Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .claude/commands/analyze-cve.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Read and follow all instructions in skills/claude/security/cve-analyzer.md

Then analyze the CVE in: $ARGUMENTS

If no CVE ID or vulnerability details are specified, ask the user for the CVE identifier and their affected technology stack.
5 changes: 5 additions & 0 deletions .claude/commands/gen-detection-rule.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Read and follow all instructions in skills/claude/security/detection-rule-generator.md

Then generate a detection rule for: $ARGUMENTS

If no threat or attack scenario is specified, ask the user to describe the threat they want to detect and their SIEM platform.
5 changes: 5 additions & 0 deletions .claude/commands/gen-sbom.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Read and follow all instructions in skills/claude/developer/sbom-generator.md

Then generate an SBOM for: $ARGUMENTS

If no dependency manifest or project details are specified, ask the user to provide the manifest file and desired output format (SPDX or CycloneDX).
5 changes: 5 additions & 0 deletions .claude/commands/lint-dockerfile.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Read and follow all instructions in skills/claude/developer/dockerfile-security-linter.md

Then lint the Dockerfile or Docker Compose file in: $ARGUMENTS

If no file is specified, ask the user to paste the Dockerfile or Docker Compose content to review.
5 changes: 5 additions & 0 deletions .claude/commands/pr-checklist.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Read and follow all instructions in skills/claude/team/pr-security-checklist.md

Then generate a security review checklist for: $ARGUMENTS

If no PR diff or description is specified, ask the user to describe the changes or paste the diff.
5 changes: 5 additions & 0 deletions .claude/commands/review-api.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Read and follow all instructions in skills/claude/developer/secure-api-design-reviewer.md

Then review the API specification or design in: $ARGUMENTS

If no API spec is specified, ask the user to provide the OpenAPI/Swagger spec, GraphQL schema, or endpoint descriptions to review.
5 changes: 5 additions & 0 deletions .claude/commands/scaffold-auth.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Read and follow all instructions in skills/claude/developer/auth-flow-scaffolder.md

Then scaffold a secure authentication flow for: $ARGUMENTS

If no auth pattern or stack is specified, ask the user for their language/framework and the type of auth flow they need.
5 changes: 5 additions & 0 deletions .claude/commands/scan-iac.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Read and follow all instructions in skills/claude/cloud/iac-scanner.md

Then scan the infrastructure-as-code template in: $ARGUMENTS

If no file is specified, ask the user to paste the Terraform, CloudFormation, or other IaC template to review.
48 changes: 34 additions & 14 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,10 @@ Specialized security skill prompts organized by persona. Each skill is a standal
| **Dependency Auditor** | Audit dependency manifests for known vulnerabilities and suggest upgrades | [dependency-auditor.md](skills/claude/developer/dependency-auditor.md) |
| **Input Validation Generator** | Generate validation schemas and sanitization logic for endpoints and forms | [input-validation-generator.md](skills/claude/developer/input-validation-generator.md) |
| **CI/CD Security Hardener** | Review pipeline configs for secret leaks, injection risks, and excessive permissions | [cicd-security-hardener.md](skills/claude/developer/cicd-security-hardener.md) |
| **Auth Flow Scaffolder** | Scaffold secure OAuth2, OIDC, JWT, and session-based authentication flows | [auth-flow-scaffolder.md](skills/claude/developer/auth-flow-scaffolder.md) |
| **Dockerfile Security Linter** | Analyze Dockerfiles for root execution, unverified images, and secret leakage | [dockerfile-security-linter.md](skills/claude/developer/dockerfile-security-linter.md) |
| **SBOM Generator** | Produce Software Bill of Materials in SPDX or CycloneDX format for compliance | [sbom-generator.md](skills/claude/developer/sbom-generator.md) |
| **Secure API Design Reviewer** | Review OpenAPI specs for auth gaps, data exposure, and missing rate limiting | [secure-api-design-reviewer.md](skills/claude/developer/secure-api-design-reviewer.md) |

### Security Skills

Expand All @@ -123,12 +127,21 @@ Specialized security skill prompts organized by persona. Each skill is a standal
| **Threat Model Generator** | Produce structured threat models (STRIDE) from architecture descriptions | [threat-model-generator.md](skills/claude/security/threat-model-generator.md) |
| **Incident Response Playbook Builder** | Generate IR runbooks for specific incident scenarios | [incident-response-playbook-builder.md](skills/claude/security/incident-response-playbook-builder.md) |
| **Hardening Checklist Generator** | Produce CIS-benchmark-style hardening checklists for OS/service/cloud configs | [hardening-checklist-generator.md](skills/claude/security/hardening-checklist-generator.md) |
| **Detection Rule Generator** | Write SIEM detection rules in Sigma, Splunk SPL, and KQL from threat descriptions | [detection-rule-generator.md](skills/claude/security/detection-rule-generator.md) |
| **CVE Analyzer** | Summarize CVEs, assess stack-specific impact, and provide prioritized remediation | [cve-analyzer.md](skills/claude/security/cve-analyzer.md) |

