Claude Code Plugins

Community-maintained marketplace

Feedback

discover-security

@rand/cc-polymath
41
0

Automatically discover security skills when working with authentication, authorization, input validation, security headers, vulnerability assessment, or secrets management. Activates for application security, OWASP, and security hardening tasks.

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name discover-security
description Automatically discover security skills when working with authentication, authorization, input validation, security headers, vulnerability assessment, or secrets management. Activates for application security, OWASP, and security hardening tasks.

Security Skills Discovery

Provides automatic access to comprehensive application security, vulnerability assessment, and security best practices skills.

When This Skill Activates

This skill auto-activates when you're working with:

  • Authentication and authorization systems
  • Input validation and sanitization
  • Security headers (CSP, HSTS, CORS)
  • Vulnerability scanning and penetration testing
  • OWASP Top 10 vulnerabilities
  • Secrets management (Vault, AWS Secrets Manager)
  • SQL injection, XSS, or other attack prevention
  • Security hardening and compliance
  • Password hashing and credential management
  • API security and access control

Available Skills

Quick Reference

The Security category contains 6 specialized skills:

  1. authentication - Authentication patterns (JWT, OAuth2, sessions, MFA, password security)
  2. authorization - Access control (RBAC, ABAC, policy engines, permissions)
  3. input-validation - Input validation and sanitization (SQL injection, XSS, command injection)
  4. security-headers - HTTP security headers (CSP, HSTS, X-Frame-Options, CORS)
  5. vulnerability-assessment - Security testing (OWASP Top 10, scanning tools, pentesting)
  6. secrets-management - Secrets handling (Vault, AWS Secrets Manager, key rotation)

Load Full Category Details

For complete descriptions and workflows:

cat ~/.claude/skills/security/INDEX.md

This loads the full Security category index with:

  • Detailed skill descriptions
  • Usage triggers for each skill
  • Common workflow combinations
  • Cross-references to related skills

Load Specific Skills

Load individual skills as needed:

# Identity and access
cat ~/.claude/skills/security/authentication.md
cat ~/.claude/skills/security/authorization.md

# Input security
cat ~/.claude/skills/security/input-validation.md
cat ~/.claude/skills/security/security-headers.md

# Security operations
cat ~/.claude/skills/security/vulnerability-assessment.md
cat ~/.claude/skills/security/secrets-management.md

Common Workflows

Secure Web Application

Sequence: Authentication → Authorization → Input validation → Security headers

cat ~/.claude/skills/security/authentication.md        # User login
cat ~/.claude/skills/security/authorization.md         # Access control
cat ~/.claude/skills/security/input-validation.md      # XSS/SQL injection prevention
cat ~/.claude/skills/security/security-headers.md      # Browser protection

Security Audit

Sequence: Vulnerability assessment → Input validation → Headers → Secrets

cat ~/.claude/skills/security/vulnerability-assessment.md  # OWASP Top 10 testing
cat ~/.claude/skills/security/input-validation.md          # Injection testing
cat ~/.claude/skills/security/security-headers.md          # Header configuration
cat ~/.claude/skills/security/secrets-management.md        # Credential security

API Security

Sequence: Authentication → Authorization → Input validation → Secrets

cat ~/.claude/skills/security/authentication.md        # JWT/OAuth2
cat ~/.claude/skills/security/authorization.md         # API access control
cat ~/.claude/skills/security/input-validation.md      # Request validation
cat ~/.claude/skills/security/secrets-management.md    # API key management

DevSecOps Pipeline

Sequence: Vulnerability assessment → Secrets → Input validation

cat ~/.claude/skills/security/vulnerability-assessment.md  # Security scanning
cat ~/.claude/skills/security/secrets-management.md        # CI/CD secrets
cat ~/.claude/skills/security/input-validation.md          # SAST validation

Secure New Application

Full security implementation from scratch:

