{ "schemaVersion": "1.0", "item": { "slug": "senior-security", "name": "Senior Security", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/alirezarezvani/senior-security", "canonicalUrl": "https://clawhub.ai/alirezarezvani/senior-security", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/senior-security", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=senior-security", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "references/cryptography-implementation.md", "references/security-architecture-patterns.md", "references/threat-modeling-guide.md", "scripts/secret_scanner.py", "scripts/threat_modeler.py" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-07T17:22:31.273Z", "expiresAt": "2026-05-14T17:22:31.273Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentDisposition": "attachment; filename=\"afrexai-annual-report-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/senior-security" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/senior-security", "agentPageUrl": "https://openagent3.xyz/skills/senior-security/agent", "manifestUrl": "https://openagent3.xyz/skills/senior-security/agent.json", "briefUrl": "https://openagent3.xyz/skills/senior-security/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Senior Security Engineer", "body": "Security engineering tools for threat modeling, vulnerability analysis, secure architecture design, and penetration testing." }, { "title": "Table of Contents", "body": "Threat Modeling Workflow\nSecurity Architecture Workflow\nVulnerability Assessment Workflow\nSecure Code Review Workflow\nIncident Response Workflow\nSecurity Tools Reference\nTools and References" }, { "title": "Threat Modeling Workflow", "body": "Identify and analyze security threats using STRIDE methodology." }, { "title": "Workflow: Conduct Threat Model", "body": "Define system scope and boundaries:\n\nIdentify assets to protect\nMap trust boundaries\nDocument data flows\n\n\nCreate data flow diagram:\n\nExternal entities (users, services)\nProcesses (application components)\nData stores (databases, caches)\nData flows (APIs, network connections)\n\n\nApply STRIDE to each DFD element (see STRIDE per Element Matrix below)\nScore risks using DREAD:\n\nDamage potential (1-10)\nReproducibility (1-10)\nExploitability (1-10)\nAffected users (1-10)\nDiscoverability (1-10)\n\n\nPrioritize threats by risk score\nDefine mitigations for each threat\nDocument in threat model report\nValidation: All DFD elements analyzed; STRIDE applied; threats scored; mitigations mapped" }, { "title": "STRIDE Threat Categories", "body": "CategorySecurity PropertyMitigation FocusSpoofingAuthenticationMFA, certificates, strong authTamperingIntegritySigning, checksums, validationRepudiationNon-repudiationAudit logs, digital signaturesInformation DisclosureConfidentialityEncryption, access controlsDenial of ServiceAvailabilityRate limiting, redundancyElevation of PrivilegeAuthorizationRBAC, least privilege" }, { "title": "STRIDE per Element Matrix", "body": "DFD ElementSTRIDEExternal EntityXXProcessXXXXXXData StoreXXXXData FlowXXX\n\nSee: references/threat-modeling-guide.md" }, { "title": "Security Architecture Workflow", "body": "Design secure systems using defense-in-depth principles." }, { "title": "Workflow: Design Secure Architecture", "body": "Define security requirements:\n\nCompliance requirements (GDPR, HIPAA, PCI-DSS)\nData classification (public, internal, confidential, restricted)\nThreat model inputs\n\n\nApply defense-in-depth layers:\n\nPerimeter: WAF, DDoS protection, rate limiting\nNetwork: Segmentation, IDS/IPS, mTLS\nHost: Patching, EDR, hardening\nApplication: Input validation, authentication, secure