security-auth
Comprehensive security and authentication workflow that orchestrates security architecture, identity management, access control, and compliance implementation. Handles everything from authentication system design and authorization frameworks to security auditing and threat protection.
16 stars
Best use case
security-auth is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Comprehensive security and authentication workflow that orchestrates security architecture, identity management, access control, and compliance implementation. Handles everything from authentication system design and authorization frameworks to security auditing and threat protection.
Teams using security-auth should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
$curl -o ~/.claude/skills/security-auth/SKILL.md --create-dirs "https://raw.githubusercontent.com/diegosouzapw/awesome-omni-skill/main/skills/testing-security/security-auth/SKILL.md"
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/security-auth/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How security-auth Compares
| Feature / Agent | security-auth | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Comprehensive security and authentication workflow that orchestrates security architecture, identity management, access control, and compliance implementation. Handles everything from authentication system design and authorization frameworks to security auditing and threat protection.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Security & Authentication Specialist - Complete Security Engineering Workflow
## Overview
This skill provides end-to-end security and authentication services by orchestrating security architects, identity specialists, and compliance experts. It transforms security requirements into production-ready authentication and authorization systems with comprehensive threat protection, compliance adherence, and security monitoring.
**Key Capabilities:**
- 🔐 **Multi-Layer Security Architecture** - Authentication, authorization, and threat protection systems
- 🛡️ **Identity & Access Management** - User authentication, role-based access, and privilege management
- 📊 **Compliance & Auditing** - Regulatory compliance, security auditing, and reporting
- 🔧 **Security Integration** - Seamless integration with existing systems and third-party security services
- 📋 **Threat Protection** - Proactive threat detection, prevention, and incident response
## When to Use This Skill
**Perfect for:**
- Authentication system design and implementation
- Authorization framework development and RBAC implementation
- Security compliance and auditing requirements
- Threat protection and security monitoring setup
- Identity management system integration
- Security assessment and vulnerability management
**Triggers:**
- "Implement authentication and authorization for [application]"
- "Design security architecture for [system]"
- "Set up identity and access management"
- "Implement compliance and security auditing"
- "Create threat protection and monitoring system"
## Security Expert Panel
### **Security Architect** (System Security Design)
- **Focus**: Security architecture, threat modeling, security patterns
- **Techniques**: Zero-trust architecture, defense-in-depth, security frameworks
- **Considerations**: Security by design, attack surface reduction, security controls
### **Identity Specialist** (Authentication & Authorization)
- **Focus**: Authentication systems, identity management, access control
- **Techniques**: OAuth 2.0, OpenID Connect, JWT, SAML, RBAC/ABAC
- **Considerations**: User experience, security requirements, scalability
### **Compliance Expert** (Regulatory & Auditing)
- **Focus**: Regulatory compliance, security auditing, risk assessment
- **Techniques**: SOC 2, ISO 27001, GDPR, HIPAA, PCI-DSS compliance
- **Considerations**: Legal requirements, audit trails, documentation
### **Threat Analyst** (Security Monitoring & Response)
- **Focus**: Threat detection, incident response, security monitoring
- **Techniques**: SIEM systems, threat intelligence, security analytics
- **Considerations**: Real-time detection, response procedures, forensic analysis
### **Cryptographic Specialist** (Encryption & Data Protection)
- **Focus**: Encryption implementation, key management, data protection
- **Techniques**: AES, RSA, TLS/SSL, hash functions, digital signatures
- **Considerations**: Key lifecycle management, performance impact, compliance
## Security Implementation Workflow
### Phase 1: Security Requirements Analysis & Threat Modeling
**Use when**: Starting security implementation or security assessment
**Tools Used:**
```bash
/sc:analyze security-requirements
Security Architect: threat modeling and risk assessment
Compliance Expert: regulatory requirement analysis
Threat Analyst: attack surface analysis
```
**Activities:**
- Analyze security requirements and threat landscape
- Identify compliance requirements and regulatory constraints
