Skill

discover-security

Auto-discovers security skills for authentication, authorization, input validation, security headers, vulnerability assessment, and secrets management in app security and OWASP tasks.

Oauth

JWT

AWS

security

authentication

Install

npx claudepluginhub rand/cc-polymath --plugin cc-polymath

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Provides automatic access to comprehensive application security, vulnerability assessment, and security best practices skills.

SKILL.md

Similar Skills

kotlin-ktor-patterns

Provides Ktor server patterns for routing DSL, plugins (auth, CORS, serialization), Koin DI, WebSockets, services, and testApplication testing.

everything-claude-code

163.2k

deep-research

Conducts multi-source web research with firecrawl and exa MCPs: searches, scrapes pages, synthesizes cited reports. For deep dives, competitive analysis, tech evaluations, or due diligence.

everything-claude-code

163.2k

inventory-demand-planning

Provides demand forecasting, safety stock optimization, replenishment planning, and promotional lift estimation for multi-location retailers managing 300-800 SKUs.

everything-claude-code

163.2k

Stats

Stars75

Forks5

Last CommitFeb 28, 2026

Actions

View Source View Plugin View on GitHub View README

Security Skills Discovery

Provides automatic access to comprehensive application security, vulnerability assessment, and security best practices skills.

When This Skill Activates

This skill auto-activates when you're working with:

Authentication and authorization systems
Input validation and sanitization
Security headers (CSP, HSTS, CORS)
Vulnerability scanning and penetration testing
OWASP Top 10 vulnerabilities
Secrets management (Vault, AWS Secrets Manager)
SQL injection, XSS, or other attack prevention
Security hardening and compliance
Password hashing and credential management
API security and access control

Available Skills

Quick Reference

The Security category contains 6 specialized skills:

authentication - Authentication patterns (JWT, OAuth2, sessions, MFA, password security)
authorization - Access control (RBAC, ABAC, policy engines, permissions)
input-validation - Input validation and sanitization (SQL injection, XSS, command injection)
security-headers - HTTP security headers (CSP, HSTS, X-Frame-Options, CORS)
vulnerability-assessment - Security testing (OWASP Top 10, scanning tools, pentesting)
secrets-management - Secrets handling (Vault, AWS Secrets Manager, key rotation)

Load Full Category Details

For complete descriptions and workflows:

Read ../security/INDEX.md

This loads the full Security category index with:

Detailed skill descriptions
Usage triggers for each skill
Common workflow combinations
Cross-references to related skills

Load Specific Skills

Load individual skills as needed:

Identity and access

Read ../security/authentication.md Read ../security/authorization.md

Input security

Read ../security/input-validation.md Read ../security/security-headers.md

Security operations

Read ../security/vulnerability-assessment.md Read ../security/secrets-management.md

Common Workflows

Secure Web Application

Sequence: Authentication → Authorization → Input validation → Security headers

Read ../security/authentication.md # User login Read ../security/authorization.md # Access control Read ../security/input-validation.md # XSS/SQL injection prevention Read ../security/security-headers.md # Browser protection

Security Audit

Sequence: Vulnerability assessment → Input validation → Headers → Secrets

Read ../security/vulnerability-assessment.md # OWASP Top 10 testing Read ../security/input-validation.md # Injection testing Read ../security/security-headers.md # Header configuration Read ../security/secrets-management.md # Credential security

API Security

Sequence: Authentication → Authorization → Input validation → Secrets

Read ../security/authentication.md # JWT/OAuth2 Read ../security/authorization.md # API access control Read ../security/input-validation.md # Request validation Read ../security/secrets-management.md # API key management

DevSecOps Pipeline

Sequence: Vulnerability assessment → Secrets → Input validation

Read ../security/vulnerability-assessment.md # Security scanning Read ../security/secrets-management.md # CI/CD secrets Read ../security/input-validation.md # SAST validation

Secure New Application

Full security implementation from scratch:

1. Identity and access

Read ../security/authentication.md Read ../security/authorization.md

2. Input protection

Read ../security/input-validation.md Read ../security/security-headers.md

3. Operations

Read ../security/secrets-management.md Read ../security/vulnerability-assessment.md

Skill Selection Guide

Choose Authentication when:

Implementing user login systems
Working with JWT, OAuth2, or sessions
Adding multi-factor authentication
Managing passwords and credentials

Choose Authorization when:

Implementing access control
Building role-based permissions (RBAC)
Working with policy engines (OPA, Casbin)
Preventing privilege escalation

Choose Input Validation when:

Processing user input
Preventing SQL injection
Protecting against XSS attacks
Validating file uploads
Preventing command injection

Choose Security Headers when:

Configuring Content Security Policy (CSP)
Implementing HTTPS enforcement (HSTS)
Setting up CORS for APIs
Preventing clickjacking
Hardening web applications

Choose Vulnerability Assessment when:

Testing for OWASP Top 10
Running security scans (SAST/DAST)
Performing penetration tests
Auditing application security
Setting up security CI/CD

Choose Secrets Management when:

Storing API keys or credentials
Integrating with HashiCorp Vault
Using AWS Secrets Manager or GCP Secret Manager
Rotating encryption keys
Managing CI/CD secrets

Integration with Other Skills

Security skills commonly combine with:

API skills (discover-api):

API authentication and authorization
API input validation
API rate limiting (abuse prevention)
Securing REST and GraphQL endpoints

Database skills (discover-database):

SQL injection prevention
Database connection security
Credential management
Row-level security

Frontend skills (discover-frontend):

XSS prevention in React/Vue
Content Security Policy
Secure cookie handling
Client-side validation

Infrastructure skills (discover-infrastructure, discover-cloud):

Secrets management in deployments
Network security
Container security scanning
TLS/SSL configuration

Testing skills (discover-testing):

Security integration tests
Penetration testing
Automated security scans
Vulnerability regression tests

Usage Instructions

Auto-activation: This skill loads automatically when Claude Code detects security-related work
Browse skills: Run Read ../security/INDEX.md for full category overview
Load specific skills: Use bash commands above to load individual skills
Follow workflows: Use recommended sequences for common security patterns
Combine skills: Load multiple skills for comprehensive security coverage

Progressive Loading

This gateway skill (~200 lines, ~2K tokens) enables progressive loading:

Level 1: Gateway loads automatically (you're here now)
Level 2: Load category INDEX.md (~3K tokens) for full overview
Level 3: Load specific skills (~2-4K tokens each) as needed

Total context: 2K + 3K + skill(s) = 5-12K tokens vs 30K+ for entire index.

Quick Start Examples

"Implement user authentication": Read ../security/authentication.md

"Add role-based access control": Read ../security/authorization.md

"Prevent SQL injection": Read ../security/input-validation.md

"Configure Content Security Policy": Read ../security/security-headers.md

"Test for OWASP vulnerabilities": Read ../security/vulnerability-assessment.md

"Integrate HashiCorp Vault": Read ../security/secrets-management.md

"Secure API with JWT": Read ../security/authentication.md Read ../security/authorization.md

Next Steps: Run Read ../security/INDEX.md to see full category details, or load specific skills using the bash commands above.