Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

suportebahia/Equipe SBahia - Security Specialist

Name: Equipe SBahia - Security Specialist
Author: suportebahia

.internal-skills/security-specialist/SKILL.md

npx skillsauth add suportebahia/equipe-devs Equipe SBahia - Security Specialist

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Security Specialist - Equipe SBahia

Responsabilidades

Autenticação

JWT, OAuth 2.0, OpenID Connect
MFA/2FA
Session management
Password hashing (bcrypt, argon2)
Credential stuffing protection

Autorização

RBAC (Role-Based Access Control)
ABAC (Attribute-Based)
Permissions granulares
Resource ownership
Principle of least privilege

Vulnerabilidades

OWASP Top 10 prevention
Input validation
XSS, CSRF, SQL Injection
Rate limiting
API security

Compliance

LGPD/GDPR
Data encryption at rest/transit
Audit logs
Data retention

Competências Técnicas

Autenticação JWT

// Access + Refresh Token
const generateTokens = (user) => {
  const accessToken = jwt.sign(
    { userId: user.id, roles: user.roles },
    process.env.JWT_SECRET,
    { expiresIn: '15m' }
  );
  
  const refreshToken = jwt.sign(
    { userId: user.id, type: 'refresh' },
    process.env.REFRESH_SECRET,
    { expiresIn: '7d' }
  );
  
  return { accessToken, refreshToken };
};

// Password Hashing
const hashPassword = async (password) => {
  return bcrypt.hash(password, 12); // Cost factor 12
};

const verifyPassword = async (password, hash) => {
  return bcrypt.compare(password, hash);
};

Autorização RBAC

// Middleware de autorização
const authorize = (...allowedRoles) => {
  return (req, res, next) => {
    if (!req.user) {
      return res.status(401).json({ error: 'Unauthorized' });
    }
    
    if (!allowedRoles.includes(req.user.role)) {
      return res.status(403).json({ error: 'Forbidden' });
    }
    
    next();
  };
};

// Uso nas rotas
router.post('/admin/users', 
  authenticate, 
  authorize('admin'), 
  createUser
);

Protección OWASP

// 1. SQL Injection - Use parameterized queries
// BAD
db.query(`SELECT * FROM users WHERE id = ${userId}`);
// GOOD
db.query('SELECT * FROM users WHERE id = $1', [userId]);

// 2. XSS - Escape output
import DOMPurify from 'isomorphic-dompurify';
const safeContent = DOMPurify.sanitize(userInput);

// 3. CSRF - CSRF tokens
const csrfToken = req.csrfToken();
res.cookie('CSRF-TOKEN', csrfToken);

// 4. Rate Limiting
import rateLimit from 'express-rate-limit';
const limiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 100, // limit each IP to 100 requests per windowMs
  message: 'Too many requests'
});

Criptografia

// Encryption at rest (AES-256)
import crypto from 'crypto';

const encrypt = (text, key) => {
  const iv = crypto.randomBytes(16);
  const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
  
  let encrypted = cipher.update(text, 'utf8', 'hex');
  encrypted += cipher.final('hex');
  
  const authTag = cipher.getAuthTag();
  
  return { iv: iv.toString('hex'), encrypted, authTag: authTag.toString('hex') };
};

// Hash de dados sensíveis (LGPD)
const hashSensitive = (data) => {
  return crypto.createHash('sha256').update(data).digest('hex');
};

Security Checklist

Autenticação

[ ] Passwords hasheadas com bcrypt/argon2
[ ] Tokens com expiração curta (access) + refresh
[ ] MFA disponível
[ ] Password policy (mínimo 8 chars, maiúsculas, números)
[ ] Rate limiting em login

Autorização

[ ] RBAC implementado
[ ] Verificação de ownership em recursos
[ ] Privilégio mínimo
[ ] Audit logs de ações sensíveis

Input/Output

[ ] Input validation (schema validation)
[ ] Output encoding
[ ] SQL parameterized queries
[ ] File upload validation

Infraestrutura

[ ] HTTPS/TLS
[ ] Secrets em vault (.env nunca no git)
[ ] Headers de segurança (CSP, HSTS, X-Frame-Options)
[ ] WAF em produção

