Security

Security scanning with dependency audits, secret detection, static analysis, and vulnerability management. Use when checking for vulnerabilities, scanning dependencies, or enforcing security gates.

Command creation guidelines for encapsulating workflows into simple command invocations. Provides command syntax, error handling patterns, security validation, and complex command handling. Includes examples for environment variables, git operations, and command chaining. Scope: command creation, command structure, error handling, security. Excludes: skill creation, agent creation (handled by component-specific skills). Triggers: command, create command, add command, new command.

ゼロトラストセキュリティの専門スキル。認証・認可、マイクロセグメンテーション、継続的検証を提供します。Anchors:- Zero Trust Networks（Evan Gilman）/ 適用: セキュリティアーキテクチャ / 目的: 信頼境界排除と継続的検証- NIST SP 800-207 Zero Trust Architecture / 適用: フレームワーク設計 / 目的: 標準準拠- MITRE ATT&CK / 適用: 脅威モデリング / 目的: 攻撃パターン対策Trigger:ゼロトラスト実装時、認証・認可設計時、アクセス制御強化時、継続的検証実装時に使用

This skill enables Claude to encrypt and decrypt data using various algorithms provided by the encryption-tool plugin. It should be used when the user requests to "encrypt data", "decrypt a file", "generate an encrypted file", or needs to secure sensitive information. This skill supports various encryption methods and ensures data confidentiality. It is triggered by requests related to data encryption, decryption, or general data security needs.

Use when reviewing code changes, pull requests, or performing refactoring analysis with focus on patterns, security, and performance.

Implements security headers and Content Security Policy with safe rollout strategy (report-only → enforce), testing, and compatibility checks. Use for "security headers", "CSP", "HTTP headers", or "XSS protection".

Use when executing /code:review-uncommited, /code:review-unpushed, or /code:review-pr commands. Triggers: code review request, PR review, uncommited changes review. Defines 12 parallel review agents covering security, performance, quality, consistency, and more.

Assists with security incident response, investigation, and remediation. This skill is triggered when the user requests help with incident response, mentions specific incident types (e.g., data breach, ransomware, DDoS), or uses terms like "incident response plan", "containment", "eradication", or "post-incident activity". It guides the user through the incident response lifecycle, from preparation to post-incident analysis. It is useful for classifying incidents, creating response playbooks, collecting evidence, constructing timelines, and generating remediation steps. Use this skill when needing to respond to a "security incident".

Configure and manage API gateways including Kong, Tyk, AWS API Gateway, and Apigee. Activates when users need help setting up API gateways, rate limiting, authentication, request transformation, or API management.

GitHub Actionsセルフホストランナーの設計、セットアップ、セキュリティ管理を行うスキル。インストールから運用、トラブルシューティングまでの完全なライフサイクル管理を提供する。Anchors:• GitHub Actions Documentation / 適用: セルフホストランナー公式仕様 / 目的: 正確なAPI使用と設定• CIS Benchmark for Linux / 適用: ランナーホストのセキュリティ / 目的: セキュリティ強化• The Pragmatic Programmer / 適用: 実践的改善 / 目的: 段階的な実装と継続的改善Trigger:Use when setting up self-hosted runners, configuring runner labels, implementing security measures, troubleshooting runner issues, or optimizing runner performance.self-hosted, runner, GitHub Actions, ephemeral, labels, security, setup, configuration

Cloud infrastructure with AWS, Azure, GCP - architecture, services, security, and cost optimization.

This skill enables Claude to identify potential security misconfigurations in various systems and configurations. It leverages the security-misconfiguration-finder plugin to analyze infrastructure-as-code, application configurations, and system settings, pinpointing common vulnerabilities and compliance issues. Use this skill when the user asks to "find security misconfigurations", "check for security vulnerabilities in my configuration", "audit security settings", or requests a security assessment of a specific system or file. This skill will assist in identifying and remediating potential security weaknesses.

This skill uses the pci-dss-validator plugin to assess codebases and infrastructure configurations for compliance with the Payment Card Industry Data Security Standard (PCI DSS). It identifies potential vulnerabilities and deviations from PCI DSS requirements. Use this skill when the user requests to "validate PCI compliance", "check PCI DSS", "assess PCI security", or "review PCI standards" for a given project or configuration. It helps ensure that systems handling cardholder data meet the necessary security controls.

This skill configures auto-scaling policies for applications and infrastructure. It generates production-ready configurations based on user requirements, implementing best practices for scalability and security. Use this skill when the user requests help with auto-scaling setup, high availability, or dynamic resource allocation, specifically mentioning terms like "auto-scaling," "HPA," "scaling policies," or "dynamic scaling." This skill provides complete configuration code for various platforms.

This skill enables Claude to generate compliance reports based on various security standards and frameworks. It leverages the compliance-report-generator plugin to automate the report creation process. Use this skill when a user requests a "compliance report", "security audit report", or needs documentation for "regulatory compliance". The skill is particularly useful for generating reports related to standards like PCI DSS, HIPAA, SOC 2, or ISO 27001. It can also assist with documenting adherence to specific security policies.

This skill enables comprehensive vulnerability scanning using the vulnerability-scanner plugin. It identifies security vulnerabilities in code, dependencies, and configurations, including CVE detection. Use this skill when the user asks to scan for vulnerabilities, security issues, or CVEs in their project. Trigger phrases include "scan for vulnerabilities", "find security issues", "check for CVEs", "/scan", or "/vuln". The plugin performs static analysis, dependency checking, and configuration analysis to provide a detailed vulnerability report.

PHP security best practices and patterns for preventing common vulnerabilities

Implement security best practices across the application stack. Use when securing APIs, implementing authentication, preventing vulnerabilities, or conducting security reviews. Covers OWASP Top 10, auth patterns, input validation, encryption, and security monitoring.

This skill allows Claude to conduct comprehensive security audits of code, infrastructure, and configurations. It leverages various tools within the security-pro-pack plugin, including vulnerability scanning, compliance checking, cryptography review, and infrastructure security analysis. Use this skill when a user requests a "security audit," "vulnerability assessment," "compliance review," or any task involving identifying and mitigating security risks. It helps to ensure code and systems adhere to security best practices and compliance standards.

Document REST APIs with OpenAPI/Swagger specifications, endpoint documentation, authentication, error handling, and SDK guides. Use for API reference docs, Swagger specs, and client library documentation. Triggers: api docs, openapi, swagger, endpoint documentation, rest api, api reference, sdk documentation, api specification, document api, api endpoints.