--- name: discover-security description: Automatically discover security skills when working with authentication, authorization, input validation, security headers, vulnerability assessment, or secrets management. Activates for application security, OWASP, and security hardening tasks. --- # Security Skills Discovery Provides automatic access to comprehensive application security, vulnerability assessment, and security best practices skills. ## When This Skill Activates This skill auto-activates when you're working with: - Authentication and authorization systems - Input validation and sanitization - Security headers (CSP, HSTS, CORS) - Vulnerability scanning and penetration testing - OWASP Top 10 vulnerabilities - Secrets management (Vault, AWS Secrets Manager) - SQL injection, XSS, or other attack prevention - Security hardening and compliance - Password hashing and credential management - API security and access control ## Available Skills ### Quick Reference The Security category contains 6 specialized skills: 1. **authentication** - Authentication patterns (JWT, OAuth2, sessions, MFA, password security) 2. **authorization** - Access control (RBAC, ABAC, policy engines, permissions) 3. **input-validation** - Input validation and sanitization (SQL injection, XSS, command injection) 4. **security-headers** - HTTP security headers (CSP, HSTS, X-Frame-Options, CORS) 5. **vulnerability-assessment** - Security testing (OWASP Top 10, scanning tools, pentesting) 6. **secrets-management** - Secrets handling (Vault, AWS Secrets Manager, key rotation) ### Load Full Category Details For complete descriptions and workflows: ```bash cat ~/.claude/skills/security/INDEX.md ``` This loads the full Security category index with: - Detailed skill descriptions - Usage triggers for each skill - Common workflow combinations - Cross-references to related skills ### Load Specific Skills Load individual skills as needed: ```bash # Identity and access cat ~/.claude/skills/security/authentication.md cat ~/.claude/skills/security/authorization.md # Input security cat ~/.claude/skills/security/input-validation.md cat ~/.claude/skills/security/security-headers.md # Security operations cat ~/.claude/skills/security/vulnerability-assessment.md cat ~/.claude/skills/security/secrets-management.md ``` ## Common Workflows ### Secure Web Application **Sequence**: Authentication → Authorization → Input validation → Security headers ```bash cat ~/.claude/skills/security/authentication.md # User login cat ~/.claude/skills/security/authorization.md # Access control cat ~/.claude/skills/security/input-validation.md # XSS/SQL injection prevention cat ~/.claude/skills/security/security-headers.md # Browser protection ``` ### Security Audit **Sequence**: Vulnerability assessment → Input validation → Headers → Secrets ```bash cat ~/.claude/skills/security/vulnerability-assessment.md # OWASP Top 10 testing cat ~/.claude/skills/security/input-validation.md # Injection testing cat ~/.claude/skills/security/security-headers.md # Header configuration cat ~/.claude/skills/security/secrets-management.md # Credential security ``` ### API Security **Sequence**: Authentication → Authorization → Input validation → Secrets ```bash cat ~/.claude/skills/security/authentication.md # JWT/OAuth2 cat ~/.claude/skills/security/authorization.md # API access control cat ~/.claude/skills/security/input-validation.md # Request validation cat ~/.claude/skills/security/secrets-management.md # API key management ``` ### DevSecOps Pipeline **Sequence**: Vulnerability assessment → Secrets → Input validation ```bash cat ~/.claude/skills/security/vulnerability-assessment.md # Security scanning cat ~/.claude/skills/security/secrets-management.md # CI/CD secrets cat ~/.claude/skills/security/input-validation.md # SAST validation ``` ### Secure New Application **Full security implementation from scratch**: ```bash # 1. Identity and access cat ~/.claude/skills/security/authentication.md cat ~/.claude/skills/security/authorization.md # 2. Input protection cat ~/.claude/skills/security/input-validation.md cat ~/.claude/skills/security/security-headers.md # 3. Operations cat ~/.claude/skills/security/secrets-management.md cat ~/.claude/skills/security/vulnerability-assessment.md ``` ## Skill Selection Guide **Choose Authentication when:** - Implementing user login systems - Working with JWT, OAuth2, or sessions - Adding multi-factor authentication - Managing passwords and credentials **Choose Authorization when:** - Implementing access control - Building role-based permissions (RBAC) - Working with policy engines (OPA, Casbin) - Preventing privilege escalation **Choose Input Validation when:** - Processing user input - Preventing SQL injection - Protecting against XSS attacks - Validating file uploads - Preventing command injection **Choose Security Headers when:** - Configuring Content Security Policy (CSP) - Implementing HTTPS enforcement (HSTS) - Setting up CORS for APIs - Preventing clickjacking - Hardening web applications **Choose Vulnerability Assessment when:** - Testing for OWASP Top 10 - Running security scans (SAST/DAST) - Performing penetration tests - Auditing application security - Setting up security CI/CD **Choose Secrets Management when:** - Storing API keys or credentials - Integrating with HashiCorp Vault - Using AWS Secrets Manager or GCP Secret Manager - Rotating encryption keys - Managing CI/CD secrets ## Integration with Other Skills Security skills commonly combine with: **API skills** (`discover-api`): - API authentication and authorization - API input validation - API rate limiting (abuse prevention) - Securing REST and GraphQL endpoints **Database skills** (`discover-database`): - SQL injection prevention - Database connection security - Credential management - Row-level security **Frontend skills** (`discover-frontend`): - XSS prevention in React/Vue - Content Security Policy - Secure cookie handling - Client-side validation **Infrastructure skills** (`discover-infrastructure`, `discover-cloud`): - Secrets management in deployments - Network security - Container security scanning - TLS/SSL configuration **Testing skills** (`discover-testing`): - Security integration tests - Penetration testing - Automated security scans - Vulnerability regression tests ## Usage Instructions 1. **Auto-activation**: This skill loads automatically when Claude Code detects security-related work 2. **Browse skills**: Run `cat ~/.claude/skills/security/INDEX.md` for full category overview 3. **Load specific skills**: Use bash commands above to load individual skills 4. **Follow workflows**: Use recommended sequences for common security patterns 5. **Combine skills**: Load multiple skills for comprehensive security coverage ## Progressive Loading This gateway skill (~200 lines, ~2K tokens) enables progressive loading: - **Level 1**: Gateway loads automatically (you're here now) - **Level 2**: Load category INDEX.md (~3K tokens) for full overview - **Level 3**: Load specific skills (~2-4K tokens each) as needed Total context: 2K + 3K + skill(s) = 5-12K tokens vs 30K+ for entire index. ## Quick Start Examples **"Implement user authentication"**: ```bash cat ~/.claude/skills/security/authentication.md ``` **"Add role-based access control"**: ```bash cat ~/.claude/skills/security/authorization.md ``` **"Prevent SQL injection"**: ```bash cat ~/.claude/skills/security/input-validation.md ``` **"Configure Content Security Policy"**: ```bash cat ~/.claude/skills/security/security-headers.md ``` **"Test for OWASP vulnerabilities"**: ```bash cat ~/.claude/skills/security/vulnerability-assessment.md ``` **"Integrate HashiCorp Vault"**: ```bash cat ~/.claude/skills/security/secrets-management.md ``` **"Secure API with JWT"**: ```bash cat ~/.claude/skills/security/authentication.md cat ~/.claude/skills/security/authorization.md ``` --- **Next Steps**: Run `cat ~/.claude/skills/security/INDEX.md` to see full category details, or load specific skills using the bash commands above.