ajshedivy/security
skills/security/SKILL.md
Assess IBM i security posture including user privileges, object authorities, vulnerability detection, and function usage via SQL services. Use when user asks about: (1) user profiles with special authorities or limited capabilities, (2) object privileges and *PUBLIC authority exposure, (3) files vulnerable to trigger, rename, or library list attacks, (4) user impersonation vulnerabilities, (5) group profile membership, (6) function usage and access control, (7) security audit and compliance, or (8) replacing WRKOBJAUT, DSPUSRPRF, DSPAUTL commands.
$ install --global
skillsauthnpx skillsauth add ajshedivy/ibmi-agent-skills securityInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 25, 2026, 5:36 AM54.3s4 files scanned
SKILL.md
- name:
- security
- description:
- Assess IBM i security posture including user privileges, object authorities, vulnerability detection, and function usage via SQL services. Use when user asks about: (1) user profiles with special authorities or limited capabilities, (2) object privileges and *PUBLIC authority exposure, (3) files vulnerable to trigger, rename, or library list attacks, (4) user impersonation vulnerabilities, (5) group profile membership, (6) function usage and access control, (7) security audit and compliance, or (8) replacing WRKOBJAUT, DSPUSRPRF, DSPAUTL commands.
IBM i Security & Vulnerability Assessment
Assess security posture including user privileges, object authorities, vulnerability detection, and function usage using SQL services from QSYS2 and SYSTOOLS.
Available Tools
The ibmi CLI is the primary tool for executing security queries. Set SKILL_DIR to this skill's installed location (the directory containing this SKILL.md file):
# SKILL_DIR = directory containing this SKILL.md
# Examples: ./skills/security, ~/.claude/skills/security
ibmi tools --tools "$SKILL_DIR/tools/" --toolset security_default
ibmi tool list_users_with_special_authorities --tools "$SKILL_DIR/tools/"
ibmi sql "SELECT AUTHORIZATION_NAME, SPECIAL_AUTHORITIES FROM QSYS2.USER_INFO_BASIC WHERE SPECIAL_AUTHORITIES IS NOT NULL"
Service Selection Guide
User Profiles & Authorities
- QSYS2.USER_INFO_BASIC -- User profiles with status, authorities, password settings
- SYSTOOLS.SPECIAL_AUTHORITY_DATA_MART -- Users with special authorities (*ALLOBJ, *SAVSYS, etc.)
- QSYS2.GROUP_PROFILE_ENTRIES -- Group profile membership
- QSYS2.COMMAND_INFO -- Commands allowed for limited-capability users
Object & File Privileges
- QSYS2.OBJECT_PRIVILEGES -- Object-level authority details for any object type
- QSYS2.LIBRARY_LIST_INFO -- Library list entries for library list attack assessment
Function Access
- QSYS2.FUNCTION_USAGE -- Function-level access control settings
Key Capabilities
User Security Analysis
- Limited Capability Users -- Find users with restricted command access
- Special Authorities -- Identify users with *ALLOBJ, *SAVSYS, *SECADM, etc.
- Group Membership -- Review who belongs to which group profiles
- Function Access -- Check who can use specific system functions
Vulnerability Assessment
- Impersonation Risk -- Profiles where *PUBLIC is not *EXCLUDE
- Attack Vector Commands -- *PUBLIC authority on dangerous commands (ADDPFTRG, CRTPGM, etc.)
