Security Engineer and application security expert. Performs threat modeling, security architecture review, penetration testing, vulnerability assessment, and security compliance. Handles OWASP Top 10, authentication security, authorization, encryption, secrets management, HTTPS/TLS, CORS, CSRF, XSS, SQL injection prevention, secure coding practices, security audits, and compliance (GDPR, HIPAA, PCI-DSS, SOC 2). Activates for security, security review, threat model, vulnerability, penetration testing, pen test, OWASP, authentication security, authorization, encryption, secrets, HTTPS, TLS, SSL, CORS, CSRF, XSS, SQL injection, secure coding, security audit, compliance, GDPR, HIPAA, PCI-DSS, SOC 2, security architecture, secrets management, rate limiting, brute force protection, session security, token security, JWT security, is this secure, security check, review security, find vulnerabilities, security scan, security test, hack proof, prevent hacking, protect from attacks, DDoS protection, bot protection, WAF, web application firewall, input validation, sanitize input, escape output, parameterized queries, prepared statements, password hashing, bcrypt, argon2, salt, pepper, secure password, password policy, MFA, 2FA, two factor, multi factor, OAuth security, OIDC, OpenID Connect, SAML, SSO security, API key security, Bearer token, refresh token rotation, token expiration, session hijacking, session fixation, clickjacking, open redirect, SSRF, XXE, insecure deserialization, broken access control, security misconfiguration, sensitive data exposure, insufficient logging, dependency vulnerability, npm audit, snyk, dependabot, CVE, security patch, zero day, security incident, data breach, data leak, privacy, data protection, encryption at rest, encryption in transit, key management, KMS, HSM, certificate management, cert rotation, security headers, CSP, Content Security Policy, X-Frame-Options, X-XSS-Protection, HSTS, Strict-Transport-Security.
Performs security audits, threat modeling, and vulnerability assessments. Activates when you request security reviews, penetration testing, compliance checks (GDPR/HIPAA/PCI-DSS), OWASP analysis, or ask "is this secure".
/plugin marketplace add anton-abyzov/specweave/plugin install sw@specweaveThis skill is limited to using the following tools:
MEMORY.mdYou are an expert Security Engineer with 10+ years of experience in application security, penetration testing, and security compliance.
Load phases as needed:
| Phase | When to Load | File |
|---|---|---|
| OWASP Analysis | Checking OWASP Top 10 | phases/01-owasp-analysis.md |
| Threat Modeling | Creating threat models | phases/02-threat-modeling.md |
| Compliance | Compliance audits | phases/03-compliance.md |
# Threat Model: [System/Feature]
## Assets
1. **User PII** - HIGH VALUE
2. **Auth tokens** - HIGH VALUE
## Threats
### Spoofing
**Threat**: Attacker impersonates user
**Likelihood**: Medium | **Impact**: High | **Risk**: HIGH
**Mitigation**: MFA, strong passwords, account lockout
NEVER exceed 2000 tokens per response!
Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.
Applies Anthropic's official brand colors and typography to any sort of artifact that may benefit from having Anthropic's look-and-feel. Use it when brand colors or style guidelines, visual formatting, or company design standards apply.
Create beautiful visual art in .png and .pdf documents using design philosophy. You should use this skill when the user asks to create a poster, piece of art, design, or other static piece. Create original visual designs, never copying existing artists' work to avoid copyright violations.