ecosystem-security
Security Ecosystem
This ecosystem ensures the security of the Agent Platform and all skills within it across three layers: pre-deployment audit, runtime protection, and continuous adaptive defense. Two core skills complement each other — one audits the skills, the other inspects the messages.
Ecosystem Map
PRE-DEPLOYMENT RUNTIME LEARNING
────────────── ───────────── ──────────
security-auditor → adaptive-guard → Rule engine
│ │ update
│ Audit │ K0-K4 │
│ Trust Score │ Gradual filter │ async
│ Guard rules │ LLM Judge │
▼ ▼ ▼
security-report.md guard-decision.json learned-rules.md
trust-score.md incident-report.md guard-metrics.md
Skill Catalog
🔍 security-auditor
What it does: Statically analyzes a SKILL.md file, detects security vulnerabilities, assigns a trust score, and generates runtime guard rules. Modes: Audit (static analysis) · Trust (authorization mapping) · Guard rule generation Input: A SKILL.md file or the entire ecosystem directory Output: security-report.md · trust-score.md · runtime-violations.md Triggers: When a new skill is written, updated, or prior to production deployment Next skill: adaptive-guard (receives the generated guard rules) Dependency: None — starting point
🛡️ adaptive-guard
What it does: Passes every incoming message through a 5-tier filter. Gradually deepens from K0 (cache) to K4 (human approval). Synthesizes generalized new rules from every detected attack. Adds less than 50ms latency to the main workflow. Modes: Realtime Guard · Learning Engine · Performance Monitoring Input: Incoming message + user profile + active rule set Output: guard-decision.json · learned-rules.md · guard-metrics.md Triggers: On every incoming message (automatic) · On attack detection Dependency: Guard rules generated by security-auditor (optional, operates with default rules if absent)
Skill Relationship Matrix
| security-auditor | adaptive-guard | |
|---|---|---|
| security-auditor | — | Feeds Guard rules |
| adaptive-guard | Sends rule updates | — |
Data Flow:
security-auditor audit output
→ trust-score.md (used by adaptive-guard as trust threshold)
→ security-report.md (added to adaptive-guard K1 rules)
adaptive-guard attack detection
→ incident-report.md (appended to security-auditor's next audit)
→ learned-rules.md (feedback loop to K1 static rules)
Supported Platforms
| Platform | security-auditor | adaptive-guard |
|---|---|---|
| Claude Code / claude.ai | ✅ Full | ✅ Full |
| Telegram Agent | ✅ Audit | ✅ K0-K3 |
| WhatsApp Agent | ✅ Audit | ✅ K0-K3 |
| CI/CD Pipeline | ✅ Audit | ⚠️ K0-K1 (speed-focused) |
| Local Dev | ✅ Full | ✅ K0-K2 (ML optional) |
Ecosystem Trigger Conditions
/security-ecosystem → Full ecosystem
@ecosystem-security → Triggers the orchestrator
Automatic triggers:
When a new skill is added → security-auditor (Audit + Trust)
When a message arrives → adaptive-guard (always)
When a skill is updated → security-auditor (re-audit)
When an attack is detected → Both (incident + rule update)
Ecosystem Metadata
start_point: security-auditor
runtime_skill: adaptive-guard
always_active: [adaptive-guard]
pre_deploy_mandatory: [security-auditor]
can_run_parallel: false # dependent on each other, sequential
security_level: critical
performance_impact: low # 50ms target
Expansion Roadmap
Skills to be added:
| Skill | Priority | Status |
|---|---|---|
| skill-integrity-checker | High | Planned |
| content-sanitizer | High | Planned |
| tool-call-auditor | Medium | Planned |
| behavioral-baseline | Medium | Research |
| chain-shadow-detector | Low | Research |
More from fatih-developer/fth-skills
task-decomposer
Break down large, complex, or ambiguous tasks into independent subtasks with dependency maps, execution order, and success criteria. Plan first, then execute step by step. Triggers on 'how should I do this', 'where do I start', 'plan the project', 'break it down', 'implement' or whenever a task involves multiple phases.
24context-compressor
Compress long conversation histories, large code files, research results, and documents by 70% without losing critical information. Triggers when context window fills up, when summarizing previous steps in multi-step tasks, before loading large files into context, or on 'summarize', 'compress', 'reduce context', 'save tokens'.
18multi-brain-debate
Two-round debate protocol where perspectives challenge each other before consensus. Round 1 presents independent positions, Round 2 allows counter-arguments and rebuttals. Produces battle-tested decisions for high-stakes choices.
17multi-brain-score
Confidence scoring overlay for multi-brain decisions. Each perspective rates its own confidence (1-10) with justification. Consensus uses scores as weights, flags low-confidence areas, and surfaces uncertainty explicitly.
15checkpoint-guardian
Automatic risk assessment before every critical action in agentic workflows. Detects irreversible operations (file deletion, database writes, deployments, payments), classifies risk level, and requires confirmation before proceeding. Triggers on destructive keywords like deploy, delete, send, publish, update database, process payment.
14parallel-planner
Analyze multi-step tasks to identify which steps can run in parallel, build dependency graphs, detect conflicts (write-write, read-write, resource contention), and produce optimized execution plans. Triggers on 3+ independent steps, 'speed up', 'run simultaneously', 'parallelize', 'optimize' or any task where sequential execution wastes time.
14