# 1. Identity and access
cat ~/.claude/skills/security/authentication.md
cat ~/.claude/skills/security/authorization.md

# 2. Input protection
cat ~/.claude/skills/security/input-validation.md
cat ~/.claude/skills/security/security-headers.md

# 3. Operations
cat ~/.claude/skills/security/secrets-management.md
cat ~/.claude/skills/security/vulnerability-assessment.md

Skill Selection Guide

Choose Authentication when:

  • Implementing user login systems
  • Working with JWT, OAuth2, or sessions
  • Adding multi-factor authentication
  • Managing passwords and credentials

Choose Authorization when:

  • Implementing access control
  • Building role-based permissions (RBAC)
  • Working with policy engines (OPA, Casbin)
  • Preventing privilege escalation

Choose Input Validation when:

  • Processing user input
  • Preventing SQL injection
  • Protecting against XSS attacks
  • Validating file uploads
  • Preventing command injection

Choose Security Headers when:

  • Configuring Content Security Policy (CSP)
  • Implementing HTTPS enforcement (HSTS)
  • Setting up CORS for APIs
  • Preventing clickjacking
  • Hardening web applications

Choose Vulnerability Assessment when:

  • Testing for OWASP Top 10
  • Running security scans (SAST/DAST)
  • Performing penetration tests
  • Auditing application security
  • Setting up security CI/CD

Choose Secrets Management when:

  • Storing API keys or credentials
  • Integrating with HashiCorp Vault
  • Using AWS Secrets Manager or GCP Secret Manager
  • Rotating encryption keys
  • Managing CI/CD secrets

Integration with Other Skills

Security skills commonly combine with:

API skills (discover-api):

  • API authentication and authorization
  • API input validation
  • API rate limiting (abuse prevention)
  • Securing REST and GraphQL endpoints

Database skills (discover-database):

  • SQL injection prevention
  • Database connection security
  • Credential management
  • Row-level security

Frontend skills (discover-frontend):

  • XSS prevention in React/Vue
  • Content Security Policy
  • Secure cookie handling
  • Client-side validation

Infrastructure skills (discover-infrastructure, discover-cloud):

  • Secrets management in deployments
  • Network security
  • Container security scanning
  • TLS/SSL configuration

Testing skills (discover-testing):

  • Security integration tests
  • Penetration testing
  • Automated security scans
  • Vulnerability regression tests

Usage Instructions

  1. Auto-activation: This skill loads automatically when Claude Code detects security-related work
  2. Browse skills: Run cat ~/.claude/skills/security/INDEX.md for full category overview
  3. Load specific skills: Use bash commands above to load individual skills
  4. Follow workflows: Use recommended sequences for common security patterns
  5. Combine skills: Load multiple skills for comprehensive security coverage

Progressive Loading

This gateway skill (~200 lines, ~2K tokens) enables progressive loading:

  • Level 1: Gateway loads automatically (you're here now)
  • Level 2: Load category INDEX.md (~3K tokens) for full overview
  • Level 3: Load specific skills (~2-4K tokens each) as needed

Total context: 2K + 3K + skill(s) = 5-12K tokens vs 30K+ for entire index.

Quick Start Examples

"Implement user authentication":

cat ~/.claude/skills/security/authentication.md

"Add role-based access control":

cat ~/.claude/skills/security/authorization.md

"Prevent SQL injection":

cat ~/.claude/skills/security/input-validation.md

"Configure Content Security Policy":

cat ~/.claude/skills/security/security-headers.md

"Test for OWASP vulnerabilities":

cat ~/.claude/skills/security/vulnerability-assessment.md

"Integrate HashiCorp Vault":

cat ~/.claude/skills/security/secrets-management.md

"Secure API with JWT":

cat ~/.claude/skills/security/authentication.md
cat ~/.claude/skills/security/authorization.md

Next Steps: Run cat ~/.claude/skills/security/INDEX.md to see full category details, or load specific skills using the bash commands above.