qte77/securing-mas
plugins/mas-design/skills/securing-mas/SKILL.md
Apply OWASP MAESTRO, MITRE ATLAS, NIST AI RMF, and ISO 42001/23894 security frameworks to MAS designs
$ install --global
skillsauthnpx skillsauth add qte77/claude-code-utils-plugin securing-masInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 18, 2026, 2:50 AM60.5s7 files scanned
SKILL.md
- name:
- securing-mas
- description:
- Apply OWASP MAESTRO, MITRE ATLAS, NIST AI RMF, and ISO 42001/23894 security frameworks to MAS designs
- compatibility:
- Designed for Claude Code
- allowed-tools:
- Read, Grep, Glob, WebSearch, WebFetch
- argument-hint:
- [component-or-feature]
- stability:
- stable
- content-hash:
- sha256:94039e17e94bb06a07cb298b68d4b5a02f3ef882ad08837656d1a82d3e0ad8b2
- last-verified-cc-version:
- 1.0.34
Securing Multi-Agent Systems
Target: $ARGUMENTS
When to Use
Trigger this skill when:
- Conducting security reviews of agent systems
- Threat modeling for multi-agent architectures
- Reviewing plugin implementations for security
- Designing security controls for pipelines
Framework Stack
MITRE ATLAS (attack taxonomy — what adversaries do)
| informs threat identification
v
OWASP MAESTRO (threat model — what to defend against in MAS)
| maps threats to controls
v
NIST AI RMF (risk framework — how to govern/map/measure/manage)
| operationalized by
v
ISO 42001 + 23894 (certifiable management system + risk methodology)
Use all four layers together: ATLAS enumerates attack vectors, MAESTRO maps them to MAS-specific controls, NIST AI RMF structures governance, and ISO provides the certifiable management system.
Workflow
-
Review the framework stack —
references/mas-security.mdfor the conceptual overview of MAESTRO, ATLAS, NIST AI RMF, and ISO 42001/23894 layers working together. -
Apply the 7-layer security check — for each new component, walk through every MAESTRO layer. See
references/maestro-7-layer-checklist.mdfor the actionable per-layer checklist (Model → Orchestration). -
Run the plugin security checklist — before marking an implementation complete, verify input validation, output safety, resource management, observability, and external dependencies. See
references/plugin-security-checklist.md. -
Document threats in the cross-framework matrix — for each feature, map concerns to ATLAS techniques, MAESTRO layers, NIST functions, and ISO controls. Start from
references/threat-matrix-template.mdand add feature-specific rows. -
Avoid common vulnerability patterns — consult
references/common-vulnerabilities.mdfor vulnerable/secure code examples: prompt injection (L1), type confusion (L2), resource exhaustion (L5), secret leakage (L6). -
Test security controls explicitly — write tests that exercise each MAESTRO layer's controls. See
references/security-testing-patterns.mdfor pytest examples (input validation, timeout enforcement, error message safety).
Further Reading
- OWASP MAESTRO v1.0
- OWASP Top 10 for LLMs
- MITRE ATLAS
- NIST AI RMF 1.0 (AI 100-1)
- NIST AI 600-1 Generative AI Profile
- ISO/IEC 42001:2023
- ISO/IEC 23894:2023
- 12-Factor Agents
Related Skills
qte77/researching-website-design
development
VerifiedTrustedCommunity
Analyzes industry websites for design patterns, layout, typography, and content strategies using first-principles thinking. Use when researching website design, UI patterns, or competitive design analysis.
1SKILL.mdUpdated Apr 19, 2026
qte77/auditing-website-usability
development
VerifiedTrustedCommunity
Audits website usability for UX optimization, covering forms, navigation, validation, and microcopy. Use when reviewing user experience, task completion flows, or interface friction points.
1SKILL.mdUpdated Apr 19, 2026
qte77/auditing-website-accessibility
development
VerifiedTrustedCommunity
Audits website accessibility for WCAG 2.1 AA compliance, generating findings and code fixes. Use when reviewing accessibility, keyboard navigation, screen reader compatibility, or inclusive design.
1SKILL.mdUpdated Apr 19, 2026
qte77/testing-typescript
development
VerifiedTrustedCommunity
Writes tests following TDD (using vitest and @testing-library/react) best practices. Use when writing unit tests, integration tests, or component tests in TypeScript.
1SKILL.mdUpdated Apr 19, 2026