認証、キャッシュ戦略、マルチプラットフォーム対応を整理する。Anchors:• docker/build-push-action / 適用: ビルドとプッシュ / 目的: 自動化• BuildKit / 適用: キャッシュ最適化 / 目的: ビルド高速化• Registry Authentication / 適用: 認証設計 / 目的: 安全な配布Trigger:Use when configuring GitHub Actions for Docker build and push, managing registry auth, or optimizing BuildKit cache.docker build push action, buildx, registry auth, github actions docker

This skill enables comprehensive vulnerability scanning using the vulnerability-scanner plugin. It identifies security vulnerabilities in code, dependencies, and configurations, including CVE detection. Use this skill when the user asks to scan for vulnerabilities, security issues, or CVEs in their project. Trigger phrases include "scan for vulnerabilities", "find security issues", "check for CVEs", "/scan", or "/vuln". The plugin performs static analysis, dependency checking, and configuration analysis to provide a detailed vulnerability report.

pre-commit hookセキュリティスキル。機密情報検出パターン、git-secrets/gitleaks統合、チーム展開戦略、Git履歴スキャンを実装し、コミット前の機密情報漏洩を防ぐ。Anchors:• Web Application Security (Andrew Hoffman) / 適用: 脅威モデリング・セキュア設計 / 目的: セキュリティリスクの体系的評価• OWASP Top 10 / 適用: 機密情報検出パターン設計 / 目的: 業界標準の脆弱性分類に基づくパターン定義• git-secrets / gitleaks公式ドキュメント / 適用: ツール統合・設定 / 目的: 公式ベストプラクティスに準拠した導入Trigger:Use when implementing pre-commit hooks for secret detection, designing detection patterns, integrating git-secrets/gitleaks, scanning Git history for leaked secrets, or deploying security hooks across teams.pre-commit security, secret detection, git-secrets, gitleaks, credential scanning, Git history scan

This skill enables Claude to generate comprehensive security audit reports. It is designed to provide insights into an application or system's security posture, compliance status, and recommended remediation steps. Use this skill when the user requests a "security audit report", wants to "audit security", or needs a "vulnerability assessment report". The skill analyzes security data and produces a detailed report in various formats. It is best used to identify vulnerabilities, track compliance, and create remediation roadmaps. The skill can be activated via the command `/audit-report` or its shortcut `/auditreport`.

This skill enables Claude to encrypt and decrypt data using various algorithms provided by the encryption-tool plugin. It should be used when the user requests to "encrypt data", "decrypt a file", "generate an encrypted file", or needs to secure sensitive information. This skill supports various encryption methods and ensures data confidentiality. It is triggered by requests related to data encryption, decryption, or general data security needs.

This skill enables Claude to manage and monitor SSL/TLS certificates using the ssl-certificate-manager plugin. It is activated when the user requests actions related to SSL certificates, such as checking certificate expiry, renewing certificates, or listing installed certificates. Use this skill when the user mentions "SSL certificate", "TLS certificate", "certificate expiry", "renew certificate", or similar phrases related to SSL/TLS certificate management. The plugin can list, check, and renew certificates, providing vital information for maintaining secure connections.

Use when reviewing code for bugs, logic errors, security vulnerabilities, edge cases, race conditions, and resource leaks. Focuses on correctness - does the code do what it claims?

Dual-AI engineering loop orchestrating Claude Code (planning/implementation) and Codex (validation/review). Use when (1) complex feature development requiring validation, (2) high-quality code with security/performance concerns, (3) large-scale refactoring, (4) user requests codex-claude loop or dual-AI review. Do NOT use for simple one-off fixes or prototypes.

This skill enables Claude to manage container registries, including ECR, GCR, and Harbor. It should be used when the user needs to create, configure, or manage container image registries. It helps generate production-ready configurations, implement best practices, and ensure a security-first approach. Use this skill when the user mentions terms like "container registry," "ECR," "GCR," "Harbor," "image repository," or requests assistance with managing container images. It's also helpful for generating configuration code for DevOps pipelines related to container registries.

