Automatically discover security skills when working with authentication, authorization, input validation, security headers, vulnerability assessment, or secrets management. Activates for application security, OWASP, and security hardening tasks.
Automatically provides comprehensive security skills for authentication, authorization, input validation, and vulnerability assessment. Activates when working with security headers, OWASP topics, secrets management, or application security hardening tasks.
/plugin marketplace add rand/cc-polymath/plugin install cc-polymath@cc-polymath-marketplaceThis skill inherits all available tools. When active, it can use any tool Claude has access to.
Provides automatic access to comprehensive application security, vulnerability assessment, and security best practices skills.
This skill auto-activates when you're working with:
The Security category contains 6 specialized skills:
For complete descriptions and workflows:
cat ~/.claude/skills/security/INDEX.md
This loads the full Security category index with:
Load individual skills as needed:
# Identity and access
cat ~/.claude/skills/security/authentication.md
cat ~/.claude/skills/security/authorization.md
# Input security
cat ~/.claude/skills/security/input-validation.md
cat ~/.claude/skills/security/security-headers.md
# Security operations
cat ~/.claude/skills/security/vulnerability-assessment.md
cat ~/.claude/skills/security/secrets-management.md
Sequence: Authentication → Authorization → Input validation → Security headers
cat ~/.claude/skills/security/authentication.md # User login
cat ~/.claude/skills/security/authorization.md # Access control
cat ~/.claude/skills/security/input-validation.md # XSS/SQL injection prevention
cat ~/.claude/skills/security/security-headers.md # Browser protection
Sequence: Vulnerability assessment → Input validation → Headers → Secrets
cat ~/.claude/skills/security/vulnerability-assessment.md # OWASP Top 10 testing
cat ~/.claude/skills/security/input-validation.md # Injection testing
cat ~/.claude/skills/security/security-headers.md # Header configuration
cat ~/.claude/skills/security/secrets-management.md # Credential security
Sequence: Authentication → Authorization → Input validation → Secrets
cat ~/.claude/skills/security/authentication.md # JWT/OAuth2
cat ~/.claude/skills/security/authorization.md # API access control
cat ~/.claude/skills/security/input-validation.md # Request validation
cat ~/.claude/skills/security/secrets-management.md # API key management
Sequence: Vulnerability assessment → Secrets → Input validation
cat ~/.claude/skills/security/vulnerability-assessment.md # Security scanning
cat ~/.claude/skills/security/secrets-management.md # CI/CD secrets
cat ~/.claude/skills/security/input-validation.md # SAST validation
Full security implementation from scratch:
# 1. Identity and access
cat ~/.claude/skills/security/authentication.md
cat ~/.claude/skills/security/authorization.md
# 2. Input protection
cat ~/.claude/skills/security/input-validation.md
cat ~/.claude/skills/security/security-headers.md
# 3. Operations
cat ~/.claude/skills/security/secrets-management.md
cat ~/.claude/skills/security/vulnerability-assessment.md
Choose Authentication when:
Choose Authorization when:
Choose Input Validation when:
Choose Security Headers when:
Choose Vulnerability Assessment when:
Choose Secrets Management when:
Security skills commonly combine with:
API skills (discover-api):
Database skills (discover-database):
Frontend skills (discover-frontend):
Infrastructure skills (discover-infrastructure, discover-cloud):
Testing skills (discover-testing):
cat ~/.claude/skills/security/INDEX.md for full category overviewThis gateway skill (~200 lines, ~2K tokens) enables progressive loading:
Total context: 2K + 3K + skill(s) = 5-12K tokens vs 30K+ for entire index.
"Implement user authentication":
cat ~/.claude/skills/security/authentication.md
"Add role-based access control":
cat ~/.claude/skills/security/authorization.md
"Prevent SQL injection":
cat ~/.claude/skills/security/input-validation.md
"Configure Content Security Policy":
cat ~/.claude/skills/security/security-headers.md
"Test for OWASP vulnerabilities":
cat ~/.claude/skills/security/vulnerability-assessment.md
"Integrate HashiCorp Vault":
cat ~/.claude/skills/security/secrets-management.md
"Secure API with JWT":
cat ~/.claude/skills/security/authentication.md
cat ~/.claude/skills/security/authorization.md
Next Steps: Run cat ~/.claude/skills/security/INDEX.md to see full category details, or load specific skills using the bash commands above.
This skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.