coding\nData: Encryption at rest and in transit\n\n\nImplement Zero Trust principles:\n\nVerify explicitly (every request)\nLeast privilege access (JIT/JEA)\nAssume breach (segment, monitor)\n\n\nConfigure authentication and authorization:\n\nIdentity provider selection\nMFA requirements\nRBAC/ABAC model\n\n\nDesign encryption strategy:\n\nKey management approach\nAlgorithm selection\nCertificate lifecycle\n\n\nPlan security monitoring:\n\nLog aggregation\nSIEM integration\nAlerting rules\n\n\nDocument architecture decisions\nValidation: Defense-in-depth layers defined; Zero Trust applied; encryption strategy documented; monitoring planned" }, { "title": "Defense-in-Depth Layers", "body": "Layer 1: PERIMETER\n WAF, DDoS mitigation, DNS filtering, rate limiting\n\nLayer 2: NETWORK\n Segmentation, IDS/IPS, network monitoring, VPN, mTLS\n\nLayer 3: HOST\n Endpoint protection, OS hardening, patching, logging\n\nLayer 4: APPLICATION\n Input validation, authentication, secure coding, SAST\n\nLayer 5: DATA\n Encryption at rest/transit, access controls, DLP, backup" }, { "title": "Authentication Pattern Selection", "body": "Use CaseRecommended PatternWeb applicationOAuth 2.0 + PKCE with OIDCAPI authenticationJWT with short expiration + refresh tokensService-to-servicemTLS with certificate rotationCLI/AutomationAPI keys with IP allowlistingHigh securityFIDO2/WebAuthn hardware keys\n\nSee: references/security-architecture-patterns.md" }, { "title": "Vulnerability Assessment Workflow", "body": "Identify and remediate security vulnerabilities in applications." }, { "title": "Workflow: Conduct Vulnerability Assessment", "body": "Define assessment scope:\n\nIn-scope systems and applications\nTesting methodology (black box, gray box, white box)\nRules of engagement\n\n\nGather information:\n\nTechnology stack inventory\nArchitecture documentation\nPrevious vulnerability reports\n\n\nPerform automated scanning:\n\nSAST (static analysis)\nDAST (dynamic analysis)\nDependency scanning\nSecret detection\n\n\nConduct manual testing:\n\nBusiness logic flaws\nAuthentication bypass\nAuthorization issues\nInjection vulnerabilities\n\n\nClassify findings by severity:\n\nCritical: Immediate exploitation risk\nHigh: Significant impact, easier to exploit\nMedium: Moderate impact or difficulty\nLow: Minor impact\n\n\nDevelop remediation plan:\n\nPrioritize by risk\nAssign owners\nSet deadlines\n\n\nVerify fixes and document\nValidation: Scope defined; automated and manual testing complete; findings classified; remediation tracked\n\nFor OWASP Top 10 vulnerability descriptions and testing guidance, refer to owasp.org/Top10." }, { "title": "Vulnerability Severity Matrix", "body": "Impact \\ ExploitabilityEasyModerateDifficultCriticalCriticalCriticalHighHighCriticalHighMediumMediumHighMediumLowLowMediumLowLow" }, { "title": "Secure Code Review Workflow", "body": "Review code for security vulnerabilities before deployment." }, { "title": "Workflow: Conduct Security Code Review", "body": "Establish review scope:\n\nChanged files and functions\nSecurity-sensitive areas (auth, crypto, input handling)\nThird-party integrations\n\n\nRun automated analysis:\n\nSAST tools (Semgrep, CodeQL, Bandit)\nSecret scanning\nDependency vulnerability check\n\n\nReview authentication code:\n\nPassword handling (hashing, storage)\nSession management\nToken validation\n\n\nReview authorization code:\n\nAccess control checks\nRBAC implementation\nPrivilege boundaries\n\n\nReview data handling:\n\nInput validation\nOutput encoding\nSQL query construction\nFile path handling\n\n\nReview cryptographic code:\n\nAlgorithm selection\nKey management\nRandom number