thebeardedbearsas/security-paperclip
Dev/i18n/fr/Paperclip/skills/security-paperclip/SKILL.md
Sécurité Paperclip — isolation tenant, secrets, portes d'approbation, budgets stricts, capacités plugin minimales. À utiliser pour auditer ou durcir Paperclip.
$ install --global
skillsauthnpx skillsauth add thebeardedbearsas/claude-craft security-paperclipInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 17, 2026, 10:32 AM5.3s1 file scanned
SKILL.md
- name:
- security-paperclip
- description:
- Sécurité Paperclip — isolation tenant, secrets, portes d'approbation, budgets stricts, capacités plugin minimales. À utiliser pour auditer ou durcir Paperclip.
Sécurité Paperclip
companyId tiré uniquement de la session/du path (jamais du body client) ; secrets chiffrés au repos + rédigés dans les logs + résolus via ctx.secrets.resolve(ref) dans les plugins ; portes d'approbation serveur-only et append-only ; les budgets sont des limites strictes appliquées au dispatch ; Better Auth pour l'auth opérateur avec un BETTER_AUTH_SECRET tourné ; CSP/HSTS/COOP/CORP livrés sur l'UI ; capacités de plugin déclarées au minimum ; pnpm audit --audit-level=high dans la CI.
Voir ../../rules/11-security-paperclip.md pour la documentation détaillée.
Related Skills
thebeardedbearsas/ecosystem-tools
tools
VerifiedTrustedCommunity
Third-party Claude Code token/context/code-review tools. Use when choosing or recommending an external tool to reduce token usage, manage context, or review large codebases.
97SKILL.mdUpdated Jun 4, 2026
thebeardedbearsas/Dev/i18n/pt/Symfony/skills/value-objects
development
VerifiedTrustedCommunity
--- name: value-objects description: Règle 04 : Value Objects. Use when implementing DDD patterns. --- # Règle 04 : Value Objects This skill provides guidelines and best practices. See ../../rules/18-value-objects.md for detailed documentation.
95SKILL.mdUpdated Apr 17, 2026
thebeardedbearsas/security-symfony
development
VerifiedTrustedCommunity
Sécurité & RGPD - Atoll Tourisme. Use when reviewing security, implementing auth, or hardening code.
95SKILL.mdUpdated Apr 17, 2026
thebeardedbearsas/quality-tools
tools
VerifiedTrustedCommunity
Outils de qualité - Atoll Tourisme. Use when setting up quality tools or CI.
95SKILL.mdUpdated Apr 17, 2026