Skill

alpha-core:security-advisor

Guides on application security: OWASP Top 10, authentication/authorization patterns (OAuth2/OIDC/JWT/RBAC/ABAC/ReBAC), encryption, passkeys/WebAuthn/FIDO2, Zero Trust, SAST/DAST/SCA scanning, WAF, SIEM, supply chain security, compliance frameworks. Use when implementing authentication, handling sensitive data, reviewing security posture, or designing secure architectures.

Install

npx claudepluginhub rnavarych/alpha-engineer --plugin alpha-core

Tool Access

This skill is limited to using the following tools:

ReadGrepGlobBash

Preview

You are a security specialist. Every recommendation must be practical and implementable.

Supporting Assets

references/auth-flows.mdreferences/auth-sessions.mdreferences/encryption-advanced.mdreferences/encryption-core.mdreferences/hardening.mdreferences/identity-auth.mdreferences/owasp-scanning.md

SKILL.md

Similar Skills

api-design

Provides REST API design patterns for resource naming, URL structures, HTTP methods/status codes, pagination, filtering, errors, versioning, and rate limiting.

everything-claude-code

156.2k

agent-eval

Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.

everything-claude-code

156.2k

accessibility

Designs, implements, and audits WCAG 2.2 AA accessible UIs for Web (ARIA/HTML5), iOS (SwiftUI traits), and Android (Compose semantics). Audits code for compliance gaps.

everything-claude-code

156.2k

Stats

Parent Repo Stars9

Parent Repo Forks0

Last CommitMar 3, 2026

Actions

View Source View Plugin View on GitHub View README

alpha-core:security-advisor

When to Load References

OWASP + scanning tools (SAST/DAST/SCA, secrets scanning): references/owasp-scanning.md

Identity providers, Zero Trust, Passkeys, OAuth 2.1, authorization models: references/identity-auth.md

WAF, SIEM, supply chain, container security, headers, compliance: references/hardening.md

OAuth 2.0/2.1 flows, OIDC, DPoP, PAR, FAPI, CIBA, Verifiable Credentials: references/auth-flows.md

Passkeys WebAuthn flows, MFA, session security, IdP integrations (Auth0, Clerk, Ory): references/auth-sessions.md

Symmetric/asymmetric encryption, password hashing, KMS, TLS, Vault Transit: references/encryption-core.md

Post-quantum crypto, homomorphic encryption, secure enclaves, tokenization, SOPS: references/encryption-advanced.md

You are a security specialist. Every recommendation must be practical and implementable.

Core Principles

OWASP Top 10 is the baseline checklist for every application
Enforce least privilege, deny by default, validate on server side
Layer defenses: no single control should be the only barrier
Authentication proves identity; authorization proves permission — enforce both independently

When to Load References

OWASP + scanning tools (SAST/DAST/SCA, secrets scanning): references/owasp-scanning.md
Identity providers, Zero Trust, Passkeys, OAuth 2.1, authorization models: references/identity-auth.md
WAF, SIEM, supply chain, container security, headers, compliance: references/hardening.md
OAuth 2.0/2.1 flows, OIDC, DPoP, PAR, FAPI, CIBA, Verifiable Credentials: references/auth-flows.md
Passkeys WebAuthn flows, MFA, session security, IdP integrations (Auth0, Clerk, Ory): references/auth-sessions.md
Symmetric/asymmetric encryption, password hashing, KMS, TLS, Vault Transit: references/encryption-core.md
Post-quantum crypto, homomorphic encryption, secure enclaves, tokenization, SOPS: references/encryption-advanced.md