generation\n\n\nDocument findings with severity\nValidation: Automated scans passed; auth/authz reviewed; data handling checked; crypto verified; findings documented" }, { "title": "Security Code Review Checklist", "body": "CategoryCheckRiskInput ValidationAll user input validated and sanitizedInjectionOutput EncodingContext-appropriate encoding appliedXSSAuthenticationPasswords hashed with Argon2/bcryptCredential theftSessionSecure cookie flags set (HttpOnly, Secure, SameSite)Session hijackingAuthorizationServer-side permission checks on all endpointsPrivilege escalationSQLParameterized queries used exclusivelySQL injectionFile AccessPath traversal sequences rejectedPath traversalSecretsNo hardcoded credentials or keysInformation disclosureDependenciesKnown vulnerable packages updatedSupply chainLoggingSensitive data not loggedInformation disclosure" }, { "title": "Secure vs Insecure Patterns", "body": "PatternIssueSecure AlternativeSQL string formattingSQL injectionUse parameterized queries with placeholdersShell command buildingCommand injectionUse subprocess with argument lists, no shellPath concatenationPath traversalValidate and canonicalize pathsMD5/SHA1 for passwordsWeak hashingUse Argon2id or bcryptMath.random for tokensPredictable valuesUse crypto.getRandomValues" }, { "title": "Inline Code Examples", "body": "SQL Injection — insecure vs. secure (Python):\n\n# ❌ Insecure: string formatting allows SQL injection\nquery = f\"SELECT * FROM users WHERE username = '{username}'\"\ncursor.execute(query)\n\n# ✅ Secure: parameterized query — user input never interpreted as SQL\nquery = \"SELECT * FROM users WHERE username = %s\"\ncursor.execute(query, (username,))\n\nPassword Hashing with Argon2id (Python):\n\nfrom argon2 import PasswordHasher\n\nph = PasswordHasher() # uses secure defaults (time_cost, memory_cost)\n\n# On registration\nhashed = ph.hash(plain_password)\n\n# On login — raises argon2.exceptions.VerifyMismatchError on failure\nph.verify(hashed, plain_password)\n\nSecret Scanning — core pattern matching (Python):\n\nimport re, pathlib\n\nSECRET_PATTERNS = {\n \"aws_access_key\": re.compile(r\"AKIA[0-9A-Z]{16}\"),\n \"github_token\": re.compile(r\"ghp_[A-Za-z0-9]{36}\"),\n \"private_key\": re.compile(r\"-----BEGIN (RSA |EC )?PRIVATE KEY-----\"),\n \"generic_secret\": re.compile(r'(?i)(password|secret|api_key)\\s*=\\s*[\"\\']?\\S{8,}'),\n}\n\ndef scan_file(path: pathlib.Path) -> list[dict]:\n findings = []\n for lineno, line in enumerate(path.read_text(errors=\"replace\").splitlines(), 1):\n for name, pattern in SECRET_PATTERNS.items():\n if pattern.search(line):\n findings.append({\"file\": str(path), \"line\": lineno, \"type\": name})\n return findings" }, { "title": "Incident Response Workflow", "body": "Respond to and contain security incidents." }, { "title": "Workflow: Handle Security Incident", "body": "Identify and triage:\n\nValidate incident is genuine\nAssess initial scope and severity\nActivate incident response team\n\n\nContain the threat:\n\nIsolate affected systems\nBlock malicious IPs/accounts\nDisable compromised credentials\n\n\nEradicate root cause:\n\nRemove malware/backdoors\nPatch vulnerabilities\nUpdate configurations\n\n\nRecover operations:\n\nRestore from clean backups\nVerify system integrity\nMonitor for recurrence\n\n\nConduct post-mortem:\n\nTimeline reconstruction\nRoot cause analysis\nLessons learned\n\n\nImplement improvements:\n\nUpdate detection rules\nEnhance controls\nUpdate runbooks\n\n\nDocument and report\nValidation: Threat contained; root cause eliminated; systems recovered; post-mortem complete; improvements implemented" }, { "title": "Incident Severity