This skill automates database backups using the database-backup-automator plugin. It creates scripts for scheduled backups, compression, encryption, and restore procedures across PostgreSQL, MySQL, MongoDB, and SQLite. Use this when the user requests database backup automation, disaster recovery planning, setting up backup schedules, or creating restore procedures. The skill is triggered by phrases like "create database backup", "automate database backups", "setup backup schedule", or "generate restore procedure".

This skill should be used when the user requests a code review of changed files. Use this to review git-diffed files for security vulnerabilities (OWASP Top 10), performance issues (O(N) complexity, ORM optimization), bugs, and adherence to project coding standards defined in agents.md and claude.md.

Swagger UI を用いた OpenAPI ドキュメントの公開・統合を支援するスキル。静的HTML/React/Next.js/サーバー埋め込みの構成を整理し、安全なAPI Explorerを構築する。Anchors:• OpenAPI Specification / 適用: API仕様互換 / 目的: 定義の一貫性確保• Swagger UI Documentation / 適用: UI構成 / 目的: 設定項目の正確な適用• OWASP ASVS / 適用: 公開・認証設計 / 目的: セキュリティ要件の確認Trigger:Use when embedding or publishing Swagger UI, configuring OpenAPI docs, or securing API explorer access.swagger ui, openapi docs, api explorer, swagger config, authentication

Assists with security incident response, investigation, and remediation. This skill is triggered when the user requests help with incident response, mentions specific incident types (e.g., data breach, ransomware, DDoS), or uses terms like "incident response plan", "containment", "eradication", or "post-incident activity". It guides the user through the incident response lifecycle, from preparation to post-incident analysis. It is useful for classifying incidents, creating response playbooks, collecting evidence, constructing timelines, and generating remediation steps. Use this skill when needing to respond to a "security incident".

Implement REST APIs with FastAPI including endpoints, Pydantic models, validation, dependency injection, and error handling. Use when building API endpoints, request validation, or authentication.

Electronプロセス間通信（IPC）パターンの設計と実装専門知識。安全で効率的なMain-Rendererプロセス通信、contextBridge、型安全なAPI設計を提供。Anchors:• Electron Security / 適用: contextBridge/preload設計 / 目的: セキュアなIPC実装• Clean Architecture / 適用: Main/Renderer境界設計 / 目的: 責務分離と保守性• Type Safety / 適用: TypeScript型契約 / 目的: IPC通信の型安全性確保Trigger:Use when implementing IPC communication patterns, setting up contextBridge, designing typed IPC handlers, securing renderer-main communication, or structuring bidirectional messaging flows.ipcMain, ipcRenderer, contextBridge, invoke, handle, preload, typed IPC

セキュリティ関連設定のレビュー、構成監査、セキュリティベースライン確認を統一的に実施するスキル。脅威モデリングに基づいた設定評価とベストプラクティスの適用を通じて、アプリケーションのセキュリティ態勢を向上させます。Anchors:• 『Web Application Security』（Andrew Hoffman） / 適用: セキュリティ設定監査 / 目的: セキュリティ態勢の向上Trigger:セキュリティ設定レビュー、構成監査、セキュリティベースライン確認時に使用。セキュリティヘッダー設定、CORS設定、認証・認可の監査などの場面で自動選択対象。

This skill enables Claude to generate comprehensive security audit reports. It is designed to provide insights into an application or system's security posture, compliance status, and recommended remediation steps. Use this skill when the user requests a "security audit report", wants to "audit security", or needs a "vulnerability assessment report". The skill analyzes security data and produces a detailed report in various formats. It is best used to identify vulnerabilities, track compliance, and create remediation roadmaps. The skill can be activated via the command `/audit-report` or its shortcut `/auditreport`.