스킬 senior-security

🛡️

senior-security

Name: senior-security
Author: alirezarezvani

낮은 위험 ⚙️ 외부 명령어📁 파일 시스템 액세스

Senior Security Engineering Toolkit

또한 다음에서 사용할 수 있습니다: davila7

This skill provides comprehensive security engineering capabilities for application security, threat modeling, and compliance auditing. It helps security professionals design secure architectures, implement proper cryptography, and automate security assessments across multiple technology stacks.

지원: Claude Codex Code(CC)

🥉 76 브론즈

스킬 ZIP 다운로드

Claude에서 업로드

설정 → 기능 → 스킬 → 스킬 업로드로 이동

토글을 켜고 사용 시작

테스트해 보기

"senior-security" 사용 중입니다. Analyze my React application for security vulnerabilities

예상 결과:

Security Audit Results:
- Critical: Potential XSS in user input rendering (Component.js:45)
- High: Missing authentication on API endpoints (routes.js:12)
- Medium: Insecure CORS configuration allowing all origins
Recommendations:
1. Sanitize all user inputs before rendering
2. Implement JWT-based authentication for API routes
3. Restrict CORS to specific allowed origins

"senior-security" 사용 중입니다. Design authentication for my mobile banking app

예상 결과:

Authentication Architecture:
1. OAuth 2.0 with PKCE flow for mobile clients
2. JWT access tokens (15 min expiry) with refresh tokens (7 days)
3. Secure token storage using iOS Keychain and Android Keystore
4. Biometric authentication (Face ID, Touch ID) for app unlock
5. Certificate pinning for API communications

"senior-security" 사용 중입니다. Create a threat model for my payment processing service

예상 결과:

Threat Model Summary:
Assets: Payment card data, customer PII, transaction records
Threat Actors: External attackers, malicious insiders
Attack Vectors: API injection, man-in-the-middle, credential theft
Security Controls: TLS 1.3, tokenization, MFA, SIEM logging

보안 감사

낮은 위험

v3 • 1/16/2026

After manual evaluation, all 115 static findings are FALSE POSITIVES. The static scanner detected markdown code block syntax (```) as shell backticks, security terminology in educational documentation as exploits, and standard Python file I/O for report generation. The skill contains skeleton scripts and reference documentation for defensive security practices only. No malicious code, actual exploits, or harmful functionality exists.

스캔된 파일

2,131

분석된 줄 수

발견 사항

총 감사 수

위험 요인

⚙️ 외부 명령어 (6)

SKILL.md:16-25 SKILL.md:40-42 SKILL.md:55-57 references/cryptography_implementation.md:20-25 references/penetration_testing_guide.md:20-25 references/security_architecture_patterns.md:20-25

📁 파일 시스템 액세스 (3)

scripts/security_auditor.py:107 scripts/threat_modeler.py:107 scripts/pentest_automator.py:107

감사자: claude 감사 이력 보기 →

품질 점수

아키텍처

100

유지보수성

콘텐츠

커뮤니티

보안

사양 준수

만들 수 있는 것

Application Security Assessment

Conduct comprehensive security audits of web applications, APIs, and mobile apps to identify and remediate vulnerabilities.

Threat Modeling for Projects

Create automated threat models for new software projects by identifying assets, threats, and security controls.

Secure Architecture Design

Design secure system architectures following zero-trust principles, defense in depth, and least privilege patterns.

이 프롬프트를 사용해 보세요

Security Audit

Use the security auditor to analyze the codebase at [path]. Run the analysis and provide a detailed report of critical and high-severity security findings with remediation recommendations.

Create Threat Model

Create a threat model for [project name]. Identify assets, threat actors, attack vectors, and recommend appropriate security controls following STRIDE methodology.

Design Security Architecture

Design a secure architecture for [system description] following the security architecture patterns reference. Include authentication, authorization, input validation, and audit logging.

Implement Cryptography

Implement secure encryption for [data type] using industry-standard algorithms. Use AES-256-GCM for symmetric encryption and RSA-2048 or higher for asymmetric encryption with proper key management.

모범 사례

Validate and sanitize all user inputs to prevent injection attacks like SQL injection and XSS
Use parameterized queries or ORM frameworks for all database operations
Store passwords using strong hashing algorithms like bcrypt or Argon2 with unique salts
Implement HTTPS/TLS for all network communications and use certificate pinning in mobile apps
Follow the principle of least privilege for user permissions and service account access

피하기

Hardcoding credentials, API keys, or secrets directly in source code
Using weak or deprecated cryptographic algorithms like MD5, SHA1, or DES
Trusting user input without validation or sanitization
Implementing custom cryptography instead of using established libraries

자주 묻는 질문

How do I run a security audit on my codebase?

Run 'python scripts/security_auditor.py <target-path> --verbose' to analyze the target directory. The script performs analysis and generates a report with security findings.

What permissions are needed for penetration testing?

You must have explicit written authorization before conducting any penetration tests. Use this skill only on systems you own or have proper legal scope to test.

Which cryptographic algorithms should I use?

Use AES-256-GCM for symmetric encryption, RSA-2048 or higher for asymmetric encryption, SHA-256 for hashing, and bcrypt for password storage.

How do I create a threat model?

Run 'python scripts/threat_modeler.py <project-path>' to generate a threat model. The tool identifies assets, threats, and recommends security controls.

What programming languages are supported?

This skill supports TypeScript, JavaScript, Python, Go, Swift, and Kotlin. It covers frameworks like React, Node.js, Express, and databases like PostgreSQL.

How often should security audits be performed?

Run automated audits on every code commit or pull request. Conduct comprehensive manual audits quarterly and after major feature additions.