- Perform threat modeling and attack surface analysis
- Define security policies and procedures
- Plan security architecture and control implementation
### Phase 2: Authentication System Design & Implementation
**Use when**: Designing and implementing authentication systems
**Tools Used:**
```bash
/sc:design --type authentication auth-system
Identity Specialist: authentication framework design
Cryptographic Specialist: secure credential management
Security Architect: authentication security controls
```
**Activities:**
- Design authentication architecture and user identity flows
- Implement secure credential storage and management
- Create multi-factor authentication (MFA) systems
- Design session management and token-based authentication
- Implement password policies and secure recovery mechanisms
### Phase 3: Authorization Framework & Access Control
**Use when**: Implementing authorization and access control systems
**Tools Used:**
```bash
/sc:design --type authorization rbac-system
Identity Specialist: role-based access control implementation
Security Architect: privilege management design
Compliance Expert: access control auditing
```
**Activities:**
- Design role-based access control (RBAC) or attribute-based access control (ABAC)
- Implement fine-grained permissions and privilege management
- Create access control policies and enforcement mechanisms
- Design admin interfaces for user and permission management
- Implement access request and approval workflows
### Phase 4: Security Integration & API Protection
**Use when**: Integrating security controls and protecting APIs
**Tools Used:**
```bash
/sc:implement security-integration
Security Architect: API security and integration
Cryptographic Specialist: encryption and data protection
Threat Analyst: input validation and sanitization
```
**Activities:**
- Implement API authentication and authorization middleware
- Create input validation and output encoding mechanisms
- Implement rate limiting and DDoS protection
- Set up CORS policies and secure headers
- Integrate with third-party security services and tools
### Phase 5: Compliance & Auditing Implementation
**Use when**: Ensuring regulatory compliance and security auditing
**Tools Used:**
```bash
/sc:implement compliance-auditing
Compliance Expert: compliance framework implementation
Security Architect: security monitoring and logging
Threat Analyst: audit trail and forensics
```
**Activities:**
- Implement comprehensive audit logging and monitoring
- Create compliance reporting and documentation
- Set up security incident tracking and reporting
- Implement data retention and deletion policies
- Create security dashboards and compliance metrics
### Phase 6: Threat Protection & Security Monitoring
**Use when**: Setting up proactive threat detection and response
**Tools Used:**
```bash
/sc:implement threat-protection
Threat Analyst: security monitoring and detection
Security Architect: incident response procedures
Compliance Expert: security metrics and reporting
```
**Activities:**
- Implement security information and event management (SIEM)
- Set up real-time threat detection and alerting
- Create incident response procedures and playbooks
- Implement security analytics and anomaly detection
- Design security metrics and KPI tracking
## Integration Patterns
### **SuperClaude Command Integration**
| Command | Use Case | Output |
|---------|---------|--------|
| `/sc:design --type authentication` | Authentication system | Complete auth architecture |
| `/sc:design --type authorization` | Authorization framework | RBAC/ABAC implementation |
| `/sc:implement security` | Security controls | Production-ready security |
| `/sc:analyze threats` | Threat analysis | Threat model and mitigation |
| `/sc:implement compliance` | Compliance | Regulatory compliance system |
### **Security Framework Integration**
| Framework | Role | Capabilities |
|-----------|------|------------|
| **OWASP Top 10** | Security standards | Comprehensive vulnerability protection |
| **NIST Cybersecurity** | Security framework | Complete security program implementation |
| **ISO 27001** | Compliance management | Information security management system |
| **Zero Trust** | Security model | Zero-trust architecture implementation |
### **MCP Server Integration**
| Server | Expertise | Use Case |
|--------|----------|---------|
| **Sequential** | Security reasoning | Complex security analysis and design |
| **Better Auth** | Authentication | Modern authentication implementation |
| **Web Search** | Threat intelligence | Latest security threats and vulnerabilities |
## Usage Examples
### Example 1: Complete Authentication System
```
User: "Implement a secure authentication system for our SaaS application with MFA and SSO support"
Workflow:
1. Phase 1: Analyze security requirements and compliance needs
2. Phase 2: Design OAuth 2.0/OpenID Connect authentication system
3. Phase 3: Implement RBAC with fine-grained permissions
4. Phase 4: Integrate with SSO providers and MFA services
5. Phase 5: Set up audit logging and compliance reporting
6. Phase 6: Implement threat detection and security monitoring
Output: Production-ready authentication system with enterprise-grade security
```
### Example 2: Security Compliance Implementation
```
User: "Implement SOC 2 compliance for our financial services platform"
Workflow:
1. Phase 1: Analyze SOC 2 requirements and current security posture
2. Phase 2: Design security controls to meet SOC 2 criteria
3. Phase 3: Implement access controls and audit trails
4. Phase 4: Set up security monitoring and incident response
5. Phase 5: Create compliance documentation and reporting
6. Phase 6: Implement continuous compliance monitoring
Output: SOC 2 compliant security framework with comprehensive audit capabilities
```
### Example 3: API Security Implementation
```
User: "Secure our REST API with proper authentication, authorization, and threat protection"
Workflow:
1. Phase 1: Analyze API security requirements and threat model
2. Phase 2: Design JWT-based authentication and authorization
3. Phase 3: Implement API gateway with security controls
4. Phase 4: Add rate limiting, input validation, and encryption
5. Phase 5: Set up API security monitoring and logging
6. Phase 6: Implement API security testing and validation
Output: Secure API with comprehensive protection against common attacks
```
## Quality Assurance Mechanisms
### **Multi-Layer Security Validation**
- **Security Architecture Review**: Comprehensive security design validation
- **Penetration Testing**: Automated and manual security testing
- **Compliance Validation**: Regulatory compliance verification
- **Threat Assessment**: Ongoing threat analysis and mitigation
### **Automated Security Checks**
- **Vulnerability Scanning**: Automated security vulnerability detection
- **Compliance Monitoring**: Continuous compliance checking and reporting
- **Security Testing**: Automated security test execution and validation
- **Access Control Validation**: Permission and access right verification
### **Continuous Security Improvement**
- **Security Metrics**: Ongoing security performance tracking
- **Threat Intelligence**: Continuous threat monitoring and adaptation
- **Security Training**: Security awareness and best practices
- **Incident Learning**: Post-incident analysis and improvement
## Output Deliverables
### Primary Deliverable: Complete Security System
```
security-system/
├── authentication/
│ ├── providers/ # Authentication provider implementations
│ ├── middleware/ # Auth middleware and guards
│ ├── tokens/ # Token generation and validation
│ └── sessions/ # Session management
├── authorization/
│ ├── rbac/ # Role-based access control
│ ├── permissions/ # Permission definitions
│ ├── policies/ # Access control policies
│ └── admin/ # Admin interfaces
├── security/
│ ├── encryption/ # Encryption utilities
│ ├── validation/ # Input validation and sanitization
│ ├── headers/ # Security headers and CORS
│ └── rate-limiting/ # Rate limiting and DDoS protection
├── compliance/
│ ├── audit-logs/ # Audit logging and tracking
│ ├── reports/ # Compliance reports
│ ├── policies/ # Security policies and procedures
│ └── documentation/ # Compliance documentation
├── monitoring/
│ ├── siem/ # Security information and event management
│ ├── alerts/ # Security alerts and notifications
│ ├── dashboards/ # Security monitoring dashboards
│ └── incident-response/ # Incident response procedures
└── config/
├── development/ # Development security config
├── staging/ # Staging security config
└── production/ # Production security config
```
### Supporting Artifacts
- **Security Architecture Documentation**: Detailed security design and implementation
- **Compliance Reports**: Regulatory compliance status and documentation
- **Security Policies**: Comprehensive security policies and procedures
- **Threat Models**: Detailed threat analysis and mitigation strategies
- **Incident Response Plans**: Security incident handling procedures
## Advanced Features
### **Intelligent Threat Detection**
- AI-powered threat detection and analysis
- Behavioral anomaly detection and user behavior analytics
- Real-time threat intelligence integration
- Automated incident response and containment
### **Zero Trust Implementation**
- Comprehensive zero-trust security architecture
- Continuous authentication and authorization
- Micro-segmentation and least privilege access
- Device and location-based access controls
### **Compliance Automation**
- Automated compliance checking and reporting
- Continuous compliance monitoring and alerts
- Automated evidence collection for audits
- Regulatory requirement tracking and management
### **Security Analytics**
- Advanced security analytics and reporting
- Security metrics and KPI tracking
- Risk assessment and scoring
- Security posture analysis and improvement
## Troubleshooting
### Common Security Implementation Challenges
- **Authentication Issues**: Use proper token validation and secure session management
- **Authorization Problems**: Implement clear permission models and regular access reviews
- **Compliance Gaps**: Conduct regular compliance assessments and documentation updates
- **Security Vulnerabilities**: Implement continuous security testing and vulnerability management
### Integration and Operational Issues
- **Third-party Integration**: Use standard protocols and proper error handling
- **Performance Impact**: Optimize security controls and implement caching where appropriate
- **User Experience**: Balance security requirements with user-friendly interfaces
- **Security Monitoring**: Implement comprehensive logging and alerting systems
## Best Practices
### **For Authentication Design**
- Use industry-standard protocols (OAuth 2.0, OpenID Connect, SAML)
- Implement multi-factor authentication for sensitive operations
- Use secure token storage and proper session management
- Implement proper password policies and secure recovery mechanisms
### **For Authorization Implementation**
- Follow principle of least privilege
- Implement role-based or attribute-based access control
- Regularly review and update access permissions
- Implement proper audit trails for access control changes
### **For Security Compliance**
- Stay updated with regulatory requirements and industry standards
- Implement comprehensive audit logging and documentation
- Conduct regular security assessments and penetration testing
- Maintain up-to-date security policies and procedures
### **For Threat Protection**
- Implement defense-in-depth security architecture
- Use automated security monitoring and threat detection
- Maintain incident response procedures and conduct regular drills
- Stay informed about latest security threats and vulnerabilities
---
This security and authentication skill transforms the complex process of security system implementation into a guided, expert-supported workflow that ensures comprehensive protection, regulatory compliance, and operational excellence.Related Skills
telecom-security
16
from diegosouzapw/awesome-omni-skill
Assess telecommunications infrastructure security including VoIP/SIP, SS7/Diameter, cellular networks, SMS-based authentication, and telephony-integrated applications. Identifies vulnerabilities in phone-based verification, call routing, and telecom protocol implementations. Use when auditing SMS 2FA, VoIP systems, IVR applications, or any telephony-dependent security controls.
tauri-security-rules
16
from diegosouzapw/awesome-omni-skill
Security-related rules for Tauri application development.
sqlserver-security
16
from diegosouzapw/awesome-omni-skill
Audits and hardens SQL Server security including login management, permission reviews, TDE encryption, SQL Server Audit configuration, and surface area reduction. Use when performing security reviews, setting up new instances, responding to security incidents, or preparing for compliance audits.
spring-security
16
from diegosouzapw/awesome-omni-skill
Spring Security 6 patterns for authentication, authorization, and OAuth2
solidity-security
16
from diegosouzapw/awesome-omni-skill
Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementin...
software-security-appsec
16
from diegosouzapw/awesome-omni-skill
Modern application security patterns aligned with OWASP Top 10 (2021) and OWASP Top 10:2025 Release Candidate, OWASP API Security Top 10 (2023), NIST SSDF, zero trust, supply chain security, authentication, authorization, input validation, and cryptography.
smoke-test-authenticated-api-routes
16
from diegosouzapw/awesome-omni-skill
Create a minimal smoke-test plan for authenticated API routes (happy path, one negative case, and persistence checks).
slack-auth-security
16
from diegosouzapw/awesome-omni-skill
OAuth flows, token management, and security best practices for Slack apps. Use when implementing app distribution, multi-workspace installations, token storage and rotation, managing scopes and permissions, or securing production Slack applications.
skill-authoring
16
from diegosouzapw/awesome-omni-skill
Create high-quality skills: scoped, procedural, and durable. Prefer updates over duplicates. Use when working with SKILL.md files, authoring new skills, improving existing skills, or understanding skill structure and best practices.
skill-author
16
from diegosouzapw/awesome-omni-skill
Expertise in authoring Agent Skills according to the open standard. Use when the user asks to "create a skill".
securitytrails-automation
16
from diegosouzapw/awesome-omni-skill
Automate Securitytrails tasks via Rube MCP (Composio). Always search tools first for current schemas.
security
16
from diegosouzapw/awesome-omni-skill
Use this skill when designing or reviewing systems where security is a concern - authentication, authorization, data protection, input handling, or any system processing untrusted input. Applies adversarial thinking to specifications, designs, and implementations.