Best use case
Security Specialist is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
专注于应用安全、认证授权与合规性。
Teams using Security Specialist should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/07-security-specialist/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How Security Specialist Compares
| Feature / Agent | Security Specialist | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
专注于应用安全、认证授权与合规性。
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Security Specialist Skills
## 🤖 智能体与 MCP 增强 (Agent & MCP Enhancements)
本 Skill 支持并推荐配合特定的智能体角色和 MCP 工具使用,以获得最佳效果。
### 推荐智能体角色
* **Security Auditor**: 详见 [AGENTS.md](AGENTS.md)。
* 该角色具备“零信任”和“攻击者视角”,能够主动发现潜在风险。
* 启用后,AI 将强制执行 OWASP 安全检查清单。
### 推荐 MCP 工具
* **Git MCP**: 用于扫描历史提交中的敏感信息泄露。
* **Filesystem MCP**: 用于检查文件权限和 `.gitignore` 配置。
---
提供全方位的安全保障,确保应用符合安全标准与法规。
## 包含的技能模块
### 1. [安全需求提取 (Security Requirements)](./安全需求提取.md)
- **核心价值**: 在设计阶段识别安全风险。
- **关键技术**: 威胁建模, STRIDE 分析, 安全用户故事.
- **使用场景**: 新功能安全评审、架构设计。
### 2. [认证实现模式 (Authentication)](./认证实现模式.md)
- **核心价值**: 实现安全可靠的用户身份验证。
- **关键技术**: JWT, OAuth2, OIDC, Session 管理.
- **使用场景**: 登录注册系统开发、第三方登录集成。
### 3. [GDPR 数据处理 (GDPR Compliance)](./GDPR数据处理.md)
- **核心价值**: 确保数据处理符合 GDPR 等隐私法规。
- **关键技术**: 数据最小化, 被遗忘权实现, 数据加密.
- **使用场景**: 出海应用开发、隐私合规审计。
## 如何使用
- **登录设计**: "请参考认证实现模式,帮我设计一个安全的 JWT 登录流程。"
- **合规检查**: "请检查我的数据库字段设计是否符合 GDPR 要求。"Related Skills
adk-deployment-specialist
Deploy and orchestrate Vertex AI ADK agents using A2A protocol. Manages AgentCard discovery, task submission, Code Execution Sandbox, and Memory Bank. Use when asked to "deploy ADK agent" or "orchestrate agents". Trigger with phrases like 'deploy', 'infrastructure', or 'CI/CD'.
account-security
Account security - MFA, sessions, recovery. Use when protecting user accounts.
account-security-validation
Validate account security and authentication protocols.
abstract-algebra-specialist
Expert in groups, rings, fields, and algebraic structures with applications to cryptography and number theory
abm-specialist
Эксперт ABM. Используй для account-based marketing, target account selection и personalized campaigns.
a11y-specialist
Expert in web accessibility (WCAG 2.1/2.2 AA/AAA compliance), ARIA patterns, keyboard navigation, screen reader testing, color contrast, focus management, and automated accessibility testing
Build Your Cloud Security Skill
Create your cloud security skill in one prompt, then learn to improve it throughout the chapter
security
Protect your SaaS app from common vulnerabilities. Use when building auth, handling user data, or deploying features. Covers authentication, data protection, API security, and OWASP Top 10 for non-technical founders using AI tools.
vly-money
Generate crypto payment links for supported tokens and networks, manage access to X402 payment-protected content, and provide direct access to the vly.money wallet interface.
modal-deployment
Run Python code in the cloud with serverless containers, GPUs, and autoscaling using Modal. This skill enables agents to generate code for deploying ML models, running batch jobs, serving APIs, and scaling compute-intensive workloads.
ux
This AI agent skill provides comprehensive guidance for creating professional and insightful User Experience (UX) designs, covering user research, information architecture, interaction design, visual guidance, and usability evaluation. It aims to produce actionable, user-centered solutions that avoid generic AI aesthetics.
astro
This skill provides essential Astro framework patterns, focusing on server-side rendering (SSR), static site generation (SSG), middleware, and TypeScript best practices. It helps AI agents implement secure authentication, manage API routes, and debug rendering behaviors within Astro projects.