ryderfreeman4logos/csa-security
dev/skills/csa-security/SKILL.md
Adversarial security analysis expertise for identifying vulnerabilities before attackers do
$ install --global
skillsauthnpx skillsauth add ryderfreeman4logos/cli-sub-agent csa-securityInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 15, 2026, 7:00 AM5.3s1 file scanned
SKILL.md
- name:
- csa-security
- description:
- Adversarial security analysis expertise for identifying vulnerabilities before attackers do
- allowed-tools:
- Bash, Read, Grep, Glob
Security Audit & Code Review
Adversarial security analysis expertise for identifying vulnerabilities before attackers do.
Core Principle: Assume All Input Is Malicious
For every code path:
- If I were an attacker, how would I exploit this?
- Can I exhaust system resources (memory/CPU/disk/connections)?
- Can I bypass business logic constraints?
Security Review Dimensions
| Dimension | Checks |
|-----------|--------|
| Panic/DoS | unwrap(), array bounds, division by zero, stack overflow, integer overflow |
| Resource Exhaustion | Unbounded loops, unlimited memory allocation, connection pool depletion |
| Race Conditions | TOCTOU, double-spend attacks, non-atomic operations, concurrent access bugs |
| Injection Attacks | SQL injection, command injection, XSS, path traversal, deserialization |
| Auth/Authz | Permission bypass, session fixation, credential leakage, privilege escalation |
| Cryptography | Weak randomness, timing attacks, plaintext storage, hardcoded secrets |
| Business Logic | Negative amounts, integer overflow, state machine bypass, double-processing |
Domain-Specific Checklists
Financial/Payment Systems
- [ ] Use fixed-point (NOT floating-point) for amounts
- [ ] All operations use database transactions
- [ ] Idempotency design (prevent replay attacks)
- [ ] Balance check and deduction atomic execution
- [ ] Decimal precision matches business rules
User Input Processing
- [ ] Input length limits enforced
- [ ] Character set whitelist (reject unexpected chars)
- [ ] Parameterized queries (prevent SQL injection)
- [ ] Output encoding (prevent XSS)
- [ ] Path canonicalization (prevent traversal)
Async/Concurrency
- [ ] No data races
- [ ] Deadlock risks documented and eliminated
- [ ] Memory ordering correct (Acquire/Release/SeqCst)
- [ ] Cancellation safety verified
Report Format
# Security Review: {Module Name}
**Risk Level**: [Critical / High / Medium / Low]
## Findings
### [Critical] SEC-001: {Title}
**Location**: `path/to/file.rs:123`
**Type**: {Panic DoS / Resource Exhaustion / Race Condition / ...}
**Description**: {Detailed vulnerability description}
**Suggested Fix**: {Code example}
## Priority Action Plan
1. **Immediate**: Critical/High issues
2. **Short-term**: Medium issues
3. **Long-term**: Low issues
Key Rules
FORBIDDEN PATTERNS:
- Direct integer arithmetic for financial amounts
unwrap()orexpect()on untrusted input- Unbounded allocations
- No validation of external input
- Hardcoded secrets or sensitive data in logs
REQUIRED PATTERNS:
- Checked arithmetic (
.checked_add(),.checked_mul()) .get()instead of[]for collections- Input size/type validation at boundaries
- Constant-time comparison for secrets
- Resource limits on memory/CPU/connections
Related Skills
ryderfreeman4logos/cli-sub-agent
tools
VerifiedTrustedCommunity
--- name = "csa-setup" version = "0.1.0" description = "Install CSA, Weave, and coding workflow patterns for AI agent bots" homepage = "https://github.com/RyderFreeman4Logos/cli-sub-agent" target = "agent-bots" --- # CSA Setup > Installation guide for AI agent bots (openclaw, Moltis, etc.) to set up > CSA and Weave with optional coding workflow patterns. ## Skill Files | File | Description | |------|-------------| | **skill.md** (this file) | Installation and setup guide | | **skills/AGENTS.
12SKILL.mdUpdated Apr 15, 2026
ryderfreeman4logos/mktsk
testing
VerifiedTrustedCommunity
Use when: converting TODO plan or open GitHub issues into deterministic execution checklist
12SKILL.mdUpdated Apr 15, 2026
ryderfreeman4logos/dev2merge
development
VerifiedTrustedCommunity
Use when: full dev cycle branch->plan->implement->review->PR->merge
12SKILL.mdUpdated Apr 15, 2026
ryderfreeman4logos/csa-review
development
VerifiedTrustedCommunity
Use when: running CSA-driven code review, independent model selection
12SKILL.mdUpdated Apr 15, 2026