Headers de Segurança

// Helmet.js
import helmet from 'helmet';

app.use(helmet());
app.use(helmet.contentSecurityPolicy({
  directives: {
    defaultSrc: ["'self'"],
    scriptSrc: ["'self'", "'unsafe-inline'"],
    styleSrc: ["'self'", "'unsafe-inline'"],
    imgSrc: ["'self'", "data:", "https:"],
  }
}));

// CORS
app.use(cors({
  origin: ['https://app.example.com'],
  credentials: true,
}));

OWASP Top 10 (2021)

Broken Access Control
Cryptographic Failures
Injection
Insecure Design
Security Misconfiguration
Vulnerable Components
Auth Failures
Data Integrity Failures
Logging Failures
SSRF

Ferramentas

| Tipo | Ferramenta | |------|------------| | SAST | SonarQube, Snyk, CodeQL | | DAST | OWASP ZAP, Burp Suite | | Secrets | HashiCorp Vault, AWS Secrets Manager | | MFA | Authy, Google Authenticator | | WAF | CloudFlare, AWS WAF |

suportebahia/Equipe SBahia - Security Specialist

.internal-skills/security-specialist/SKILL.md

Especialista em Segurança de Aplicações. Use para: - Implementar autenticação e autorização - Proteger contra vulnerabilidades (OWASP Top 10) - Security code review - Criptografia e gestão de secrets - Compliance (LGPD, GDPR)

development

Updated Apr 15, 2026

$ install --global

skillsauth

npx skillsauth add suportebahia/equipe-devs Equipe SBahia - Security Specialist

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 15, 2026, 4:00 AM5.2s1 file scanned

SKILL.md

name:: Equipe SBahia - Security Specialist
description:: |

Security Specialist - Equipe SBahia

Responsabilidades

Autenticação

JWT, OAuth 2.0, OpenID Connect
MFA/2FA
Session management
Password hashing (bcrypt, argon2)
Credential stuffing protection

Autorização

RBAC (Role-Based Access Control)
ABAC (Attribute-Based)
Permissions granulares
Resource ownership
Principle of least privilege

Vulnerabilidades

OWASP Top 10 prevention
Input validation
XSS, CSRF, SQL Injection
Rate limiting
API security

Compliance

LGPD/GDPR
Data encryption at rest/transit
Audit logs
Data retention

Competências Técnicas

Autenticação JWT

// Access + Refresh Token
const generateTokens = (user) => {
  const accessToken = jwt.sign(
    { userId: user.id, roles: user.roles },
    process.env.JWT_SECRET,
    { expiresIn: '15m' }
  );
  
  const refreshToken = jwt.sign(
    { userId: user.id, type: 'refresh' },
    process.env.REFRESH_SECRET,
    { expiresIn: '7d' }
  );
  
  return { accessToken, refreshToken };
};

// Password Hashing
const hashPassword = async (password) => {
  return bcrypt.hash(password, 12); // Cost factor 12
};

const verifyPassword = async (password, hash) => {
  return bcrypt.compare(password, hash);
};

Autorização RBAC

// Middleware de autorização
const authorize = (...allowedRoles) => {
  return (req, res, next) => {
    if (!req.user) {
      return res.status(401).json({ error: 'Unauthorized' });
    }
    
    if (!allowedRoles.includes(req.user.role)) {
      return res.status(403).json({ error: 'Forbidden' });
    }
    
    next();
  };
};

// Uso nas rotas
router.post('/admin/users', 
  authenticate, 
  authorize('admin'), 
  createUser
);

Protección OWASP

// 1. SQL Injection - Use parameterized queries
// BAD
db.query(`SELECT * FROM users WHERE id = ${userId}`);
// GOOD
db.query('SELECT * FROM users WHERE id = $1', [userId]);

// 2. XSS - Escape output
import DOMPurify from 'isomorphic-dompurify';
const safeContent = DOMPurify.sanitize(userInput);

// 3. CSRF - CSRF tokens
const csrfToken = req.csrfToken();
res.cookie('CSRF-TOKEN', csrfToken);

// 4. Rate Limiting
import rateLimit from 'express-rate-limit';
const limiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 100, // limit each IP to 100 requests per windowMs
  message: 'Too many requests'
});

