discover-security

Automatically discover security skills when working with authentication, authorization, input validation, security headers, vulnerability assessment, or secrets management. Activates for application security, OWASP, and security hardening tasks.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "discover-security" with this command: npx skills add rand/cc-polymath/rand-cc-polymath-discover-security

Security Skills Discovery

Provides automatic access to comprehensive application security, vulnerability assessment, and security best practices skills.

When This Skill Activates

This skill auto-activates when you're working with:

  • Authentication and authorization systems
  • Input validation and sanitization
  • Security headers (CSP, HSTS, CORS)
  • Vulnerability scanning and penetration testing
  • OWASP Top 10 vulnerabilities
  • Secrets management (Vault, AWS Secrets Manager)
  • SQL injection, XSS, or other attack prevention
  • Security hardening and compliance
  • Password hashing and credential management
  • API security and access control

Available Skills

Quick Reference

The Security category contains 6 specialized skills:

  1. authentication - Authentication patterns (JWT, OAuth2, sessions, MFA, password security)
  2. authorization - Access control (RBAC, ABAC, policy engines, permissions)
  3. input-validation - Input validation and sanitization (SQL injection, XSS, command injection)
  4. security-headers - HTTP security headers (CSP, HSTS, X-Frame-Options, CORS)
  5. vulnerability-assessment - Security testing (OWASP Top 10, scanning tools, pentesting)
  6. secrets-management - Secrets handling (Vault, AWS Secrets Manager, key rotation)

Load Full Category Details

For complete descriptions and workflows:

Read ../security/INDEX.md

This loads the full Security category index with:

  • Detailed skill descriptions
  • Usage triggers for each skill
  • Common workflow combinations
  • Cross-references to related skills

Load Specific Skills

Load individual skills as needed:

Identity and access

Read ../security/authentication.md Read ../security/authorization.md

Input security

Read ../security/input-validation.md Read ../security/security-headers.md

Security operations

Read ../security/vulnerability-assessment.md Read ../security/secrets-management.md

Common Workflows

Secure Web Application

Sequence: Authentication → Authorization → Input validation → Security headers

Read ../security/authentication.md # User login Read ../security/authorization.md # Access control Read ../security/input-validation.md # XSS/SQL injection prevention Read ../security/security-headers.md # Browser protection

Security Audit

Sequence: Vulnerability assessment → Input validation → Headers → Secrets

Read ../security/vulnerability-assessment.md # OWASP Top 10 testing Read ../security/input-validation.md # Injection testing Read ../security/security-headers.md # Header configuration Read ../security/secrets-management.md # Credential security

API Security

Sequence: Authentication → Authorization → Input validation → Secrets

Read ../security/authentication.md # JWT/OAuth2 Read ../security/authorization.md # API access control Read ../security/input-validation.md # Request validation Read ../security/secrets-management.md # API key management

DevSecOps Pipeline

Sequence: Vulnerability assessment → Secrets → Input validation

Read ../security/vulnerability-assessment.md # Security scanning Read ../security/secrets-management.md # CI/CD secrets Read ../security/input-validation.md # SAST validation

Secure New Application

Full security implementation from scratch:

1. Identity and access

Read ../security/authentication.md Read ../security/authorization.md

2. Input protection

Read ../security/input-validation.md Read ../security/security-headers.md

3. Operations

Read ../security/secrets-management.md Read ../security/vulnerability-assessment.md

Skill Selection Guide

Choose Authentication when:

  • Implementing user login systems
  • Working with JWT, OAuth2, or sessions
  • Adding multi-factor authentication
  • Managing passwords and credentials

Choose Authorization when:

  • Implementing access control
  • Building role-based permissions (RBAC)
  • Working with policy engines (OPA, Casbin)
  • Preventing privilege escalation

Choose Input Validation when:

  • Processing user input
  • Preventing SQL injection
  • Protecting against XSS attacks
  • Validating file uploads
  • Preventing command injection

Choose Security Headers when:

  • Configuring Content Security Policy (CSP)
  • Implementing HTTPS enforcement (HSTS)
  • Setting up CORS for APIs
  • Preventing clickjacking
  • Hardening web applications

Choose Vulnerability Assessment when:

  • Testing for OWASP Top 10
  • Running security scans (SAST/DAST)
  • Performing penetration tests
  • Auditing application security
  • Setting up security CI/CD

Choose Secrets Management when:

  • Storing API keys or credentials
  • Integrating with HashiCorp Vault
  • Using AWS Secrets Manager or GCP Secret Manager
  • Rotating encryption keys
  • Managing CI/CD secrets

Integration with Other Skills

Security skills commonly combine with:

API skills (discover-api):

  • API authentication and authorization
  • API input validation
  • API rate limiting (abuse prevention)
  • Securing REST and GraphQL endpoints

Database skills (discover-database):

  • SQL injection prevention
  • Database connection security
  • Credential management
  • Row-level security

Frontend skills (discover-frontend):

  • XSS prevention in React/Vue
  • Content Security Policy
  • Secure cookie handling
  • Client-side validation

Infrastructure skills (discover-infrastructure, discover-cloud):

  • Secrets management in deployments
  • Network security
  • Container security scanning
  • TLS/SSL configuration

Testing skills (discover-testing):

  • Security integration tests
  • Penetration testing
  • Automated security scans
  • Vulnerability regression tests

Usage Instructions

  1. Auto-activation: This skill loads automatically when Claude Code detects security-related work
  2. Browse skills: Run Read ../security/INDEX.md for full category overview
  3. Load specific skills: Use bash commands above to load individual skills
  4. Follow workflows: Use recommended sequences for common security patterns
  5. Combine skills: Load multiple skills for comprehensive security coverage

Progressive Loading

This gateway skill (~200 lines, ~2K tokens) enables progressive loading:

  • Level 1: Gateway loads automatically (you're here now)
  • Level 2: Load category INDEX.md (~3K tokens) for full overview
  • Level 3: Load specific skills (~2-4K tokens each) as needed

Total context: 2K + 3K + skill(s) = 5-12K tokens vs 30K+ for entire index.

Quick Start Examples

"Implement user authentication": Read ../security/authentication.md

"Add role-based access control": Read ../security/authorization.md

"Prevent SQL injection": Read ../security/input-validation.md

"Configure Content Security Policy": Read ../security/security-headers.md

"Test for OWASP vulnerabilities": Read ../security/vulnerability-assessment.md

"Integrate HashiCorp Vault": Read ../security/secrets-management.md

"Secure API with JWT": Read ../security/authentication.md Read ../security/authorization.md

Next Steps: Run Read ../security/INDEX.md to see full category details, or load specific skills using the bash commands above.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

anti-slop

No summary provided by upstream source.

Repository SourceNeeds Review
-118
rand
General

elegant-design

No summary provided by upstream source.

Repository SourceNeeds Review
-70
rand
General

discover-frontend

No summary provided by upstream source.

Repository SourceNeeds Review
-47
rand