name: discover-security description: Automatically discover security skills when working with authentication, authorization, input validation, security headers, vulnerability assessment, or secrets management. Activates for application security, OWASP, and security hardening tasks.

Security Skills Discovery

Provides automatic access to comprehensive application security, vulnerability assessment, and security best practices skills.

When This Skill Activates

This skill auto-activates when you're working with:

Authentication and authorization systems
Input validation and sanitization
Security headers (CSP, HSTS, CORS)
Vulnerability scanning and penetration testing
OWASP Top 10 vulnerabilities
Secrets management (Vault, AWS Secrets Manager)
SQL injection, XSS, or other attack prevention
Security hardening and compliance
Password hashing and credential management
API security and access control

Available Skills

Quick Reference

The Security category contains 6 specialized skills:

authentication - Authentication patterns (JWT, OAuth2, sessions, MFA, password security)
authorization - Access control (RBAC, ABAC, policy engines, permissions)
input-validation - Input validation and sanitization (SQL injection, XSS, command injection)
security-headers - HTTP security headers (CSP, HSTS, X-Frame-Options, CORS)
vulnerability-assessment - Security testing (OWASP Top 10, scanning tools, pentesting)
secrets-management - Secrets handling (Vault, AWS Secrets Manager, key rotation)

Load Full Category Details

For complete descriptions and workflows:

cat ~/.claude/skills/security/INDEX.md

This loads the full Security category index with:

Detailed skill descriptions
Usage triggers for each skill
Common workflow combinations
Cross-references to related skills

Load Specific Skills

Load individual skills as needed:

# Identity and access
cat ~/.claude/skills/security/authentication.md
cat ~/.claude/skills/security/authorization.md

# Input security
cat ~/.claude/skills/security/input-validation.md
cat ~/.claude/skills/security/security-headers.md

# Security operations
cat ~/.claude/skills/security/vulnerability-assessment.md
cat ~/.claude/skills/security/secrets-management.md

Common Workflows

Secure Web Application

Sequence: Authentication → Authorization → Input validation → Security headers

cat ~/.claude/skills/security/authentication.md        # User login
cat ~/.claude/skills/security/authorization.md         # Access control
cat ~/.claude/skills/security/input-validation.md      # XSS/SQL injection prevention
cat ~/.claude/skills/security/security-headers.md      # Browser protection

Security Audit

Sequence: Vulnerability assessment → Input validation → Headers → Secrets

cat ~/.claude/skills/security/vulnerability-assessment.md  # OWASP Top 10 testing
cat ~/.claude/skills/security/input-validation.md          # Injection testing
cat ~/.claude/skills/security/security-headers.md          # Header configuration
cat ~/.claude/skills/security/secrets-management.md        # Credential security

API Security

Sequence: Authentication → Authorization → Input validation → Secrets

cat ~/.claude/skills/security/authentication.md        # JWT/OAuth2
cat ~/.claude/skills/security/authorization.md         # API access control
cat ~/.claude/skills/security/input-validation.md      # Request validation
cat ~/.claude/skills/security/secrets-management.md    # API key management

DevSecOps Pipeline

Sequence: Vulnerability assessment → Secrets → Input validation

cat ~/.claude/skills/security/vulnerability-assessment.md  # Security scanning
cat ~/.claude/skills/security/secrets-management.md        # CI/CD secrets
cat ~/.claude/skills/security/input-validation.md          # SAST validation

Secure New Application

Full security implementation from scratch:

# 1. Identity and access
cat ~/.claude/skills/security/authentication.md
cat ~/.claude/skills/security/authorization.md

# 2. Input protection
cat ~/.claude/skills/security/input-validation.md
cat ~/.claude/skills/security/security-headers.md

# 3. Operations
cat ~/.claude/skills/security/secrets-management.md
cat ~/.claude/skills/security/vulnerability-assessment.md

Skill Selection Guide

Choose Authentication when:

Implementing user login systems
Working with JWT, OAuth2, or sessions
Adding multi-factor authentication
Managing passwords and credentials

Choose Authorization when:

Implementing access control
Building role-based permissions (RBAC)
Working with policy engines (OPA, Casbin)
Preventing privilege escalation

Choose Input Validation when:

Processing user input
Preventing SQL injection
Protecting against XSS attacks
Validating file uploads
Preventing command injection

Choose Security Headers when:

Configuring Content Security Policy (CSP)
Implementing HTTPS enforcement (HSTS)
Setting up CORS for APIs
Preventing clickjacking
Hardening web applications

Choose Vulnerability Assessment when:

Testing for OWASP Top 10
Running security scans (SAST/DAST)
Performing penetration tests
Auditing application security
Setting up security CI/CD

Choose Secrets Management when:

Storing API keys or credentials
Integrating with HashiCorp Vault
Using AWS Secrets Manager or GCP Secret Manager
Rotating encryption keys
Managing CI/CD secrets

Integration with Other Skills

Security skills commonly combine with:

API skills (discover-api):

API authentication and authorization
API input validation
API rate limiting (abuse prevention)
Securing REST and GraphQL endpoints

Database skills (discover-database):

SQL injection prevention
Database connection security
Credential management
Row-level security

Frontend skills (discover-frontend):

XSS prevention in React/Vue
Content Security Policy
Secure cookie handling
Client-side validation

Infrastructure skills (discover-infrastructure, discover-cloud):

Secrets management in deployments
Network security
Container security scanning
TLS/SSL configuration

Testing skills (discover-testing):

Security integration tests
Penetration testing
Automated security scans
Vulnerability regression tests

Usage Instructions

Auto-activation: This skill loads automatically when Claude Code detects security-related work
Browse skills: Run cat ~/.claude/skills/security/INDEX.md for full category overview
Load specific skills: Use bash commands above to load individual skills
Follow workflows: Use recommended sequences for common security patterns
Combine skills: Load multiple skills for comprehensive security coverage

Progressive Loading

This gateway skill (~200 lines, ~2K tokens) enables progressive loading:

Level 1: Gateway loads automatically (you're here now)
Level 2: Load category INDEX.md (~3K tokens) for full overview
Level 3: Load specific skills (~2-4K tokens each) as needed

Total context: 2K + 3K + skill(s) = 5-12K tokens vs 30K+ for entire index.

Quick Start Examples

"Implement user authentication":

cat ~/.claude/skills/security/authentication.md

"Add role-based access control":

cat ~/.claude/skills/security/authorization.md

"Prevent SQL injection":

cat ~/.claude/skills/security/input-validation.md

"Configure Content Security Policy":

cat ~/.claude/skills/security/security-headers.md

"Test for OWASP vulnerabilities":

cat ~/.claude/skills/security/vulnerability-assessment.md

"Integrate HashiCorp Vault":

cat ~/.claude/skills/security/secrets-management.md

"Secure API with JWT":

cat ~/.claude/skills/security/authentication.md
cat ~/.claude/skills/security/authorization.md

Next Steps: Run cat ~/.claude/skills/security/INDEX.md to see full category details, or load specific skills using the bash commands above.

discover-security

$ 설치