Skills
skills/rand/cc-polymath/discover-security

discover-security

SKILL.md

Security Skills Discovery

Provides automatic access to comprehensive application security, vulnerability assessment, and security best practices skills.

When This Skill Activates

This skill auto-activates when you're working with:

  • Authentication and authorization systems
  • Input validation and sanitization
  • Security headers (CSP, HSTS, CORS)
  • Vulnerability scanning and penetration testing
  • OWASP Top 10 vulnerabilities
  • Secrets management (Vault, AWS Secrets Manager)
  • SQL injection, XSS, or other attack prevention
  • Security hardening and compliance
  • Password hashing and credential management
  • API security and access control

Available Skills

Quick Reference

The Security category contains 6 specialized skills:

  1. authentication - Authentication patterns (JWT, OAuth2, sessions, MFA, password security)
  2. authorization - Access control (RBAC, ABAC, policy engines, permissions)
  3. input-validation - Input validation and sanitization (SQL injection, XSS, command injection)
  4. security-headers - HTTP security headers (CSP, HSTS, X-Frame-Options, CORS)
  5. vulnerability-assessment - Security testing (OWASP Top 10, scanning tools, pentesting)
  6. secrets-management - Secrets handling (Vault, AWS Secrets Manager, key rotation)

Load Full Category Details

For complete descriptions and workflows:

Read ../security/INDEX.md

This loads the full Security category index with:

  • Detailed skill descriptions
  • Usage triggers for each skill
  • Common workflow combinations
  • Cross-references to related skills

Load Specific Skills

Load individual skills as needed:

Identity and access

Read ../security/authentication.md Read ../security/authorization.md

Input security

Read ../security/input-validation.md Read ../security/security-headers.md

Security operations

Read ../security/vulnerability-assessment.md Read ../security/secrets-management.md

Common Workflows

Secure Web Application

Sequence: Authentication → Authorization → Input validation → Security headers

Read ../security/authentication.md # User login Read ../security/authorization.md # Access control Read ../security/input-validation.md # XSS/SQL injection prevention Read ../security/security-headers.md # Browser protection

Security Audit

Sequence: Vulnerability assessment → Input validation → Headers → Secrets

Read ../security/vulnerability-assessment.md # OWASP Top 10 testing Read ../security/input-validation.md # Injection testing Read ../security/security-headers.md # Header configuration Read ../security/secrets-management.md # Credential security

API Security

Sequence: Authentication → Authorization → Input validation → Secrets

Read ../security/authentication.md # JWT/OAuth2 Read ../security/authorization.md # API access control Read ../security/input-validation.md # Request validation Read ../security/secrets-management.md # API key management

DevSecOps Pipeline

Sequence: Vulnerability assessment → Secrets → Input validation

Read ../security/vulnerability-assessment.md # Security scanning Read ../security/secrets-management.md # CI/CD secrets Read ../security/input-validation.md # SAST validation

Secure New Application

Full security implementation from scratch:

1. Identity and access

Read ../security/authentication.md Read ../security/authorization.md

2. Input protection

Read ../security/input-validation.md Read ../security/security-headers.md

3. Operations

Read ../security/secrets-management.md Read ../security/vulnerability-assessment.md

Skill Selection Guide

Choose Authentication when:

  • Implementing user login systems
  • Working with JWT, OAuth2, or sessions
  • Adding multi-factor authentication
  • Managing passwords and credentials

Choose Authorization when:

  • Implementing access control
  • Building role-based permissions (RBAC)
  • Working with policy engines (OPA, Casbin)
  • Preventing privilege escalation

Choose Input Validation when:

  • Processing user input
  • Preventing SQL injection
  • Protecting against XSS attacks
  • Validating file uploads
  • Preventing command injection

Choose Security Headers when:

  • Configuring Content Security Policy (CSP)
  • Implementing HTTPS enforcement (HSTS)
  • Setting up CORS for APIs
  • Preventing clickjacking
  • Hardening web applications

Choose Vulnerability Assessment when:

  • Testing for OWASP Top 10
  • Running security scans (SAST/DAST)
  • Performing penetration tests
  • Auditing application security
  • Setting up security CI/CD

Choose Secrets Management when:

  • Storing API keys or credentials
  • Integrating with HashiCorp Vault
  • Using AWS Secrets Manager or GCP Secret Manager
  • Rotating encryption keys
  • Managing CI/CD secrets

Integration with Other Skills

Security skills commonly combine with:

API skills (discover-api):

  • API authentication and authorization
  • API input validation
  • API rate limiting (abuse prevention)
  • Securing REST and GraphQL endpoints

Database skills (discover-database):

  • SQL injection prevention
  • Database connection security
  • Credential management
  • Row-level security

Frontend skills (discover-frontend):

  • XSS prevention in React/Vue
  • Content Security Policy
  • Secure cookie handling
  • Client-side validation

Infrastructure skills (discover-infrastructure, discover-cloud):

  • Secrets management in deployments
  • Network security
  • Container security scanning
  • TLS/SSL configuration

Testing skills (discover-testing):

  • Security integration tests
  • Penetration testing
  • Automated security scans
  • Vulnerability regression tests

Usage Instructions

  1. Auto-activation: This skill loads automatically when Claude Code detects security-related work
  2. Browse skills: Run Read ../security/INDEX.md for full category overview
  3. Load specific skills: Use bash commands above to load individual skills
  4. Follow workflows: Use recommended sequences for common security patterns
  5. Combine skills: Load multiple skills for comprehensive security coverage

Progressive Loading

This gateway skill (~200 lines, ~2K tokens) enables progressive loading:

  • Level 1: Gateway loads automatically (you're here now)
  • Level 2: Load category INDEX.md (~3K tokens) for full overview
  • Level 3: Load specific skills (~2-4K tokens each) as needed

Total context: 2K + 3K + skill(s) = 5-12K tokens vs 30K+ for entire index.

Quick Start Examples

"Implement user authentication": Read ../security/authentication.md

"Add role-based access control": Read ../security/authorization.md

"Prevent SQL injection": Read ../security/input-validation.md

"Configure Content Security Policy": Read ../security/security-headers.md

"Test for OWASP vulnerabilities": Read ../security/vulnerability-assessment.md

"Integrate HashiCorp Vault": Read ../security/secrets-management.md

"Secure API with JWT": Read ../security/authentication.md Read ../security/authorization.md

Next Steps: Run Read ../security/INDEX.md to see full category details, or load specific skills using the bash commands above.

Weekly Installs
31
Repository
rand/cc-polymath
GitHub Stars
80
First Seen
Jan 23, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
claude-code24
opencode22
codex21
gemini-cli21
github-copilot18
antigravity16