Claude Code Plugins

Community-maintained marketplace

Feedback

discover-security

@rand/cc-polymath
26
0

Automatically discover security skills when working with authentication, authorization, input validation, security headers, vulnerability assessment, or secrets management. Activates for application security, OWASP, and security hardening tasks.

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name discover-security
description Automatically discover security skills when working with authentication, authorization, input validation, security headers, vulnerability assessment, or secrets management. Activates for application security, OWASP, and security hardening tasks.

Security Skills Discovery

Provides automatic access to comprehensive application security, vulnerability assessment, and security best practices skills.

When This Skill Activates

This skill auto-activates when you're working with:

  • Authentication and authorization systems
  • Input validation and sanitization
  • Security headers (CSP, HSTS, CORS)
  • Vulnerability scanning and penetration testing
  • OWASP Top 10 vulnerabilities
  • Secrets management (Vault, AWS Secrets Manager)
  • SQL injection, XSS, or other attack prevention
  • Security hardening and compliance
  • Password hashing and credential management
  • API security and access control

Available Skills

Quick Reference

The Security category contains 6 specialized skills:

  1. authentication - Authentication patterns (JWT, OAuth2, sessions, MFA, password security)
  2. authorization - Access control (RBAC, ABAC, policy engines, permissions)
  3. input-validation - Input validation and sanitization (SQL injection, XSS, command injection)
  4. security-headers - HTTP security headers (CSP, HSTS, X-Frame-Options, CORS)
  5. vulnerability-assessment - Security testing (OWASP Top 10, scanning tools, pentesting)
  6. secrets-management - Secrets handling (Vault, AWS Secrets Manager, key rotation)

Load Full Category Details

For complete descriptions and workflows:

cat skills/security/INDEX.md

This loads the full Security category index with:

  • Detailed skill descriptions
  • Usage triggers for each skill
  • Common workflow combinations
  • Cross-references to related skills

Load Specific Skills

Load individual skills as needed:

# Identity and access
cat skills/security/authentication.md
cat skills/security/authorization.md

# Input security
cat skills/security/input-validation.md
cat skills/security/security-headers.md

# Security operations
cat skills/security/vulnerability-assessment.md
cat skills/security/secrets-management.md

Common Workflows

Secure Web Application

Sequence: Authentication → Authorization → Input validation → Security headers

cat skills/security/authentication.md        # User login
cat skills/security/authorization.md         # Access control
cat skills/security/input-validation.md      # XSS/SQL injection prevention
cat skills/security/security-headers.md      # Browser protection

Security Audit

Sequence: Vulnerability assessment → Input validation → Headers → Secrets

cat skills/security/vulnerability-assessment.md  # OWASP Top 10 testing
cat skills/security/input-validation.md          # Injection testing
cat skills/security/security-headers.md          # Header configuration
cat skills/security/secrets-management.md        # Credential security

API Security

Sequence: Authentication → Authorization → Input validation → Secrets

cat skills/security/authentication.md        # JWT/OAuth2
cat skills/security/authorization.md         # API access control
cat skills/security/input-validation.md      # Request validation
cat skills/security/secrets-management.md    # API key management

DevSecOps Pipeline

Sequence: Vulnerability assessment → Secrets → Input validation

cat skills/security/vulnerability-assessment.md  # Security scanning
cat skills/security/secrets-management.md        # CI/CD secrets
cat skills/security/input-validation.md          # SAST validation

Secure New Application

Full security implementation from scratch:

# 1. Identity and access
cat skills/security/authentication.md
cat skills/security/authorization.md

# 2. Input protection
cat skills/security/input-validation.md
cat skills/security/security-headers.md

# 3. Operations
cat skills/security/secrets-management.md
cat skills/security/vulnerability-assessment.md

Skill Selection Guide

Choose Authentication when:

  • Implementing user login systems
  • Working with JWT, OAuth2, or sessions
  • Adding multi-factor authentication
  • Managing passwords and credentials

Choose Authorization when:

  • Implementing access control
  • Building role-based permissions (RBAC)
  • Working with policy engines (OPA, Casbin)
  • Preventing privilege escalation

Choose Input Validation when:

  • Processing user input
  • Preventing SQL injection
  • Protecting against XSS attacks
  • Validating file uploads
  • Preventing command injection

Choose Security Headers when:

  • Configuring Content Security Policy (CSP)
  • Implementing HTTPS enforcement (HSTS)
  • Setting up CORS for APIs
  • Preventing clickjacking
  • Hardening web applications

Choose Vulnerability Assessment when:

  • Testing for OWASP Top 10
  • Running security scans (SAST/DAST)
  • Performing penetration tests
  • Auditing application security
  • Setting up security CI/CD

Choose Secrets Management when:

  • Storing API keys or credentials
  • Integrating with HashiCorp Vault
  • Using AWS Secrets Manager or GCP Secret Manager
  • Rotating encryption keys
  • Managing CI/CD secrets

Integration with Other Skills

Security skills commonly combine with:

API skills (discover-api):

  • API authentication and authorization
  • API input validation
  • API rate limiting (abuse prevention)
  • Securing REST and GraphQL endpoints

Database skills (discover-database):

  • SQL injection prevention
  • Database connection security
  • Credential management
  • Row-level security

Frontend skills (discover-frontend):

  • XSS prevention in React/Vue
  • Content Security Policy
  • Secure cookie handling
  • Client-side validation

Infrastructure skills (discover-infrastructure, discover-cloud):

  • Secrets management in deployments
  • Network security
  • Container security scanning
  • TLS/SSL configuration

Testing skills (discover-testing):

  • Security integration tests
  • Penetration testing
  • Automated security scans
  • Vulnerability regression tests

Usage Instructions

  1. Auto-activation: This skill loads automatically when Claude Code detects security-related work
  2. Browse skills: Run cat skills/security/INDEX.md for full category overview
  3. Load specific skills: Use bash commands above to load individual skills
  4. Follow workflows: Use recommended sequences for common security patterns
  5. Combine skills: Load multiple skills for comprehensive security coverage

Progressive Loading

This gateway skill (~200 lines, ~2K tokens) enables progressive loading:

  • Level 1: Gateway loads automatically (you're here now)
  • Level 2: Load category INDEX.md (~3K tokens) for full overview
  • Level 3: Load specific skills (~2-4K tokens each) as needed

Total context: 2K + 3K + skill(s) = 5-12K tokens vs 30K+ for entire index.

Quick Start Examples

"Implement user authentication":

cat skills/security/authentication.md

"Add role-based access control":

cat skills/security/authorization.md

"Prevent SQL injection":

cat skills/security/input-validation.md

"Configure Content Security Policy":

cat skills/security/security-headers.md

"Test for OWASP vulnerabilities":

cat skills/security/vulnerability-assessment.md

"Integrate HashiCorp Vault":

cat skills/security/secrets-management.md

"Secure API with JWT":

cat skills/security/authentication.md
cat skills/security/authorization.md

Next Steps: Run cat skills/security/INDEX.md to see full category details, or load specific skills using the bash commands above.