Criptografia

// Encryption at rest (AES-256)
import crypto from 'crypto';

const encrypt = (text, key) => {
  const iv = crypto.randomBytes(16);
  const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
  
  let encrypted = cipher.update(text, 'utf8', 'hex');
  encrypted += cipher.final('hex');
  
  const authTag = cipher.getAuthTag();
  
  return { iv: iv.toString('hex'), encrypted, authTag: authTag.toString('hex') };
};

// Hash de dados sensíveis (LGPD)
const hashSensitive = (data) => {
  return crypto.createHash('sha256').update(data).digest('hex');
};

Security Checklist

Autenticação

[ ] Passwords hasheadas com bcrypt/argon2
[ ] Tokens com expiração curta (access) + refresh
[ ] MFA disponível
[ ] Password policy (mínimo 8 chars, maiúsculas, números)
[ ] Rate limiting em login

Autorização

[ ] RBAC implementado
[ ] Verificação de ownership em recursos
[ ] Privilégio mínimo
[ ] Audit logs de ações sensíveis

Input/Output

[ ] Input validation (schema validation)
[ ] Output encoding
[ ] SQL parameterized queries
[ ] File upload validation

Infraestrutura

[ ] HTTPS/TLS
[ ] Secrets em vault (.env nunca no git)
[ ] Headers de segurança (CSP, HSTS, X-Frame-Options)
[ ] WAF em produção

Headers de Segurança

// Helmet.js
import helmet from 'helmet';

app.use(helmet());
app.use(helmet.contentSecurityPolicy({
  directives: {
    defaultSrc: ["'self'"],
    scriptSrc: ["'self'", "'unsafe-inline'"],
    styleSrc: ["'self'", "'unsafe-inline'"],
    imgSrc: ["'self'", "data:", "https:"],
  }
}));

// CORS
app.use(cors({
  origin: ['https://app.example.com'],
  credentials: true,
}));

OWASP Top 10 (2021)

Broken Access Control
Cryptographic Failures
Injection
Insecure Design
Security Misconfiguration
Vulnerable Components
Auth Failures
Data Integrity Failures
Logging Failures
SSRF

Ferramentas

Related Skills

suportebahia/Equipe SBahia

testing

VerifiedTrustedCommunity

Sistema de agentes IA para coordenação de projetos de desenvolvimento. Use este skill para iniciar qualquer projeto. Este skill orquestra automaticamente os agentes especializados conforme a necessidade: - Análise e planejamento de projetos - Coordenação de múltiplos agentes - Gestão de tasks e dependências

SKILL.mdUpdated Apr 15, 2026

suportebahia/Equipe SBahia

suportebahia/Fernando Rochav - Orchestrator

development

VerifiedTrustedCommunity

Orquestrador principal do ecossistema de agentes IA Equipe SBahia. Use para: - Coordenar projetos de desenvolvimento web - Alocar agentes especializados - Gerenciar workflow completo - Garantir padrões MVC e de mercado Agents disponíveis: leadership-tech, uxui-designer, frontend-developer, backend-controller, backend-model, dba-specialist, security-specialist, api-gateway-specialist, mobile-developer, data-engineer, elastic-engineer, machine-learning-engineer, testing-specialist, error-handling-specialist, product-owner, devops-engineer, solutions-engineer

SKILL.mdUpdated Apr 15, 2026

suportebahia/Fernando Rochav - Orchestrator

suportebahia/Equipe SBahia - Designer UX/UI

testing

VerifiedTrustedCommunity

Skill para Designer UX/UI. Use para: - Criar experiência do usuário - Desenvolver interfaces visuais - Definir design system - Validar usabilidade

SKILL.mdUpdated Apr 15, 2026

suportebahia/Equipe SBahia - Designer UX/UI

suportebahia/Equipe SBahia - Especialista em Testes

testing

VerifiedTrustedCommunity

Especialista em QA/Testes automatizados. Use para: - Criar estratégia de testes completa - Implementar testes unitários, integração e E2E - TDD/BDD quando aplicável - Coverage analysis - Testes de performance e carga

SKILL.mdUpdated Apr 15, 2026

suportebahia/Equipe SBahia - Especialista em Testes

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/suportebahia/equipe-devs.git

# Copy into Claude Code skills folder (global)
cp -r equipe-devs/.internal-skills/security-specialist ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

suportebahia/equipe-devs

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT