skill-name
[REQUIRED] Comprehensive description of what this skill does and when to use it. Include: (1) Primary functionality, (2) Specific use cases, (3) Security operations context. Must include specific "Use when:" clause for skill discovery. Example: "SAST vulnerability analysis and remediation guidance using Semgrep and industry security standards. Use when: (1) Analyzing static code for security vulnerabilities, (2) Prioritizing security findings by severity, (3) Providing secure coding remediation, (4) Integrating security checks into CI/CD pipelines." Maximum 1024 characters.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/skill-name/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How skill-name Compares
| Feature / Agent | skill-name | Standard Approach |
|---|---|---|
| Platform Support | multi | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
[REQUIRED] Comprehensive description of what this skill does and when to use it. Include: (1) Primary functionality, (2) Specific use cases, (3) Security operations context. Must include specific "Use when:" clause for skill discovery. Example: "SAST vulnerability analysis and remediation guidance using Semgrep and industry security standards. Use when: (1) Analyzing static code for security vulnerabilities, (2) Prioritizing security findings by severity, (3) Providing secure coding remediation, (4) Integrating security checks into CI/CD pipelines." Maximum 1024 characters.
Which AI agents support this skill?
This skill is compatible with multi.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
<!-- PROGRESSIVE DISCLOSURE GUIDELINES: - Keep this SKILL.md file under 500 lines - Only include core workflows and common patterns here - Move detailed content to references/ directory - Link clearly to when references should be consulted - See: references/WORKFLOW_CHECKLIST.md for workflow pattern examples - Challenge every sentence: "Does Claude really need this?" --> # Skill Name ## Overview Brief overview of what this skill provides and its security operations context. ## Quick Start Provide the minimal example to get started immediately: ```bash # Example command or workflow tool-name --option value ``` ## Core Workflow ### Sequential Workflow For straightforward step-by-step operations: 1. First action with specific command or operation 2. Second action with expected output or validation 3. Third action with decision points if needed ### Workflow Checklist (for complex operations) For complex multi-step operations, use a checkable workflow: Progress: [ ] 1. Initial setup and configuration [ ] 2. Run primary security scan or analysis [ ] 3. Review findings and classify by severity [ ] 4. Apply remediation patterns [ ] 5. Validate fixes with re-scan [ ] 6. Document findings and generate report Work through each step systematically. Check off completed items. **For more workflow patterns**, see [references/WORKFLOW_CHECKLIST.md](references/WORKFLOW_CHECKLIST.md) ### Feedback Loop Pattern (for validation) When validation and iteration are needed: 1. Generate initial output (configuration, code, etc.) 2. Run validation: `./scripts/validator_example.py output.yaml` 3. Review validation errors and warnings 4. Fix identified issues 5. Repeat steps 2-4 until validation passes 6. Apply the validated output **Note**: Move detailed validation criteria to `references/` if complex. ## Security Considerations - **Sensitive Data Handling**: Guidance on handling secrets, credentials, PII - **Access Control**: Required permissions and authorization contexts - **Audit Logging**: What should be logged for security auditing - **Compliance**: Relevant compliance requirements (SOC2, GDPR, etc.) ## Bundled Resources ### Scripts (`scripts/`) Executable scripts for deterministic operations. Use scripts for low-freedom operations requiring consistency. - `example_script.py` - Python script template with argparse, error handling, and JSON output - `example_script.sh` - Bash script template with argument parsing and colored output - `validator_example.py` - Validation script demonstrating feedback loop pattern **When to use scripts**: - Deterministic operations that must be consistent - Complex parsing or data transformation - Validation and quality checks ### References (`references/`) On-demand documentation loaded when needed. Keep SKILL.md concise by moving detailed content here. - `EXAMPLE.md` - Template for reference documentation with security standards sections - `WORKFLOW_CHECKLIST.md` - Multiple workflow pattern examples (sequential, conditional, iterative, feedback loop) **When to use references**: - Detailed framework mappings (OWASP, CWE, MITRE ATT&CK) - Advanced configuration options - Language-specific patterns - Content exceeding 100 lines ### Assets (`assets/`) Templates and configuration files used in output (not loaded into context). These are referenced but not read until needed. - `ci-config-template.yml` - Security-enhanced CI/CD pipeline with SAST, dependency scanning, secrets detection - `rule-template.yaml` - Security rule template with OWASP/CWE mappings and remediation guidance **When to use assets**: - Configuration templates - Policy templates - Boilerplate secure code - CI/CD pipeline examples ## Common Patterns ### Pattern 1: [Pattern Name] Description and example of common usage pattern. ### Pattern 2: [Pattern Name] Additional patterns as needed. ## Integration Points - **CI/CD**: How this integrates with build pipelines - **Security Tools**: Compatible security scanning/monitoring tools - **SDLC**: Where this fits in the secure development lifecycle ## Troubleshooting ### Issue: [Common Problem] **Solution**: Steps to resolve. ## References - [Tool Documentation](https://example.com) - [Security Framework](https://owasp.org) - [Compliance Standard](https://example.com)