rand/discover-security
skills/discover-security/SKILL.md
Automatically discover security skills when working with authentication, authorization, input validation, security headers, vulnerability assessment, or secrets management. Activates for application security, OWASP, and security hardening tasks.
$ install --global
skillsauthnpx skillsauth add rand/cc-polymath discover-securityInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 11, 2026, 8:35 PM9.8s1 file scanned
SKILL.md
- name:
- discover-security
- description:
- Automatically discover security skills when working with authentication, authorization, input validation, security headers, vulnerability assessment, or secrets management. Activates for application security, OWASP, and security hardening tasks.
- license:
- MIT
- author:
- rand
- version:
- 4.0
- compatibility:
- Designed for Claude Code. Compatible with any agent supporting the Agent Skills format.
Security Skills Discovery
Provides automatic access to comprehensive application security, vulnerability assessment, and security best practices skills.
When This Skill Activates
This skill auto-activates when you're working with:
- Authentication and authorization systems
- Input validation and sanitization
- Security headers (CSP, HSTS, CORS)
- Vulnerability scanning and penetration testing
- OWASP Top 10 vulnerabilities
- Secrets management (Vault, AWS Secrets Manager)
- SQL injection, XSS, or other attack prevention
- Security hardening and compliance
- Password hashing and credential management
- API security and access control
Available Skills
Quick Reference
The Security category contains 6 specialized skills:
- authentication - Authentication patterns (JWT, OAuth2, sessions, MFA, password security)
- authorization - Access control (RBAC, ABAC, policy engines, permissions)
- input-validation - Input validation and sanitization (SQL injection, XSS, command injection)
- security-headers - HTTP security headers (CSP, HSTS, X-Frame-Options, CORS)
- vulnerability-assessment - Security testing (OWASP Top 10, scanning tools, pentesting)
- secrets-management - Secrets handling (Vault, AWS Secrets Manager, key rotation)
Load Full Category Details
For complete descriptions and workflows:
Read ../security/INDEX.md
This loads the full Security category index with:
- Detailed skill descriptions
- Usage triggers for each skill
- Common workflow combinations
- Cross-references to related skills
Load Specific Skills
Load individual skills as needed:
Identity and access
Read ../security/authentication.md Read ../security/authorization.md
Input security
Read ../security/input-validation.md Read ../security/security-headers.md
Security operations
Read ../security/vulnerability-assessment.md Read ../security/secrets-management.md
Common Workflows
Secure Web Application
Sequence: Authentication → Authorization → Input validation → Security headers
Read ../security/authentication.md # User login Read ../security/authorization.md # Access control Read ../security/input-validation.md # XSS/SQL injection prevention Read ../security/security-headers.md # Browser protection
Security Audit
Sequence: Vulnerability assessment → Input validation → Headers → Secrets
Read ../security/vulnerability-assessment.md # OWASP Top 10 testing Read ../security/input-validation.md # Injection testing Read ../security/security-headers.md # Header configuration Read ../security/secrets-management.md # Credential security
API Security
Sequence: Authentication → Authorization → Input validation → Secrets
Read ../security/authentication.md # JWT/OAuth2 Read ../security/authorization.md # API access control Read ../security/input-validation.md # Request validation Read ../security/secrets-management.md # API key management
DevSecOps Pipeline
Sequence: Vulnerability assessment → Secrets → Input validation
Read ../security/vulnerability-assessment.md # Security scanning Read ../security/secrets-management.md # CI/CD secrets Read ../security/input-validation.md # SAST validation
Secure New Application
Full security implementation from scratch:
1. Identity and access
Read ../security/authentication.md Read ../security/authorization.md
2. Input protection
Read ../security/input-validation.md Read ../security/security-headers.md
3. Operations
Read ../security/secrets-management.md Read ../security/vulnerability-assessment.md
Skill Selection Guide
Choose Authentication when:
- Implementing user login systems
- Working with JWT, OAuth2, or sessions
- Adding multi-factor authentication
