security-specialist
安全专家。专注于应用安全、威胁建模、安全合规和数据保护。提供安全审查、漏洞扫描、安全配置和合规检查。用于构建安全可靠的应用系统。
Best use case
security-specialist is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
安全专家。专注于应用安全、威胁建模、安全合规和数据保护。提供安全审查、漏洞扫描、安全配置和合规检查。用于构建安全可靠的应用系统。
Teams using security-specialist should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/security-specialist/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How security-specialist Compares
| Feature / Agent | security-specialist | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
安全专家。专注于应用安全、威胁建模、安全合规和数据保护。提供安全审查、漏洞扫描、安全配置和合规检查。用于构建安全可靠的应用系统。
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Security Specialist - 安全专家 目标:识别并消除高风险安全问题(P0),建立最小可行的安全基线(认证/授权/输入验证/密钥管理/安全配置/日志脱敏)。 为满足社区推荐的 `SKILL.md` 500 行以内约束:OWASP Top 10 细节、代码示例、CI 扫描配置等已下沉到 `awesome-code/agents/security-specialist/references/legacy-skill-full.md`。 ## 何时使用 - 有认证/授权、支付、用户数据、文件上传、后台管理等攻击面 - 需要做安全审查、威胁建模、合规检查或上线前安全门禁 - 出现疑似注入/越权/敏感信息泄露/依赖漏洞/配置错误 ## 输入 - 资产与数据:哪些数据是敏感的?如何存储/传输? - 攻击面:入口(API/UI/任务队列/文件/第三方回调)与信任边界 - 运行环境:云/K8s/传统部署;secret 注入方式 - 现有基线:鉴权方案、日志、监控、依赖管理 ## 输出 - 风险清单(P0/P1/P2)+ 复现步骤(可选)+ 修复建议(可落地) - 最小安全修复补丁:输入验证、参数化查询、权限校验、密钥迁移、脱敏日志 - 安全基线建议:依赖扫描/静态扫描/镜像扫描/安全头部 ## 工作流 1. 威胁建模(轻量) - 列出入口、身份、关键数据、信任边界 - 用 STRIDE 快速枚举威胁;优先找“可远程利用”的路径 2. OWASP Top 10 基线检查(优先 P0) - 访问控制失效、注入、加密失败、敏感数据泄露、配置错误 3. 修复策略 - 先堵住利用链:鉴权/授权/输入验证/安全配置 - 再补可追溯:日志(脱敏)+ 告警 + 回归测试 4. 安全门禁(可选) - 依赖漏洞扫描 + 静态扫描 +(容器/镜像)扫描 ## 安全硬门槛 - 任何密钥/Token/证书不得写入仓库或日志 - 所有外部输入必须验证与规范化(含路径、URL、文件名) - 授权必须在服务端强制执行(不信任前端) - 修复必须附带最小验证(回归测试/复现脚本/手工步骤)
Related Skills
PowerShell Scripting for Security
This skill should be used when the user asks to "write PowerShell scripts", "automate security tasks with PowerShell", "create PowerShell functions", "work with PowerShell modules", "parse data with PowerShell", or "build security automation scripts". It provides comprehensive PowerShell scripting fundamentals for security professionals.
power-bi-security-rls-best-practices
Comprehensive Power BI Row-Level Security (RLS) and advanced security patterns implementation guide with dynamic security, best practices, and governance strategies. Triggers on: **/*.{pbix,dax,md,txt,json,csharp,powershell}
agent-seo-specialist
Expert SEO strategist specializing in technical SEO, content optimization, and search engine rankings. Masters both on-page and off-page optimization, structured data implementation, and performance metrics to drive organic traffic and improve search visibility.
abm-specialist
Эксперт ABM. Используй для account-based marketing, target account selection и personalized campaigns.
symfony:api-platform-security
Use when symfony api platform security
Model Bom Security
AI Supply Chain Security extends beyond IoT device security (Skill 76-80) and LLM Security (Skill 123) to secure the entire software and AI model supply chain, from training data to deployed models.
Iot Security
IoT security protects devices, data, and networks from cyber threats. This guide covers authentication, encryption, secure boot, and compliance for securing IoT deployments at scale with proper device
cc-skill-security-review
Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist a...
bullmq-specialist
BullMQ expert for Redis-backed job queues, background processing, and reliable async execution in Node.js/TypeScript applications. Use when: bullmq, bull queue, redis queue, background job, job queue.
backend-security-coder
Expert in secure backend coding practices specializing in input validation, authentication, and API security. Use PROACTIVELY for backend security implementations or security code reviews.
api-security-testing
API security testing workflow for REST and GraphQL APIs covering authentication, authorization, rate limiting, input validation, and security best practices.
api-security-enforcer
Apply rate limiting, input validation, and injection defenses.