### Cloud / Infrastructure Skills

| Skill | Description | File |
|-------|-------------|------|
| **IAM Policy Analyzer** | Review AWS/GCP/Azure IAM policies for over-permissive access | [iam-policy-analyzer.md](skills/claude/cloud/iam-policy-analyzer.md) |
| **IaC Scanner** | Review Terraform and CloudFormation for public exposure, missing encryption, and IAM risks | [iac-scanner.md](skills/claude/cloud/iac-scanner.md) |

### Team Lead Skills

| Skill | Description | File |
|-------|-------------|------|
| **PR Security Review Checklist** | Generate security-focused PR review checklists tailored to the diff and change type | [pr-security-checklist.md](skills/claude/team/pr-security-checklist.md) |

### User Skills

Expand Down Expand Up @@ -164,10 +177,11 @@ skillvault/
├── README.md
└── skills/
└── claude/
├── developer/ # Developer-focused skills
├── security/ # Security professional skills
├── cloud/ # Cloud/infrastructure skills
└── user/ # Non-technical user skills
├── developer/ # Developer-focused skills (9 skills)
├── security/ # Security professional skills (5 skills)
├── cloud/ # Cloud/infrastructure skills (2 skills)
├── team/ # Team lead / engineering manager skills (1 skill)
└── user/ # Non-technical user skills (1 skill)
```

See [ideation.md](ideation.md) for the full skill ideation map with 40+ planned skills across 5 personas.
Expand Down Expand Up @@ -226,16 +240,22 @@ Auto-detection is built in — `skillvault init` detects any of these and offers

### Next Skills (from [ideation.md](ideation.md))

| Skill | Persona | Priority |
|-------|---------|----------|
| Auth Flow Scaffolder | Developer | High |
| Dockerfile Security Linter | Developer | High |
| Detection Rule Generator (Sigma/SPL/KQL) | Security | High |
| IaC Scanner (Terraform/CloudFormation) | Cloud | High |
| SBOM Generator | Developer | Medium |
| CVE Analyzer | Security | Medium |
| Secure API Design Reviewer | Developer | Medium |
| PR Security Review Checklist | Team Lead | Medium |
| Skill | Persona | Priority | Status |
|-------|---------|----------|--------|
| Auth Flow Scaffolder | Developer | High | Shipped |
| Dockerfile Security Linter | Developer | High | Shipped |
| Detection Rule Generator (Sigma/SPL/KQL) | Security | High | Shipped |
| IaC Scanner (Terraform/CloudFormation) | Cloud | High | Shipped |
| SBOM Generator | Developer | Medium | Shipped |
| CVE Analyzer | Security | Medium | Shipped |
| Secure API Design Reviewer | Developer | Medium | Shipped |
| PR Security Review Checklist | Team Lead | Medium | Shipped |
| Attack Surface Mapper | Security | High | Planned |
| Network Security Reviewer | Cloud | High | Planned |
| Cloud Misconfiguration Scanner | Cloud | High | Planned |
| Parameterized Query Converter | Developer | Medium | Planned |
| Log Analysis Assistant | Security | Medium | Planned |
| Policy & Compliance Drafter | Security | Medium | Planned |

---

Expand Down
15 changes: 15 additions & 0 deletions ideation.md
Original file line number Diff line number Diff line change
Expand Up @@ -160,12 +160,27 @@ Ranked by frequency x impact x automation potential x persona reach x gap in exi
| 9 | **Phishing Email Analyzer** | Regular User | [skills/claude/user/phishing-email-analyzer.md](skills/claude/user/phishing-email-analyzer.md) |
| 10 | **Hardening Checklist Generator** | Security, Cloud/Infra | [skills/claude/security/hardening-checklist-generator.md](skills/claude/security/hardening-checklist-generator.md) |

## Phase 2 Skills (Shipped)

| # | Skill | Persona(s) | File |
|---|-------|-----------|------|
| 11 | **Auth Flow Scaffolder** | Developer | [skills/claude/developer/auth-flow-scaffolder.md](skills/claude/developer/auth-flow-scaffolder.md) |
| 12 | **Dockerfile Security Linter** | Developer, Security | [skills/claude/developer/dockerfile-security-linter.md](skills/claude/developer/dockerfile-security-linter.md) |
| 13 | **Detection Rule Generator** | Security | [skills/claude/security/detection-rule-generator.md](skills/claude/security/detection-rule-generator.md) |
