gonzalezpazmonica/adversarial-security
.claude/skills/adversarial-security/SKILL.md
Pipeline de seguridad adversarial — Red Team, Blue Team, Auditor con scoring
$ install --global
skillsauthnpx skillsauth add gonzalezpazmonica/pm-workspace adversarial-securityInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 8:50 PM1.8s1 file scanned
SKILL.md
- name:
- adversarial-security
- description:
- Pipeline de seguridad adversarial — Red Team, Blue Team, Auditor con scoring
- summary:
- |
- Output:
- informe con score 0-100 y recomendaciones.
- maturity:
- stable
- context:
- fork
- context_cost:
- medium
- agent:
- security-attacker
- category:
- governance
- tags:
- ["security", "adversarial", "red-team", "blue-team"]
- priority:
- high
Adversarial Security Skill
§1 Vulnerability Scoring
CVSS simplificado para proyectos internos:
| Factor | Peso | Valores | |--------|------|---------| | Attack Vector | 0.3 | Network (1.0), Adjacent (0.7), Local (0.5), Physical (0.2) | | Complexity | 0.2 | Low (1.0), High (0.5) | | Privileges | 0.2 | None (1.0), Low (0.6), High (0.3) | | Impact | 0.3 | High (1.0), Medium (0.6), Low (0.3) |
score = sum(factor × peso) × 10 → escala 0-10
§2 STRIDE Mapping
| Categoría | Pregunta clave | Controles típicos | |-----------|---------------|-------------------| | Spoofing | ¿Puedo suplantar a otro? | Auth, MFA, tokens | | Tampering | ¿Puedo modificar datos? | Integridad, signing, HMAC | | Repudiation | ¿Puedo negar una acción? | Audit logs, timestamps | | Info Disclosure | ¿Puedo acceder a datos? | Encryption, access control | | DoS | ¿Puedo tumbar el servicio? | Rate limiting, WAF | | Elevation | ¿Puedo escalar privilegios? | RBAC, least privilege |
§3 OWASP Top 10 Checklist
- Broken Access Control
- Cryptographic Failures
- Injection
- Insecure Design
- Security Misconfiguration
- Vulnerable Components
- Auth Failures
- Software/Data Integrity Failures
- Logging Failures
- SSRF
§4 Dependency Audit
# npm: audit de dependencias
npm audit --json 2>/dev/null | jq '.vulnerabilities | length'
# pip: safety check
pip-audit --format=json 2>/dev/null
# dotnet: audit
dotnet list package --vulnerable --format json 2>/dev/null
§5 Security Score Formula
score = 100 - (critical×25 + high×10 + medium×3 + low×1) Cada fix verificado recupera los puntos. Floor: 0.
Related Skills
gonzalezpazmonica/skill-creator
testing
VerifiedTrustedCommunity
Create new skills, modify and improve existing skills, and measure skill performance. Use when users want to create a skill from scratch, edit, or optimize an existing skill, run evals to test a skill, benchmark skill performance with variance analysis, or optimize a skill's description for better triggering accuracy.
40SKILL.mdUpdated May 24, 2026
gonzalezpazmonica/mcp-builder
tools
VerifiedTrustedCommunity
Guide for creating high-quality MCP (Model Context Protocol) servers that enable LLMs to interact with external services through well-designed tools. Use when building MCP servers to integrate external APIs or services, whether in Python (FastMCP) or Node/TypeScript (MCP SDK).
40SKILL.mdUpdated May 24, 2026
gonzalezpazmonica/wellbeing-guardian
tools
VerifiedTrustedCommunity
Sistema proactivo de bienestar individual
33SKILL.mdUpdated Apr 17, 2026
gonzalezpazmonica/web-research
development
VerifiedTrustedCommunity
Search the web to resolve context gaps — documentation, versions, CVEs, best practices. Auto-starts SearxNG Docker if available, falls back to WebSearch.
33SKILL.mdUpdated Apr 17, 2026