secure-agent-playbook

securability-engineering

Meta-skill that wraps code generation to enforce OWASP FIASSE securable coding attributes and principles. Use when generating, scaffolding, or refactoring code so that the output is engineered to be inherently securable by default. Applies the nine SSEM attributes (Analyzability, Modifiability, Testability, Confidentiality, Accountability, Authenticity, Availability, Integrity, Resilience), the Transparency principle, and OWASP FIASSE defensive coding practices to every code generation task. Invoke this skill alongside or instead of raw code generation when the user asks for secure code, securable code, FIASSE-compliant code, or when generating security-sensitive components (auth, input handling, data access, API endpoints, trust boundaries).

your-skill-name

Replace with a clear description of what this skill does and when Claude should use it.

ai-security-verification

Comprehensive AI security verification using OWASP AI Security Verification Standard (AISVS) framework. Provides structured checklist to verify security and ethical considerations across 13 categories of AI-driven applications, from training data governance to human oversight.

multi-agentic-threat-model

Comprehensive threat modeling for multi-agent systems using CSA MAESTRO 7-layer framework and OWASP Multi-Agentic System Threat Modeling Guide v1.0. Systematically analyzes threats across all architectural layers from foundation models to agent ecosystems.

code-review-security

Security-focused code review mapped to OWASP Top 10 and ASVS. Use when reviewing pull requests, auditing files or modules for vulnerabilities, or performing pre-merge security gate checks. Covers injection, auth, authorization, cryptography, data exposure, misconfiguration, and deserialization.

secrets-scan

Detect hardcoded credentials, API keys, tokens, and secrets in source code and configuration files. Use when reviewing code for leaked secrets before commit/merge, auditing a repository for credential exposure, or setting up secret detection.

mcp-server-review

Security review of MCP (Model Context Protocol) server implementations and configurations. Use when auditing MCP server source code, evaluating third-party MCP servers before installation, or reviewing Claude Code MCP integrations for overpermissioning, injection risks, and data exposure.

security-guidance

Security-first development guidance based on OWASP ASVS (Application Security Verification Standard). Use this skill automatically when planning or implementing any code that touches user input, authentication, data persistence, network communication, file I/O, cryptography, or access control. This skill ensures all generated code adheres to industry-standard security practices with explicit references to applied guidance.

multi-agentic-threat-model

Comprehensive threat modeling for multi-agent systems using CSA MAESTRO 7-layer framework and OWASP Multi-Agentic System Threat Modeling Guide v1.0. Systematically analyzes threats across all architectural layers from foundation models to agent ecosystems.

sca-audit

Scan project dependencies for known vulnerabilities (CVEs). Use when reviewing dependency files (package.json, requirements.txt, go.mod, pom.xml, Gemfile, Cargo.toml, etc.), triaging Dependabot/Renovate alerts, or performing pre-deployment security checks.