Levels", "body": "LevelResponse TimeEscalationP1 - Critical (active breach/exfiltration)ImmediateCISO, Legal, ExecutiveP2 - High (confirmed, contained)1 hourSecurity Lead, IT DirectorP3 - Medium (potential, under investigation)4 hoursSecurity TeamP4 - Low (suspicious, low impact)24 hoursOn-call engineer" }, { "title": "Incident Response Checklist", "body": "PhaseActionsIdentificationValidate alert, assess scope, determine severityContainmentIsolate systems, preserve evidence, block accessEradicationRemove threat, patch vulnerabilities, reset credentialsRecoveryRestore services, verify integrity, increase monitoringLessons LearnedDocument timeline, identify gaps, update procedures" }, { "title": "Recommended Security Tools", "body": "CategoryToolsSASTSemgrep, CodeQL, Bandit (Python), ESLint security pluginsDASTOWASP ZAP, Burp Suite, NiktoDependency ScanningSnyk, Dependabot, npm audit, pip-auditSecret DetectionGitLeaks, TruffleHog, detect-secretsContainer SecurityTrivy, Clair, AnchoreInfrastructureCheckov, tfsec, ScoutSuiteNetworkWireshark, Nmap, MasscanPenetrationMetasploit, sqlmap, Burp Suite Pro" }, { "title": "Cryptographic Algorithm Selection", "body": "Use CaseAlgorithmKey SizeSymmetric encryptionAES-256-GCM256 bitsPassword hashingArgon2idN/A (use defaults)Message authenticationHMAC-SHA256256 bitsDigital signaturesEd25519256 bitsKey exchangeX25519256 bitsTLSTLS 1.3N/A\n\nSee: references/cryptography-implementation.md" }, { "title": "Scripts", "body": "ScriptPurposethreat_modeler.pySTRIDE threat analysis with DREAD risk scoring; JSON and text output; interactive guided modesecret_scanner.pyDetect hardcoded secrets and credentials across 20+ patterns; CI/CD integration ready\n\nFor usage, see the inline code examples in Secure Code Review Workflow and the script source files directly." }, { "title": "References", "body": "DocumentContentsecurity-architecture-patterns.mdZero Trust, defense-in-depth, authentication patterns, API securitythreat-modeling-guide.mdSTRIDE methodology, attack trees, DREAD scoring, DFD creationcryptography-implementation.mdAES-GCM, RSA, Ed25519, password hashing, key management" }, { "title": "Security Headers Checklist", "body": "HeaderRecommended ValueContent-Security-Policydefault-src self; script-src selfX-Frame-OptionsDENYX-Content-Type-OptionsnosniffStrict-Transport-Securitymax-age=31536000; includeSubDomainsReferrer-Policystrict-origin-when-cross-originPermissions-Policygeolocation=(), microphone=(), camera=()\n\nFor compliance framework requirements (OWASP ASVS, CIS Benchmarks, NIST CSF, PCI-DSS, HIPAA, SOC 2), refer to the respective official documentation." }, { "title": "Related Skills", "body": "SkillIntegration Pointsenior-devopsCI/CD security, infrastructure hardeningsenior-secopsSecurity monitoring, incident responsesenior-backendSecure API developmentsenior-architectSecurity architecture decisions" } ], "body": "Senior Security Engineer\n\nSecurity engineering tools for threat modeling, vulnerability analysis, secure architecture design, and penetration testing.\n\nTable of Contents\nThreat Modeling Workflow\nSecurity Architecture Workflow\nVulnerability Assessment Workflow\nSecure Code Review Workflow\nIncident Response Workflow\nSecurity Tools Reference\nTools and References\nThreat Modeling Workflow\n\nIdentify and analyze security threats using STRIDE methodology.