fatih-developer/ecosystem-security

Security Ecosystem

This ecosystem ensures the security of the Agent Platform and all skills within it across three layers: pre-deployment audit, runtime protection, and continuous adaptive defense. Two core skills complement each other — one audits the skills, the other inspects the messages.

---

Ecosystem Map

PRE-DEPLOYMENT         RUNTIME               LEARNING
──────────────         ─────────────         ──────────
security-auditor    →    adaptive-guard   →    Rule engine
  │                      │                    update
  │ Audit                │ K0-K4               │
  │ Trust Score          │ Gradual filter      │ async
  │ Guard rules          │ LLM Judge           │
  ▼                      ▼                    ▼
security-report.md   guard-decision.json   learned-rules.md
trust-score.md       incident-report.md    guard-metrics.md

---

Skill Catalog

🔍 security-auditor

What it does: Statically analyzes a SKILL.md file, detects security vulnerabilities, assigns a trust score, and generates runtime guard rules. Modes: Audit (static analysis) · Trust (authorization mapping) · Guard rule generation Input: A SKILL.md file or the entire ecosystem directory Output: security-report.md · trust-score.md · runtime-violations.md Triggers: When a new skill is written, updated, or prior to production deployment Next skill: adaptive-guard (receives the generated guard rules) Dependency: None — starting point

---

🛡️ adaptive-guard

What it does: Passes every incoming message through a 5-tier filter. Gradually deepens from K0 (cache) to K4 (human approval). Synthesizes generalized new rules from every detected attack. Adds less than 50ms latency to the main workflow. Modes: Realtime Guard · Learning Engine · Performance Monitoring Input: Incoming message + user profile + active rule set Output: guard-decision.json · learned-rules.md · guard-metrics.md Triggers: On every incoming message (automatic) · On attack detection Dependency: Guard rules generated by security-auditor (optional, operates with default rules if absent)

---

Skill Relationship Matrix

| | security-auditor | adaptive-guard | |--|---------------|----------------| | security-auditor | — | Feeds Guard rules | | adaptive-guard | Sends rule updates | — |

Data Flow:

security-auditor audit output
  → trust-score.md (used by adaptive-guard as trust threshold)
  → security-report.md (added to adaptive-guard K1 rules)

adaptive-guard attack detection
  → incident-report.md (appended to security-auditor's next audit)
  → learned-rules.md (feedback loop to K1 static rules)

---

Supported Platforms

| Platform | security-auditor | adaptive-guard | |----------|---------------|----------------| | Claude Code / claude.ai | ✅ Full | ✅ Full | | Telegram Agent | ✅ Audit | ✅ K0-K3 | | WhatsApp Agent | ✅ Audit | ✅ K0-K3 | | CI/CD Pipeline | ✅ Audit | ⚠️ K0-K1 (speed-focused) | | Local Dev | ✅ Full | ✅ K0-K2 (ML optional) |

---

Ecosystem Trigger Conditions

/security-ecosystem          → Full ecosystem
@ecosystem-security          → Triggers the orchestrator

Automatic triggers:
  When a new skill is added  → security-auditor (Audit + Trust)
  When a message arrives     → adaptive-guard (always)
  When a skill is updated    → security-auditor (re-audit)
  When an attack is detected → Both (incident + rule update)

---

Ecosystem Metadata

start_point: security-auditor
runtime_skill: adaptive-guard
always_active: [adaptive-guard]
pre_deploy_mandatory: [security-auditor]
can_run_parallel: false      # dependent on each other, sequential
security_level: critical
performance_impact: low      # 50ms target

---

Expansion Roadmap

Skills to be added:

| Skill | Priority | Status | |-------|---------|-------| | skill-integrity-checker | High | Planned | | content-sanitizer | High | Planned | | tool-call-auditor | Medium | Planned | | behavioral-baseline | Medium | Research | | chain-shadow-detector | Low | Research |