security

Use this skill for security reviews, threat modeling, compliance work, or incident response. Activates on mentions of security audit, vulnerability, OWASP, threat model, zero trust, SOC 2, HIPAA, GDPR, compliance, incident response, SBOM, supply chain security, or secrets management.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "security" with this command: npx skills add hyperb1iss/hyperskills/hyperb1iss-hyperskills-security

Security Operations

Frameworks and checklists for secure systems.

Zero Trust Principles

  1. Never trust, always verify
  2. Assume breach
  3. Verify explicitly
  4. Least privilege access
  5. Micro-segmentation

SLSA Framework (Supply Chain)

LevelRequirements
1Documentation of build process
2Hosted build platform, signed provenance
3Hardened builds, 2-person review
4Hermetic, reproducible builds

Threat Modeling (STRIDE)

ThreatExampleMitigation
SpoofingFake identityStrong auth, MFA
TamperingModified dataIntegrity checks, signing
RepudiationDeny actionsAudit logs, non-repudiation
Information DisclosureData leakEncryption, access control
Denial of ServiceOverloadRate limiting, scaling
Elevation of PrivilegeUnauthorized accessLeast privilege, RBAC

OWASP Top 10 Checklist

  • A01: Broken Access Control
  • A02: Cryptographic Failures
  • A03: Injection (SQL, NoSQL, OS, LDAP)
  • A04: Insecure Design
  • A05: Security Misconfiguration
  • A06: Vulnerable Components
  • A07: Auth Failures
  • A08: Software/Data Integrity Failures
  • A09: Logging/Monitoring Failures
  • A10: SSRF

Secrets Management

Never commit secrets. Use environment-based injection (External Secrets Operator, Vault, cloud-native secret managers). Scan with gitleaks or trufflehog in CI.

Supply Chain Security

  • Generate SBOMs with Syft: syft packages dir:. -o spdx-json
  • Scan with Grype: grype sbom:sbom.spdx.json --fail-on high
  • Scan container images with Trivy: trivy image <image> --severity HIGH,CRITICAL
  • Use distroless/Chainguard base images

Incident Response Phases

  1. Detection & Analysis -- Acknowledge alert, gather IOCs, determine scope, escalate if P1/P2
  2. Containment -- Isolate systems, block malicious IPs, disable compromised accounts, preserve evidence
  3. Eradication -- Remove malware/backdoors, patch vulnerabilities, reset credentials
  4. Recovery -- Restore from clean backups, monitor for re-infection, gradual restoration
  5. Lessons Learned -- Timeline reconstruction, root cause analysis, update playbooks

Compliance Frameworks

FrameworkFocus
SOC 2 Type IIService organization controls
ISO 27001Information security management
HIPAAProtected health information
GDPREU data protection
PCI DSSPayment card data

Use Vanta or Drata for continuous monitoring and automated evidence collection.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

tui-design

No summary provided by upstream source.

Repository SourceNeeds Review
-131
hyperb1iss
Research

research

No summary provided by upstream source.

Repository SourceNeeds Review
-125
hyperb1iss
General

orchestrate

No summary provided by upstream source.

Repository SourceNeeds Review
-123
hyperb1iss