qte77/securing-mas
plugins/mas-design/skills/securing-mas/SKILL.md
Apply OWASP MAESTRO, MITRE ATLAS, NIST AI RMF, and ISO 42001/23894 security frameworks to MAS designs
$ install --global
skillsauthnpx skillsauth add qte77/claude-code-plugins securing-masInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 18, 2026, 2:50 AM60.5s7 files scanned
SKILL.md
- name:
- securing-mas
- description:
- Apply OWASP MAESTRO, MITRE ATLAS, NIST AI RMF, and ISO 42001/23894 security frameworks to MAS designs
- compatibility:
- Designed for Claude Code
- allowed-tools:
- Read, Grep, Glob, WebSearch, WebFetch
- argument-hint:
- [component-or-feature]
- stability:
- stable
- content-hash:
- sha256:94039e17e94bb06a07cb298b68d4b5a02f3ef882ad08837656d1a82d3e0ad8b2
- last-verified-cc-version:
- 1.0.34
Securing Multi-Agent Systems
Target: $ARGUMENTS
When to Use
Trigger this skill when:
- Conducting security reviews of agent systems
- Threat modeling for multi-agent architectures
- Reviewing plugin implementations for security
- Designing security controls for pipelines
Framework Stack
MITRE ATLAS (attack taxonomy — what adversaries do)
| informs threat identification
v
OWASP MAESTRO (threat model — what to defend against in MAS)
| maps threats to controls
v
NIST AI RMF (risk framework — how to govern/map/measure/manage)
| operationalized by
v
ISO 42001 + 23894 (certifiable management system + risk methodology)
Use all four layers together: ATLAS enumerates attack vectors, MAESTRO maps them to MAS-specific controls, NIST AI RMF structures governance, and ISO provides the certifiable management system.
Workflow
-
Review the framework stack —
references/mas-security.mdfor the conceptual overview of MAESTRO, ATLAS, NIST AI RMF, and ISO 42001/23894 layers working together. -
Apply the 7-layer security check — for each new component, walk through every MAESTRO layer. See
references/maestro-7-layer-checklist.mdfor the actionable per-layer checklist (Model → Orchestration). -
Run the plugin security checklist — before marking an implementation complete, verify input validation, output safety, resource management, observability, and external dependencies. See
references/plugin-security-checklist.md. -
Document threats in the cross-framework matrix — for each feature, map concerns to ATLAS techniques, MAESTRO layers, NIST functions, and ISO controls. Start from
references/threat-matrix-template.mdand add feature-specific rows. -
Avoid common vulnerability patterns — consult
references/common-vulnerabilities.mdfor vulnerable/secure code examples: prompt injection (L1), type confusion (L2), resource exhaustion (L5), secret leakage (L6). -
Test security controls explicitly — write tests that exercise each MAESTRO layer's controls. See
references/security-testing-patterns.mdfor pytest examples (input validation, timeout enforcement, error message safety).
Further Reading
- OWASP MAESTRO v1.0
- OWASP Top 10 for LLMs
- MITRE ATLAS
- NIST AI RMF 1.0 (AI 100-1)
- NIST AI 600-1 Generative AI Profile
- ISO/IEC 42001:2023
- ISO/IEC 23894:2023
- 12-Factor Agents
Related Skills
qte77/writing-readme
documentation
VerifiedTrustedCommunity
Generate or update README.md files across three scopes — repo (with project-type detection), account (GitHub user profile), and org (organization profile). Use when creating, updating, or aligning a README to org conventions.
1SKILL.mdUpdated Apr 19, 2026
qte77/auditing-readme
development
VerifiedTrustedCommunity
Audit README.md files against best practices for repos, accounts, or orgs. Detects missing sections, stale links, inconsistent formatting, and convention violations. Use when reviewing README quality across one or many repos.
1SKILL.mdUpdated Apr 19, 2026
qte77/researching-website-design
development
VerifiedTrustedCommunity
Analyzes industry websites for design patterns, layout, typography, and content strategies using first-principles thinking. Use when researching website design, UI patterns, or competitive design analysis.
1SKILL.mdUpdated Apr 18, 2026
qte77/auditing-website-usability
development
VerifiedTrustedCommunity
Audits website usability for UX optimization, covering forms, navigation, validation, and microcopy. Use when reviewing user experience, task completion flows, or interface friction points.
1SKILL.mdUpdated Apr 18, 2026