V3 Security Overhaul
What This Skill Does
Orchestrates comprehensive security overhaul for claude-flow v3, addressing critical vulnerabilities and establishing security-first development practices using specialized v3 security agents.
Quick Start
Initialize V3 security domain (parallel)
Task("Security architecture", "Design v3 threat model and security boundaries", "v3-security-architect") Task("CVE remediation", "Fix CVE-1, CVE-2, CVE-3 critical vulnerabilities", "security-auditor") Task("Security testing", "Implement TDD London School security framework", "test-architect")
Critical Security Fixes
CVE-1: Vulnerable Dependencies
npm update @anthropic-ai/claude-code@^2.0.31 npm audit --audit-level high
CVE-2: Weak Password Hashing
// ❌ Old: SHA-256 with hardcoded salt const hash = crypto.createHash('sha256').update(password + salt).digest('hex');
// ✅ New: bcrypt with 12 rounds import bcrypt from 'bcrypt'; const hash = await bcrypt.hash(password, 12);
CVE-3: Hardcoded Credentials
// ✅ Generate secure random credentials const apiKey = crypto.randomBytes(32).toString('hex');
Security Patterns
Input Validation (Zod)
import { z } from 'zod';
const TaskSchema = z.object({ taskId: z.string().uuid(), content: z.string().max(10000), agentType: z.enum(['security', 'core', 'integration']) });
Path Sanitization
function securePath(userPath: string, allowedPrefix: string): string { const resolved = path.resolve(allowedPrefix, userPath); if (!resolved.startsWith(path.resolve(allowedPrefix))) { throw new SecurityError('Path traversal detected'); } return resolved; }
Safe Command Execution
import { execFile } from 'child_process';
// ✅ Safe: No shell interpretation const { stdout } = await execFile('git', [userInput], { shell: false });
Success Metrics
-
Security Score: 90/100 (npm audit + custom scans)
-
CVE Resolution: 100% of critical vulnerabilities fixed
-
Test Coverage: >95% security-critical code
-
Implementation: All secure patterns documented and tested