\n\nWorkflow: Conduct Threat Model\nDefine system scope and boundaries:\nIdentify assets to protect\nMap trust boundaries\nDocument data flows\nCreate data flow diagram:\nExternal entities (users, services)\nProcesses (application components)\nData stores (databases, caches)\nData flows (APIs, network connections)\nApply STRIDE to each DFD element (see STRIDE per Element Matrix below)\nScore risks using DREAD:\nDamage potential (1-10)\nReproducibility (1-10)\nExploitability (1-10)\nAffected users (1-10)\nDiscoverability (1-10)\nPrioritize threats by risk score\nDefine mitigations for each threat\nDocument in threat model report\nValidation: All DFD elements analyzed; STRIDE applied; threats scored; mitigations mapped\nSTRIDE Threat Categories\nCategory\tSecurity Property\tMitigation Focus\nSpoofing\tAuthentication\tMFA, certificates, strong auth\nTampering\tIntegrity\tSigning, checksums, validation\nRepudiation\tNon-repudiation\tAudit logs, digital signatures\nInformation Disclosure\tConfidentiality\tEncryption, access controls\nDenial of Service\tAvailability\tRate limiting, redundancy\nElevation of Privilege\tAuthorization\tRBAC, least privilege\nSTRIDE per Element Matrix\nDFD Element\tS\tT\tR\tI\tD\tE\nExternal Entity\tX\t\tX\t\t\t\nProcess\tX\tX\tX\tX\tX\tX\nData Store\t\tX\tX\tX\tX\t\nData Flow\t\tX\t\tX\tX\t\n\nSee: references/threat-modeling-guide.md\n\nSecurity Architecture Workflow\n\nDesign secure systems using defense-in-depth principles.\n\nWorkflow: Design Secure Architecture\nDefine security requirements:\nCompliance requirements (GDPR, HIPAA, PCI-DSS)\nData classification (public, internal, confidential, restricted)\nThreat model inputs\nApply defense-in-depth layers:\nPerimeter: WAF, DDoS protection, rate limiting\nNetwork: Segmentation, IDS/IPS, mTLS\nHost: Patching, EDR, hardening\nApplication: Input validation, authentication, secure coding\nData: Encryption at rest and in transit\nImplement Zero Trust principles:\nVerify explicitly (every request)\nLeast privilege access (JIT/JEA)\nAssume breach (segment, monitor)\nConfigure authentication and authorization:\nIdentity provider selection\nMFA requirements\nRBAC/ABAC model\nDesign encryption strategy:\nKey management approach\nAlgorithm selection\nCertificate lifecycle\nPlan security monitoring:\nLog aggregation\nSIEM integration\nAlerting rules\nDocument architecture decisions\nValidation: Defense-in-depth layers defined; Zero Trust applied; encryption strategy documented; monitoring planned\nDefense-in-Depth Layers\nLayer 1: PERIMETER\n WAF, DDoS mitigation, DNS filtering, rate limiting\n\nLayer 2: NETWORK\n Segmentation, IDS/IPS, network monitoring, VPN, mTLS\n\nLayer 3: HOST\n Endpoint protection, OS hardening, patching, logging\n\nLayer 4: APPLICATION\n Input validation, authentication, secure coding, SAST\n\nLayer 5: DATA\n Encryption at rest/transit, access controls, DLP, backup\n\nAuthentication Pattern Selection\nUse Case\tRecommended Pattern\nWeb application\tOAuth 2.0 + PKCE with OIDC\nAPI authentication\tJWT with short expiration + refresh tokens\nService-to-service\tmTLS with certificate rotation\nCLI/Automation\tAPI keys with IP allowlisting\nHigh security\tFIDO2/WebAuthn hardware keys\n\nSee: references/security-architecture-patterns.md\n\nVulnerability Assessment Workflow\n\nIdentify and remediate security vulnerabilities in applications.\n\nWorkflow: Conduct Vulnerability Assessment\nDefine assessment scope:\nIn-scope systems and applications\nTesting methodology (black box, gray box, white box)\nRules of engagement\nGather information:\nTechnology stack inventory\nArchitecture documentation\nPrevious vulnerability reports\nPerform automated scanning:\nSAST (static analysis)\nDAST (dynamic analysis)\nDependency scanning\nSecret detection\nConduct manual testing:\nBusiness logic flaws\nAuthentication bypass\nAuthorization issues\nInjection vulnerabilities\nClassify findings by severity:\nCritical: Immediate exploitation risk\nHigh: Significant impact, easier to exploit\nMedium: Moderate impact or difficulty\nLow: Minor impact\nDevelop remediation plan:\nPrioritize by risk\nAssign owners\nSet deadlines\nVerify fixes and document\nValidation: Scope defined; automated and manual testing complete; findings classified; remediation tracked\n\nFor OWASP Top 10 vulnerability descriptions and testing guidance, refer to owasp.org/Top10.