yusufcmg/security-context
.claude/skills/security-context/SKILL.md
OWASP Top 10 checklist and security scan patterns. Activate for security audits, vulnerability scanning, and auth reviews.
$ install --global
skillsauthnpx skillsauth add yusufcmg/Agent_Memory_Systems security-contextInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 4:12 PM129.1s1 file scanned
SKILL.md
- name:
- security-context
- description:
- >
Security Scan Context
Loading Instructions
Read: .claude/memory-bank/domains/security/_summary.md
OWASP Top 10 Quick Reference
| # | Vulnerability | Quick Check |
|---|--------------|-------------|
| A01 | Broken Access Control | Check every route has auth + role |
| A02 | Cryptographic Failures | No MD5/SHA1, secrets in env only |
| A03 | Injection | No string interpolation in queries |
| A04 | Insecure Design | Rate limits, input bounds |
| A05 | Security Misconfiguration | No debug mode in prod, CORS strict |
| A06 | Vulnerable Components | npm audit / pnpm audit |
| A07 | Auth Failures | Brute force, weak tokens, no expiry |
| A08 | Data Integrity | Verify dependencies, signed packages |
| A09 | Logging Failures | No sensitive data in logs |
| A10 | SSRF | Validate all outbound URLs |
Scan Commands
Use the source directory from core/project.md (referred to as $SRC below).
# Dependency vulnerabilities (adapt to package manager from core/project.md)
npm audit --audit-level=high # Node.js
# pip audit # Python
# Secrets in codebase (replace $SRC with actual source directory)
grep -rE "(password|secret|key|token)\s*=\s*['\"][^'\"]{8,}" $SRC/
# SQL injection patterns
grep -rE "query\s*\+|interpolat|template.*sql" $SRC/
# XSS / unsafe HTML patterns (adapt to project's framework)
grep -rE "dangerouslySetInnerHTML|innerHTML\s*=|v-html|bypassSecurity" $SRC/
Severity Definitions
- HIGH: Exploitable remotely, data breach risk → must fix before deploy
- MED: Exploitable with user interaction → fix this sprint
- LOW: Defense-in-depth improvement → backlog
Related Skills
yusufcmg/x-api
development
VerifiedTrustedCommunity
X/Twitter API integration for posting tweets, threads, reading timelines, search, and analytics. Covers OAuth auth patterns, rate limits, and platform-native content posting. Use when the user wants to interact with X programmatically.
1SKILL.mdUpdated Apr 16, 2026
yusufcmg/visa-doc-translate
documentation
VerifiedTrustedCommunity
Translate visa application documents (images) to English and create a bilingual PDF with original and translation
1SKILL.mdUpdated Apr 16, 2026
yusufcmg/videodb
tools
VerifiedTrustedCommunity
See, Understand, Act on video and audio. See- ingest from local files, URLs, RTSP/live feeds, or live record desktop; return realtime context and playable stream links. Understand- extract frames, build visual/semantic/temporal indexes, and search moments with timestamps and auto-clips. Act- transcode and normalize (codec, fps, resolution, aspect ratio), perform timeline edits (subtitles, text/image overlays, branding, audio overlays, dubbing, translation), generate media assets (image, audio, video), and create real time alerts for events from live streams or desktop capture.
1SKILL.mdUpdated Apr 16, 2026
yusufcmg/video-editing
development
VerifiedTrustedCommunity
AI-assisted video editing workflows for cutting, structuring, and augmenting real footage. Covers the full pipeline from raw capture through FFmpeg, Remotion, ElevenLabs, fal.ai, and final polish in Descript or CapCut. Use when the user wants to edit video, cut footage, create vlogs, or build video content.
1SKILL.mdUpdated Apr 16, 2026