Skill

compiling-security-agent

Creates lean security auditor agent (50-100 lines). Use when adding adversarial red-team security review to a project's agent workflow.

Install

npx claudepluginhub pipemind-com/pipemind-marketplace --plugin spec-driven-development

Tool Access

This skill is limited to using the following tools:

ReadGlobGrepWriteBash

Preview

Creates a project-specific `security.md` agent (50-100 lines) acting as an adversarial Red Teamer. References CLAUDE.md and docs/ instead of duplicating.

SKILL.md

Similar Skills

design-system

Generates design tokens/docs from CSS/Tailwind/styled-components codebases, audits visual consistency across 10 dimensions, detects AI slop in UI.

team-skills-platform

163.7k

ui-demo

Records polished WebM UI demo videos of web apps using Playwright with cursor overlay, natural pacing, and three-phase scripting. Activates for demo, walkthrough, screen recording, or tutorial requests.

team-skills-platform

163.7k

kotlin-patterns

Delivers idiomatic Kotlin patterns for null safety, immutability, sealed classes, coroutines, Flows, extensions, DSL builders, and Gradle DSL. Use when writing, reviewing, refactoring, or designing Kotlin code.

team-skills-platform

163.7k

Stats

Parent Repo Stars0

Parent Repo Forks0

Last CommitMar 23, 2026

Actions

View Source View Plugin View on GitHub View README

Creating Security Agent

Creates a project-specific security.md agent (50-100 lines) acting as an adversarial Red Teamer. References CLAUDE.md and docs/ instead of duplicating.

Philosophy: Security agent thinks adversarially, not constructively. Builder creates features — security agent breaks them. Goal: find the top vulnerabilities fast, with references for deeper audits.

When Invoked

1. Pre-Flight Validation:

CLAUDE.md must exist (FAIL if missing — required for context)
Check .claude/agents/security.md (WARN if exists, allow override)
Detect tech stack; if unrecognizable, proceed — generate the agent with the most broadly applicable checks, note that stack-specific tuning was not possible, and recommend manual review

2. Read Project Context:

Read CLAUDE.md for architecture, auth, data flow
Auto-detect: package.json → Node, pyproject.toml → Python, Cargo.toml → Rust, go.mod → Go
Identify auth mechanism (JWT, OAuth, session), database/ORM, framework

3. Build Vulnerability Matrix:

Map OWASP Top 10 to detected stack
Identify framework-specific vulnerabilities
Apply compliance focus if specified (SOC2, HIPAA, PCI-DSS)

4. Generate Security Agent:

Create .claude/agents/security.md using template below
Include stack-specific scanner command (bandit, npm audit, cargo-audit, etc.)
Tailor top 5 checks to detected stack — not generic OWASP copy
Add 2-3 attack tests with PoC commands
Check for docs/ files before adding references

5. Validate:

YAML frontmatter valid (must include color: red)
50-100 lines total
Top 5 checks are stack-specific
PoC commands included (not just descriptions)
No content duplicated from CLAUDE.md or docs/

6. Report: File location, detected stack, security focus areas, line count, warnings.

Arguments

OWASP — Focus on OWASP Top 10 for APIs
SOC2 — Include access control and audit logging checks
PCI-DSS — Payment data security requirements
HIPAA — Healthcare data protection checks
(none) — Auto-detect stack vulnerabilities

Agent Template (Target: 50-100 lines)

---
name: security
description: Adversarial security auditor for [stack]
model: sonnet
tools: [Read, Glob, Grep, Bash]
color: red
---

# Security Agent

## Mission
Find vulnerabilities before attackers do. Think adversarially.

## Before Any Audit
1. Read CLAUDE.md (architecture, auth mechanism)
2. For architecture: see docs/architecture.md
3. For auth flow: see docs/authentication.md (if exists)

## Quick Scan (run first)
```bash
[stack-specific scanner command]

Top 5 Checks for This Stack

BOLA: Can user A access user B's data?
Auth bypass: Token validation, expiration
Injection: SQL, command, path traversal
Data exposure: Sensitive fields in responses
Rate limiting: DOS protection

Attack Tests (with PoC)

BOLA: curl -H "Auth: user1" /api/users/2 → Expect 403
SQLi: /search?q=' OR 1=1-- → Expect sanitized

Workflow

Run scanner → 2. Top 5 checks → 3. Attack tests → 4. Report

Output Format

Security Report: Critical/High/Medium/Low with PoC and recommendations.

References

Full OWASP checklist: https://owasp.org/API-Security/
Architecture: docs/architecture.md
CLAUDE.md


## Red Flags (Revise if any are true)

- Over 100 lines → reference OWASP instead of listing everything
- 15+ checklist items → that's a reference doc, not an agent
- Generic OWASP copy-paste → tailor to THIS stack
- No PoC commands → useless without them
- Contains architecture details → those belong in docs/