\n\nVulnerability Severity Matrix\nImpact \\ Exploitability\tEasy\tModerate\tDifficult\nCritical\tCritical\tCritical\tHigh\nHigh\tCritical\tHigh\tMedium\nMedium\tHigh\tMedium\tLow\nLow\tMedium\tLow\tLow\nSecure Code Review Workflow\n\nReview code for security vulnerabilities before deployment.\n\nWorkflow: Conduct Security Code Review\nEstablish review scope:\nChanged files and functions\nSecurity-sensitive areas (auth, crypto, input handling)\nThird-party integrations\nRun automated analysis:\nSAST tools (Semgrep, CodeQL, Bandit)\nSecret scanning\nDependency vulnerability check\nReview authentication code:\nPassword handling (hashing, storage)\nSession management\nToken validation\nReview authorization code:\nAccess control checks\nRBAC implementation\nPrivilege boundaries\nReview data handling:\nInput validation\nOutput encoding\nSQL query construction\nFile path handling\nReview cryptographic code:\nAlgorithm selection\nKey management\nRandom number generation\nDocument findings with severity\nValidation: Automated scans passed; auth/authz reviewed; data handling checked; crypto verified; findings documented\nSecurity Code Review Checklist\nCategory\tCheck\tRisk\nInput Validation\tAll user input validated and sanitized\tInjection\nOutput Encoding\tContext-appropriate encoding applied\tXSS\nAuthentication\tPasswords hashed with Argon2/bcrypt\tCredential theft\nSession\tSecure cookie flags set (HttpOnly, Secure, SameSite)\tSession hijacking\nAuthorization\tServer-side permission checks on all endpoints\tPrivilege escalation\nSQL\tParameterized queries used exclusively\tSQL injection\nFile Access\tPath traversal sequences rejected\tPath traversal\nSecrets\tNo hardcoded credentials or keys\tInformation disclosure\nDependencies\tKnown vulnerable packages updated\tSupply chain\nLogging\tSensitive data not logged\tInformation disclosure\nSecure vs Insecure Patterns\nPattern\tIssue\tSecure Alternative\nSQL string formatting\tSQL injection\tUse parameterized queries with placeholders\nShell command building\tCommand injection\tUse subprocess with argument lists, no shell\nPath concatenation\tPath traversal\tValidate and canonicalize paths\nMD5/SHA1 for passwords\tWeak hashing\tUse Argon2id or bcrypt\nMath.random for tokens\tPredictable values\tUse crypto.getRandomValues\nInline Code Examples\n\nSQL Injection — insecure vs. secure (Python):\n\n# ❌ Insecure: string formatting allows SQL injection\nquery = f\"SELECT * FROM users WHERE username = '{username}'\"\ncursor.execute(query)\n\n# ✅ Secure: parameterized query — user input never interpreted as SQL\nquery = \"SELECT * FROM users WHERE username = %s\"\ncursor.execute(query, (username,))\n\n\nPassword Hashing with Argon2id (Python):\n\nfrom argon2 import PasswordHasher\n\nph = PasswordHasher() # uses secure defaults (time_cost, memory_cost)\n\n# On registration\nhashed = ph.hash(plain_password)\n\n# On login — raises argon2.exceptions.VerifyMismatchError on failure\nph.verify(hashed, plain_password)\n\n\nSecret Scanning — core pattern matching (Python):\n\nimport re, pathlib\n\nSECRET_PATTERNS = {\n \"aws_access_key\": re.compile(r\"AKIA[0-9A-Z]{16}\"),\n \"github_token\": re.compile(r\"ghp_[A-Za-z0-9]{36}\"),\n \"private_key\": re.compile(r\"-----BEGIN (RSA |EC )?PRIVATE KEY-----\"),\n \"generic_secret\": re.compile(r'(?i)(password|secret|api_key)\\s*=\\s*[\"\\']?