Senior Security
技能 已验证 活跃Security engineering toolkit for threat modeling, vulnerability analysis, secure architecture, and penetration testing. Includes STRIDE analysis, OWASP guidance, cryptography patterns, and security scanning tools. Use when the user asks about security reviews, threat analysis, vulnerability assessments, secure coding practices, security audits, attack surface analysis, CVE remediation, or security best practices.
To equip users with structured methodologies and tools for identifying, analyzing, and mitigating security threats across their systems and code.
功能
- Threat modeling with STRIDE and DREAD
- Secure architecture design principles
- Vulnerability assessment and remediation workflows
- Security code review checklists and examples
- Incident response planning and execution
- Python scripts for secret scanning and threat analysis
使用场景
- Conducting thorough security architecture reviews.
- Identifying potential threats and vulnerabilities in system designs.
- Reviewing code for security flaws before deployment.
- Planning and executing penetration tests.
- Responding effectively to security incidents.
非目标
- Performing automated penetration testing or vulnerability exploitation.
- Acting as a real-time security operations center (SOC) or incident response team.
- Providing legal advice on compliance requirements.
安装
请先添加 Marketplace
/plugin marketplace add alirezarezvani/claude-skills/plugin install engineering-team@claude-code-skills质量评分
已验证类似扩展
Secrets Management
100Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.
Semgrep Rule Creator
100Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.
Safe Mode
100Prevent destructive operations using Claude Code hooks. Three modes — cautious (warn on dangerous commands), lockdown (restrict edits to one directory), and clear (remove restrictions). Uses PreToolUse matchers for Bash, Edit, and Write.
Prompt Guard
100Meta's 86M prompt injection and jailbreak detector. Filters malicious prompts and third-party data for LLM apps. 99%+ TPR, <1% FPR. Fast (<2ms GPU). Multilingual (8 languages). Deploy with HuggingFace or batch processing for RAG security.
Soul Guardian
100Drift detection + baseline integrity guard for agent workspace files with automatic alerting support
Audit Dependency Versions
100Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues. Covers lock file analysis, upgrade path planning, and breaking change assessment. Use before a release to ensure dependencies are current and secure, during periodic maintenance reviews, after receiving a security advisory, when upgrading to a new language version, before submitting to CRAN or npm, or when inheriting a project to assess its dependency health.