Skill

security-architecture

Security architecture: JWT rotation, OAuth2/OIDC, encryption, OWASP top 10, zero-trust patterns, mTLS, RLS multi-tenancy. Use when designing auth or security.

Install

npx claudepluginhub rnavarych/alpha-engineer --plugin billy-milligan

Tool Access

This skill is limited to using the following tools:

ReadGrepGlob

Preview

- Designing authentication/authorization for a new service

Supporting Assets

assets/security-review-template.mdreferences/auth-patterns.mdreferences/encryption-reference.mdreferences/owasp-extended.mdreferences/owasp-top-10.mdreferences/zero-trust-patterns.md

SKILL.md

Similar Skills

agent-payment-x402

Enables AI agents to execute x402 payments with per-task budgets, spending controls, and non-custodial wallets via MCP tools. Use when agents pay for APIs, services, or other agents.

everything-claude-code

156.2k

agent-harness-construction

Designs and optimizes AI agent action spaces, tool definitions, observation formats, error recovery, and context for higher task completion rates.

everything-claude-code

156.2k

agent-introspection-debugging

Implements structured self-debugging workflow for AI agent failures: capture errors, diagnose patterns like loops or context overflow, apply contained recoveries, and generate introspection reports.

everything-claude-code

156.2k

Stats

Parent Repo Stars9

Parent Repo Forks0

Last CommitFeb 23, 2026

Actions

View Source View Plugin View on GitHub View README

Core principles

Defense in depth — no single security layer; combine auth + encryption + validation + monitoring

Principle of least privilege — request only permissions actually needed

Secrets never in code — environment variables, vault, KMS — no exceptions

Validate all external input — every boundary is a trust boundary

Security is a feature — design it in, don't bolt it on

References available

references/auth-patterns.md — JWT rotation, sessions, OAuth2/OIDC, API keys, mTLS decision tree

references/encryption-reference.md — at-rest, in-transit, field-level, KMS/Vault key management

references/owasp-top-10.md — A01–A05: broken access control, crypto failures, injection, insecure design, misconfiguration

references/owasp-extended.md — A06–A10: vulnerable components, auth failures, integrity, security logging, SSRF

references/zero-trust-patterns.md — service mesh, mTLS, SPIFFE/SPIRE, network policies

Security Architecture

When to use

Designing authentication/authorization for a new service
Implementing encryption (at-rest, in-transit, field-level)
Reviewing security posture against OWASP or zero-trust principles

Core principles

Defense in depth — no single security layer; combine auth + encryption + validation + monitoring
Principle of least privilege — request only permissions actually needed
Secrets never in code — environment variables, vault, KMS — no exceptions
Validate all external input — every boundary is a trust boundary
Security is a feature — design it in, don't bolt it on

References available

references/auth-patterns.md — JWT rotation, sessions, OAuth2/OIDC, API keys, mTLS decision tree
references/encryption-reference.md — at-rest, in-transit, field-level, KMS/Vault key management
references/owasp-top-10.md — A01–A05: broken access control, crypto failures, injection, insecure design, misconfiguration
references/owasp-extended.md — A06–A10: vulnerable components, auth failures, integrity, security logging, SSRF
references/zero-trust-patterns.md — service mesh, mTLS, SPIFFE/SPIRE, network policies

Assets available

assets/security-review-template.md — threat model template: assets, threats, mitigations