security
SKILL.md
Security Skill
Purpose: Run repeatable security checks across code, scripts, hooks, and release gates.
Use this skill when you need deterministic security validation before merge/release, or recurring scheduled checks.
Quick Start
/security # quick security gate
/security --full # full gate with test-inclusive toolchain checks
/security --release # full gate for release readiness
/security --json # machine-readable report output
Execution Contract
1) Pre-PR (fast)
Run quick gate:
scripts/security-gate.sh --mode quick
Expected behavior:
- Fails on high/critical findings from available scanners.
- Writes artifacts under
.agents/security/<run-id>/.
2) Pre-Release (strict)
Run full gate:
scripts/security-gate.sh --mode full
Expected behavior:
- Full scanner pass before release workflow can continue.
- Artifacts retained for audit and incident response.
3) Nightly (continuous)
Nightly workflow should run:
scripts/security-gate.sh --mode full
Expected behavior:
- Detects drift/regressions outside active PR windows.
- Failing run creates actionable signal in workflow summary/issues.
Triage Guidance
When gate fails:
- Open latest artifact in
.agents/security/and identify scanner + file. - Classify severity (critical/high/medium).
- Fix immediately for critical/high or create tracked follow-up issue with owner.
- Re-run
scripts/security-gate.shuntil gate passes.
Reporting Template
Security gate run: <run-id>
Mode: <quick|full>
Result: <pass|blocked>
Top findings:
- <scanner> <severity> <file> <summary>
Actions:
- <fix or issue id>
Notes
- Use this as the canonical security runbook instead of ad-hoc scanner commands.
- Keep workflow wiring aligned with this contract in:
.github/workflows/validate.yml.github/workflows/nightly.yml.github/workflows/release.yml
Weekly Installs
8
Repository
boshu2/agentopsFirst Seen
1 day ago
Security Audits
Installed on
mcpjam8
claude-code8
replit8
junie8
windsurf8
zencoder8