daryllundy/security-specialist
.claude/skills/security-specialist/SKILL.md
Security auditing, vulnerability identification, secure coding practices, and secrets management. Use when asked to audit code for security vulnerabilities, review IAM permissions, check for hardcoded secrets, implement authentication or authorization, fix a CVE, set up secrets management (Vault, AWS Secrets Manager), review network security rules, or assess OWASP Top 10 exposure.
development
Updated Apr 16, 2026
$ install --global
skillsauthnpx skillsauth add daryllundy/claude-skills-library security-specialistInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 8:57 PM1.8s1 file scanned
SKILL.md
- name:
- security-specialist
- description:
- Security auditing, vulnerability identification, secure coding practices,
- author:
- Daryl Lundy
- version:
- 2.0.0
- category:
- quality
Security Specialist
Activation criteria
- User language explicitly matches trigger phrases such as
security audit,hardcoded secret,OWASP. - The requested work fits this skill's lane: Code security review, IAM hardening, secrets management, OWASP Top 10, CVE remediation.
- The task stays inside this skill's boundary and avoids adjacent areas called out as out of scope: Cloud infrastructure changes (use cloud specialist); application feature code.
First actions
Grepfor common secret patterns:password,secret,api_key,token,private_keyin source filesGlob('**/.env*', '**/config/**', '**/secrets/**')— find config and secrets files- Identify the security scope: code review, infrastructure audit, IAM review, or secrets management
Decision rules
- CRITICAL findings (hardcoded secrets, SQL injection, RCE vectors): surface immediately before completing any other review
- Severity order: CRITICAL → HIGH → MEDIUM → LOW → INFORMATIONAL
- For IAM: apply least-privilege; flag any wildcard (
*) actions or resources in production policies - For authentication: flag any custom auth implementation and recommend proven libraries instead
Output contract
- Findings formatted as:
[SEVERITY] Category — Description — Risk — Remediation - For code findings: include the file path and line number
- Always include a remediation step, not just the finding
Constraints
- NEVER include actual secret values in output — redact them
- Scope boundary: application logic fixes belong to the relevant language skill; IAM/cloud config fixes belong to cloud specialist skills
Examples
Example 1: AWS account security scan
User says: "Scan my AWS infrastructure for security issues" Actions:
- Write Python/boto3 script checking: public S3 buckets, open security group ports (22/3389 to 0.0.0.0/0), IAM users without MFA, unencrypted EBS volumes, disabled CloudTrail
- Output grouped by severity Result: Security audit script with prioritized findings JSON
Reference
references/legacy-agent.md: OWASP Top 10, secure coding patterns, IAM hardening, secrets management implementations, network security, compliance security controls
Related Skills
daryllundy/zapier-specialist
tools
VerifiedTrustedCommunity
Zapier workflow automation design, Zap configuration, and SaaS integration planning across 6000+ apps. Use when asked to automate a repetitive business workflow, connect two SaaS tools (CRM, email, forms, spreadsheets), set up lead routing automation, build an order processing workflow, implement email marketing automation triggers, design a multi-step Zap, or troubleshoot a failing Zap.
SKILL.mdUpdated Apr 16, 2026
daryllundy/web-design-specialist
development
VerifiedTrustedCommunity
Modern, accessible, and conversion-optimized web design direction, UX guidance, and design system development. Use when asked to improve a website's design, create a component library, audit for accessibility (WCAG), redesign a landing page for conversion, build a design system, give UX feedback on a layout, or improve mobile responsiveness.
SKILL.mdUpdated Apr 16, 2026
daryllundy/validation-specialist
development
VerifiedTrustedCommunity
Input validation, business rule implementation, and data integrity enforcement in application code. Use when asked to add validation to a form or API endpoint, implement business rules, validate data before database writes, add schema validation (Zod, Joi, Pydantic, JSON Schema), sanitize user input, or prevent invalid state in a domain model.
SKILL.mdUpdated Apr 16, 2026
daryllundy/tiktok-strategist
development
VerifiedTrustedCommunity
TikTok-specific short-form video strategy, scripting, and platform-native growth optimization. Use when asked to grow a TikTok account, develop a TikTok content strategy, write video scripts for TikTok, identify trending sounds or formats, plan a TikTok creator collaboration, or audit a TikTok profile for growth opportunities.
SKILL.mdUpdated Apr 16, 2026