thewoolleyman/V3 Security Overhaul
.claude/skills/v3-security-overhaul/SKILL.md
Complete security architecture overhaul for claude-flow v3. Addresses critical CVEs (CVE-1, CVE-2, CVE-3) and implements secure-by-default patterns. Use for security-first v3 implementation.
testing
Updated Apr 16, 2026
$ install --global
skillsauthnpx skillsauth add thewoolleyman/home-tech-infrastructure V3 Security OverhaulInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 11, 2026, 8:25 PM17.6s1 file scanned
SKILL.md
- name:
- V3 Security Overhaul
- description:
- Complete security architecture overhaul for claude-flow v3. Addresses critical CVEs (CVE-1, CVE-2, CVE-3) and implements secure-by-default patterns. Use for security-first v3 implementation.
V3 Security Overhaul
What This Skill Does
Orchestrates comprehensive security overhaul for claude-flow v3, addressing critical vulnerabilities and establishing security-first development practices using specialized v3 security agents.
Quick Start
# Initialize V3 security domain (parallel)
Task("Security architecture", "Design v3 threat model and security boundaries", "v3-security-architect")
Task("CVE remediation", "Fix CVE-1, CVE-2, CVE-3 critical vulnerabilities", "security-auditor")
Task("Security testing", "Implement TDD London School security framework", "test-architect")
Critical Security Fixes
CVE-1: Vulnerable Dependencies
npm update @anthropic-ai/claude-code@^2.0.31
npm audit --audit-level high
CVE-2: Weak Password Hashing
// ❌ Old: SHA-256 with hardcoded salt
const hash = crypto.createHash('sha256').update(password + salt).digest('hex');
// ✅ New: bcrypt with 12 rounds
import bcrypt from 'bcrypt';
const hash = await bcrypt.hash(password, 12);
CVE-3: Hardcoded Credentials
// ✅ Generate secure random credentials
const apiKey = crypto.randomBytes(32).toString('hex');
Security Patterns
Input Validation (Zod)
import { z } from 'zod';
const TaskSchema = z.object({
taskId: z.string().uuid(),
content: z.string().max(10000),
agentType: z.enum(['security', 'core', 'integration'])
});
Path Sanitization
function securePath(userPath: string, allowedPrefix: string): string {
const resolved = path.resolve(allowedPrefix, userPath);
if (!resolved.startsWith(path.resolve(allowedPrefix))) {
throw new SecurityError('Path traversal detected');
}
return resolved;
}
Safe Command Execution
import { execFile } from 'child_process';
// ✅ Safe: No shell interpretation
const { stdout } = await execFile('git', [userInput], { shell: false });
Success Metrics
- Security Score: 90/100 (npm audit + custom scans)
- CVE Resolution: 100% of critical vulnerabilities fixed
- Test Coverage: >95% security-critical code
- Implementation: All secure patterns documented and tested
Related Skills
thewoolleyman/Verification & Quality Assurance
development
VerifiedTrustedCommunity
Comprehensive truth scoring, code quality verification, and automatic rollback system with 0.95 accuracy threshold for ensuring high-quality agent outputs and codebase reliability.
SKILL.mdUpdated Apr 16, 2026
thewoolleyman/V3 Swarm Coordination
testing
VerifiedTrustedCommunity
15-agent hierarchical mesh coordination for v3 implementation. Orchestrates parallel execution across security, core, and integration domains following 10 ADRs with 14-week timeline.
SKILL.mdUpdated Apr 16, 2026
thewoolleyman/V3 Performance Optimization
tools
VerifiedTrustedCommunity
Achieve aggressive v3 performance targets: 2.49x-7.47x Flash Attention speedup, 150x-12,500x search improvements, 50-75% memory reduction. Comprehensive benchmarking and optimization suite.
SKILL.mdUpdated Apr 16, 2026
thewoolleyman/V3 Memory Unification
development
VerifiedTrustedCommunity
Unify 6+ memory systems into AgentDB with HNSW indexing for 150x-12,500x search improvements. Implements ADR-006 (Unified Memory Service) and ADR-009 (Hybrid Memory Backend).
SKILL.mdUpdated Apr 16, 2026