- File Exposure -- Database files readable/writable by *PUBLIC
- Trigger Attacks -- Files where *PUBLIC has read plus alter/manage authority
- Library List Poisoning -- System libraries where *PUBLIC can create tables
Common Use Cases
- Security audit -- Review user authorities and object exposure
- Vulnerability scan -- Find files, profiles, and commands at risk
- Privilege review -- List users with elevated special authorities
- Group analysis -- Understand group profile membership and inherited rights
- Compliance check -- Verify *PUBLIC authority is properly restricted
- Attack surface mapping -- Identify library list and trigger attack vectors
- Function access review -- Check who can access specific system functions
Quick Examples
Users with *ALLOBJ authority
ibmi tool list_users_with_special_authorities --tools "$SKILL_DIR/tools/" --authority-filter '*ALLOBJ'
Profiles vulnerable to impersonation
ibmi tool list_profiles_vulnerable_to_impersonation --tools "$SKILL_DIR/tools/"
Files exposed to trigger attack
ibmi tool list_files_exposed_to_trigger_attack --tools "$SKILL_DIR/tools/"
Group profile members
ibmi tool list_group_profile_members --tools "$SKILL_DIR/tools/" --group-filter QSECOFR
Pre-built Tools
The tools/security.yaml file provides 12 ready-to-use tools:
| Tool | Description |
|------|-------------|
| list_users_with_limited_capabilities | Users configured with limited capabilities |
| list_commands_for_limited_users | Commands executable by limited-capability users |
| list_users_with_special_authorities | Users with special authorities from data mart |
| list_profiles_vulnerable_to_impersonation | Profiles where *PUBLIC is not *EXCLUDE |
| list_public_authority_on_attack_commands | *PUBLIC authority on dangerous commands |
| list_db_files_readable_by_public | Database files readable by any user |
| list_files_exposed_to_trigger_attack | Files vulnerable to trigger-based attacks |
| list_system_libs_allowing_table_creation | System libraries open to table creation |
| list_group_profile_members | Group profile membership entries |
| list_function_usage | Function-level access control settings |
| list_authorization_lists | Authorization lists and their secured objects |
| list_authorization_list_users | Users and their authorities on authorization lists |
ibmi tool <tool_name> --tools "$SKILL_DIR/tools/" # Execute
ibmi tool <tool_name> --tools "$SKILL_DIR/tools/" --dry-run # Preview SQL
ibmi tools show <tool_name> --tools "$SKILL_DIR/tools/" # View details
Reference Documentation
- Security Services Catalog -- Available SQL services
- Example SQL Patterns -- Working query examples
- IBM OBJECT_PRIVILEGES -- View documentation
- IBM USER_INFO_BASIC -- View documentation
Related Skills
ajshedivy/work-management
tools
VerifiedTrustedCommunity
Query, monitor, and analyze jobs on IBM i using SQL table functions via the ibmi CLI. Use when user asks about: (1) finding jobs by status, user, subsystem, or type, (2) monitoring active job performance (CPU, I/O, memory), (3) detecting long-running SQL statements, (4) analyzing lock contention, (5) checking job queues, (6) scheduled jobs, (7) job logs, (8) replacing WRKACTJOB, WRKUSRJOB, WRKSBSJOB, WRKSBMJOB commands, or (9) any IBM i work management task.
2SKILL.mdUpdated Apr 2, 2026
ajshedivy/system-health
testing
VerifiedTrustedCommunity
Monitor IBM i system health including CPU, memory, disk, ASPs, system limits, and network status via SQL services. Use when user asks about: (1) CPU utilization or system status, (2) memory pool sizes or page faults, (3) disk capacity or ASP usage, (4) system limits approaching thresholds, (5) TCP/IP connections and network status, (6) system activity overview, (7) replacing WRKSYSSTS, WRKDSKSTS, WRKTCPSTS commands, or (8) any system health monitoring task.
2SKILL.mdUpdated Apr 2, 2026
ajshedivy/storage
development
VerifiedTrustedCommunity
Monitor and analyze IBM i storage resources including ASPs, disk units, temporary storage, user storage consumption, and NVMe devices via SQL services. Use when user asks about: (1) ASP capacity, usage, or health, (2) disk unit status or I/O performance, (3) temporary storage consumption by jobs, (4) storage used per user profile, (5) NVMe device health, (6) IASP vary operations, or (7) replacing WRKDSKSTS, WRKSYSSTS storage info, or WRKSTG commands.
2SKILL.mdUpdated Apr 2, 2026
ajshedivy/spool
testing
VerifiedTrustedCommunity
Manage and analyze spooled files, output queues, and printer configurations on IBM i via SQL services. Use when user asks about: (1) listing or searching output queues, (2) viewing spooled file entries by queue, user, or status, (3) reading spool file content, (4) identifying top spool consumers or old spool files, (5) printer file definitions, (6) spool storage analysis, (7) replacing WRKSPLF, WRKOUTQ, WRKOBJLCK commands, or (8) any spool file management task.
2SKILL.mdUpdated Apr 2, 2026