| 14 | **IaC Scanner** | Developer, Security, Cloud/Infra | [skills/claude/cloud/iac-scanner.md](skills/claude/cloud/iac-scanner.md) |
| 15 | **SBOM Generator** | Developer, Security | [skills/claude/developer/sbom-generator.md](skills/claude/developer/sbom-generator.md) |
| 16 | **CVE Analyzer** | Security, Developer | [skills/claude/security/cve-analyzer.md](skills/claude/security/cve-analyzer.md) |
| 17 | **Secure API Design Reviewer** | Developer, Security | [skills/claude/developer/secure-api-design-reviewer.md](skills/claude/developer/secure-api-design-reviewer.md) |
| 18 | **PR Security Review Checklist** | Team Lead, Developer, Security | [skills/claude/team/pr-security-checklist.md](skills/claude/team/pr-security-checklist.md) |

---

## Next Steps

- [x] Prioritize top 10 skills across personas
- [x] Define input/output format for each skill (what does the user provide, what does the agent return?)
- [x] Build prototype prompts for highest-priority skills
- [x] Implement Phase 2 skills (Auth Flow Scaffolder, Dockerfile Linter, Detection Rules, IaC Scanner, SBOM Generator, CVE Analyzer, API Design Reviewer, PR Checklist)
- [ ] Test against real-world scenarios and edge cases
- [ ] Package as reusable Claude.md instructions or project-level skill files
- [ ] Implement Phase 3 skills (Attack Surface Mapper, Network Security Reviewer, Cloud Misconfiguration Scanner, Log Analysis Assistant, Policy & Compliance Drafter)
8 changes: 8 additions & 0 deletions lib/installer.js
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,19 @@ const SKILLS = [
{ name: "Dependency Auditor", slug: "audit-deps", category: "developer", file: "dependency-auditor.md", command: "audit-deps.md" },
{ name: "Input Validation Generator", slug: "gen-validation", category: "developer", file: "input-validation-generator.md", command: "gen-validation.md" },
{ name: "CI/CD Security Hardener", slug: "harden-cicd", category: "developer", file: "cicd-security-hardener.md", command: "harden-cicd.md" },
{ name: "Auth Flow Scaffolder", slug: "scaffold-auth", category: "developer", file: "auth-flow-scaffolder.md", command: "scaffold-auth.md" },
{ name: "Dockerfile Security Linter", slug: "lint-dockerfile", category: "developer", file: "dockerfile-security-linter.md", command: "lint-dockerfile.md" },
{ name: "SBOM Generator", slug: "gen-sbom", category: "developer", file: "sbom-generator.md", command: "gen-sbom.md" },
{ name: "Secure API Design Reviewer", slug: "review-api", category: "developer", file: "secure-api-design-reviewer.md", command: "review-api.md" },
{ name: "Threat Model Generator", slug: "threat-model", category: "security", file: "threat-model-generator.md", command: "threat-model.md" },
{ name: "Incident Response Playbook Builder", slug: "ir-playbook", category: "security", file: "incident-response-playbook-builder.md", command: "ir-playbook.md" },
{ name: "Hardening Checklist Generator", slug: "harden-checklist", category: "security", file: "hardening-checklist-generator.md", command: "harden-checklist.md" },
{ name: "Detection Rule Generator", slug: "gen-detection-rule", category: "security", file: "detection-rule-generator.md", command: "gen-detection-rule.md" },
{ name: "CVE Analyzer", slug: "analyze-cve", category: "security", file: "cve-analyzer.md", command: "analyze-cve.md" },
{ name: "IAM Policy Analyzer", slug: "analyze-iam", category: "cloud", file: "iam-policy-analyzer.md", command: "analyze-iam.md" },
{ name: "IaC Scanner", slug: "scan-iac", category: "cloud", file: "iac-scanner.md", command: "scan-iac.md" },
{ name: "Phishing Email Analyzer", slug: "check-phishing", category: "user", file: "phishing-email-analyzer.md", command: "check-phishing.md" },
{ name: "PR Security Review Checklist", slug: "pr-checklist", category: "team", file: "pr-security-checklist.md", command: "pr-checklist.md" },
];

// ── Platform Registry ────────────────────────────────────────────────────────
Expand Down
Loading