Security Skill
Security validation, vulnerability scanning, and compliance checking.
Activation
Auto-activates on keywords: security, vulnerability, audit, OWASP, encryption, GPG, SSH, signing, secrets, scan, bandit
Workflows
Environment Validation
- •validate-env.md: GPG/SSH key validation
Scanning
- •scan.md: Security vulnerability scanning
Encryption
- •encrypt.md: Secret encryption and management
Commands
bash
# Validate GPG key gpg --list-secret-keys # Validate SSH key ssh-add -l # Check git signing configuration git config --get user.signingkey # Run Bandit security scanner uv run bandit -r src/ -c pyproject.toml # Check dependencies for vulnerabilities uv run pip-audit uv run safety check # Run Semgrep security rules uv run semgrep scan --config auto src/
Security Checklist
Pre-Commit
- • No secrets in code (checked by gitleaks)
- • Dependencies scanned for vulnerabilities
- • Bandit security scan passes
Pre-Release
- • All known vulnerabilities addressed
- • Security advisory published (if applicable)
- • Dependencies updated to secure versions
OWASP Top 10 Considerations
- •Injection: Use parameterized queries, validate input
- •Broken Authentication: Use secure session management
- •Sensitive Data Exposure: Encrypt sensitive data at rest and in transit
- •XML External Entities: Disable external entity processing
- •Broken Access Control: Implement proper authorization checks
- •Security Misconfiguration: Use secure defaults
- •XSS: Escape output, use Content Security Policy
- •Insecure Deserialization: Validate and sanitize serialized data
- •Using Components with Known Vulnerabilities: Keep dependencies updated
- •Insufficient Logging: Log security events, monitor for anomalies