- Managing passwords and credentials
Choose Authorization when:
- Implementing access control
- Building role-based permissions (RBAC)
- Working with policy engines (OPA, Casbin)
- Preventing privilege escalation
Choose Input Validation when:
- Processing user input
- Preventing SQL injection
- Protecting against XSS attacks
- Validating file uploads
- Preventing command injection
Choose Security Headers when:
- Configuring Content Security Policy (CSP)
- Implementing HTTPS enforcement (HSTS)
- Setting up CORS for APIs
- Preventing clickjacking
- Hardening web applications
Choose Vulnerability Assessment when:
- Testing for OWASP Top 10
- Running security scans (SAST/DAST)
- Performing penetration tests
- Auditing application security
- Setting up security CI/CD
Choose Secrets Management when:
- Storing API keys or credentials
- Integrating with HashiCorp Vault
- Using AWS Secrets Manager or GCP Secret Manager
- Rotating encryption keys
- Managing CI/CD secrets
Integration with Other Skills
Security skills commonly combine with:
API skills (discover-api):
- API authentication and authorization
- API input validation
- API rate limiting (abuse prevention)
- Securing REST and GraphQL endpoints
Database skills (discover-database):
- SQL injection prevention
- Database connection security
- Credential management
- Row-level security
Frontend skills (discover-frontend):
- XSS prevention in React/Vue
- Content Security Policy
- Secure cookie handling
- Client-side validation
Infrastructure skills (discover-infrastructure, discover-cloud):
- Secrets management in deployments
- Network security
- Container security scanning
- TLS/SSL configuration
Testing skills (discover-testing):
- Security integration tests
- Penetration testing
- Automated security scans
- Vulnerability regression tests
Usage Instructions
- Auto-activation: This skill loads automatically when Claude Code detects security-related work
- Browse skills: Run
Read ../security/INDEX.mdfor full category overview - Load specific skills: Use bash commands above to load individual skills
- Follow workflows: Use recommended sequences for common security patterns
- Combine skills: Load multiple skills for comprehensive security coverage
Progressive Loading
This gateway skill (~200 lines, ~2K tokens) enables progressive loading:
- Level 1: Gateway loads automatically (you're here now)
- Level 2: Load category INDEX.md (~3K tokens) for full overview
- Level 3: Load specific skills (~2-4K tokens each) as needed
Total context: 2K + 3K + skill(s) = 5-12K tokens vs 30K+ for entire index.
Quick Start Examples
"Implement user authentication": Read ../security/authentication.md
"Add role-based access control": Read ../security/authorization.md
"Prevent SQL injection": Read ../security/input-validation.md
"Configure Content Security Policy": Read ../security/security-headers.md
"Test for OWASP vulnerabilities": Read ../security/vulnerability-assessment.md
"Integrate HashiCorp Vault": Read ../security/secrets-management.md
"Secure API with JWT": Read ../security/authentication.md Read ../security/authorization.md
Next Steps: Run Read ../security/INDEX.md to see full category details, or load specific skills using the bash commands above.
Related Skills
rand/typed-holes-refactor
development
VerifiedTrustedCommunity
Refactor codebases using Design by Typed Holes methodology - iterative, test-driven refactoring with formal hole resolution, constraint propagation, and continuous validation. Use when refactoring existing code, optimizing architecture, or consolidating technical debt through systematic hole-driven development.
92SKILL.mdUpdated Apr 11, 2026
rand/elegant-design
development
VerifiedTrustedCommunity
Create world-class, accessible, responsive interfaces with sophisticated interactive elements including chat, terminals, code display, and streaming content. Use when building user interfaces that need professional polish and developer-focused features.
92SKILL.mdUpdated Apr 11, 2026
rand/discover-zig
development
VerifiedTrustedCommunity
Automatically discover Zig programming skills when working with Zig, comptime, allocators, build.zig, safety, C interop, memory management, or systems programming. Activates for Zig development tasks.
92SKILL.mdUpdated Apr 11, 2026
rand/discover-wasm
development
VerifiedTrustedCommunity
Automatically discover WebAssembly skills when working with WebAssembly, WASM, WASI, wasm-bindgen, Rust to WASM, wasm-pack, or browser runtime. Activates for WASM development tasks.
92SKILL.mdUpdated Apr 11, 2026