AgentSkillsCN

security

安全审计工作流:漏洞扫描 → 验证

SKILL.md
--- frontmatter
name: security
description: Security audit workflow - vulnerability scan → verification

/security - Security Audit Workflow

Dedicated security analysis for sensitive code.

When to Use

  • "Security audit"
  • "Check for vulnerabilities"
  • "Is this secure?"
  • "Review authentication code"
  • "Check for injection attacks"
  • Before handling auth, payments, user data
  • After adding security-sensitive features

Workflow Overview

code
┌─────────┐    ┌───────────┐
│  aegis  │───▶│ validator  │
│         │    │           │
└─────────┘    └───────────┘
  Security       Verify
  audit          fixes

Agent Sequence

#AgentRoleOutput
1aegisComprehensive security scanVulnerability report
2validatorVerify fixes, run security testsVerification report

Why Dedicated Security?

The /maestro:review workflow focuses on code quality. Security needs:

  • Specialized vulnerability patterns
  • Dependency scanning
  • Secret detection
  • OWASP Top 10 checks
  • Authentication/authorization review

Execution

Phase 1: Security Audit

code
Task(
  subagent_type="aegis",
  prompt="""
  Security audit: [SCOPE]

  Scan for:

  **Injection Attacks:**
  - SQL injection
  - Command injection
  - XSS (Cross-Site Scripting)
  - LDAP injection

  **Authentication/Authorization:**
  - Broken authentication
  - Session management issues
  - Privilege escalation
  - Insecure direct object references

  **Data Protection:**
  - Sensitive data exposure
  - Hardcoded secrets/credentials
  - Insecure cryptography
  - Missing encryption

  **Configuration:**
  - Security misconfigurations
  - Default credentials
  - Verbose error messages
  - Missing security headers

  **Dependencies:**
  - Known vulnerable packages
  - Outdated dependencies
  - Supply chain risks

  Output: Detailed report with:
  - Severity (CRITICAL/HIGH/MEDIUM/LOW)
  - Location (file:line)
  - Description
  - Remediation steps
  """
)

Phase 2: Verification (After Fixes)

code
Task(
  subagent_type="validator",
  prompt="""
  Verify security fixes: [SCOPE]

  Run:
  - Security-focused tests
  - Dependency audit (npm audit, pip audit)
  - Re-check reported vulnerabilities
  - Verify fixes don't introduce regressions

  Output: Verification report
  """
)

Security Scopes

Full Codebase

code
User: /security
→ Scan entire codebase

Specific Area

code
User: /security authentication
→ Focus on auth-related code

Single File

code
User: /security src/api/auth.py
→ Deep dive on one file

Dependencies Only

code
User: /security --deps
→ Only dependency vulnerabilities

Example

code
User: /security the payment processing code

Claude: Starting /security audit for payment code...

Phase 1: Security audit...
[Spawns aegis]

┌─────────────────────────────────────────────────────────────┐
│ Security Audit Report                                       │
├─────────────────────────────────────────────────────────────┤
│ Scope: src/services/payment/                                │
│ Files scanned: 12                                           │
│ Lines analyzed: 2,847                                       │
├─────────────────────────────────────────────────────────────┤
│ CRITICAL (1)                                                │
│ ──────────                                                  │
│ [C1] SQL Injection in payment.py:89                         │
│      query = f"SELECT * FROM orders WHERE id = {order_id}"  │
│      Fix: Use parameterized queries                         │
│                                                             │
│ HIGH (2)                                                    │
│ ────────                                                    │
│ [H1] Hardcoded API key in stripe_client.py:12               │
│      STRIPE_KEY = "sk_live_..."                             │
│      Fix: Move to environment variable                      │
│                                                             │
│ [H2] Missing input validation in refund.py:45               │
│      amount = request.json['amount']  # No validation       │
│      Fix: Validate amount is positive number                │
│                                                             │
│ MEDIUM (1)                                                  │
│ ──────────                                                  │
│ [M1] Verbose error messages in error_handler.py:23          │
│      return {"error": str(e)}  # Leaks internal details     │
│      Fix: Return generic message, log details internally    │
│                                                             │
│ LOW (0)                                                     │
│ ───────                                                     │
│ None                                                        │
├─────────────────────────────────────────────────────────────┤
│ Summary: 1 critical, 2 high, 1 medium, 0 low                │
│ Status: BLOCKING - Fix critical issues before release       │
└─────────────────────────────────────────────────────────────┘

Fix the critical and high issues, then run:
/security --verify

After Fixes

code
User: /security --verify

Claude: Phase 2: Verifying fixes...
[Spawns validator]

✅ C1: SQL injection fixed - using parameterized queries
✅ H1: API key moved to environment variable
✅ H2: Input validation added
✅ M1: Error messages sanitized

All security tests passing.
Security audit: PASSED

OWASP Top 10 Coverage

RiskChecked
A01 Broken Access Control
A02 Cryptographic Failures
A03 Injection
A04 Insecure Design
A05 Security Misconfiguration
A06 Vulnerable Components
A07 Auth Failures
A08 Data Integrity Failures
A09 Logging Failures
A10 SSRF

Flags

  • --deps: Dependencies only
  • --verify: Re-run after fixes
  • --owasp: Explicit OWASP Top 10 report
  • --secrets: Focus on secret detection