\\S{8,}'),\n}\n\ndef scan_file(path: pathlib.Path) -> list[dict]:\n findings = []\n for lineno, line in enumerate(path.read_text(errors=\"replace\").splitlines(), 1):\n for name, pattern in SECRET_PATTERNS.items():\n if pattern.search(line):\n findings.append({\"file\": str(path), \"line\": lineno, \"type\": name})\n return findings\n\nIncident Response Workflow\n\nRespond to and contain security incidents.\n\nWorkflow: Handle Security Incident\nIdentify and triage:\nValidate incident is genuine\nAssess initial scope and severity\nActivate incident response team\nContain the threat:\nIsolate affected systems\nBlock malicious IPs/accounts\nDisable compromised credentials\nEradicate root cause:\nRemove malware/backdoors\nPatch vulnerabilities\nUpdate configurations\nRecover operations:\nRestore from clean backups\nVerify system integrity\nMonitor for recurrence\nConduct post-mortem:\nTimeline reconstruction\nRoot cause analysis\nLessons learned\nImplement improvements:\nUpdate detection rules\nEnhance controls\nUpdate runbooks\nDocument and report\nValidation: Threat contained; root cause eliminated; systems recovered; post-mortem complete; improvements implemented\nIncident Severity Levels\nLevel\tResponse Time\tEscalation\nP1 - Critical (active breach/exfiltration)\tImmediate\tCISO, Legal, Executive\nP2 - High (confirmed, contained)\t1 hour\tSecurity Lead, IT Director\nP3 - Medium (potential, under investigation)\t4 hours\tSecurity Team\nP4 - Low (suspicious, low impact)\t24 hours\tOn-call engineer\nIncident Response Checklist\nPhase\tActions\nIdentification\tValidate alert, assess scope, determine severity\nContainment\tIsolate systems, preserve evidence, block access\nEradication\tRemove threat, patch vulnerabilities, reset credentials\nRecovery\tRestore services, verify integrity, increase monitoring\nLessons Learned\tDocument timeline, identify gaps, update procedures\nSecurity Tools Reference\nRecommended Security Tools\nCategory\tTools\nSAST\tSemgrep, CodeQL, Bandit (Python), ESLint security plugins\nDAST\tOWASP ZAP, Burp Suite, Nikto\nDependency Scanning\tSnyk, Dependabot, npm audit, pip-audit\nSecret Detection\tGitLeaks, TruffleHog, detect-secrets\nContainer Security\tTrivy, Clair, Anchore\nInfrastructure\tCheckov, tfsec, ScoutSuite\nNetwork\tWireshark, Nmap, Masscan\nPenetration\tMetasploit, sqlmap, Burp Suite Pro\nCryptographic Algorithm Selection\nUse Case\tAlgorithm\tKey Size\nSymmetric encryption\tAES-256-GCM\t256 bits\nPassword hashing\tArgon2id\tN/A (use defaults)\nMessage authentication\tHMAC-SHA256\t256 bits\nDigital signatures\tEd25519\t256 bits\nKey exchange\tX25519\t256 bits\nTLS\tTLS 1.3\tN/A\n\nSee: references/cryptography-implementation.md\n\nTools and References\nScripts\nScript\tPurpose\nthreat_modeler.py\tSTRIDE threat analysis with DREAD risk scoring; JSON and text output; interactive guided mode\nsecret_scanner.py\tDetect hardcoded secrets and credentials across 20+ patterns; CI/CD integration ready\n\nFor usage, see the inline code examples in Secure Code Review Workflow and the script source files directly.\n\nReferences\nDocument\tContent\nsecurity-architecture-patterns.md\tZero Trust, defense-in-depth, authentication patterns, API security\nthreat-modeling-guide.md\tSTRIDE methodology, attack trees, DREAD scoring, DFD creation\ncryptography-implementation.md\tAES-GCM, RSA, Ed25519, password hashing, key management\nSecurity Standards Reference\nSecurity Headers Checklist\nHeader\tRecommended Value\nContent-Security-Policy\tdefault-src self; script-src self\nX-Frame-Options\tDENY\nX-Content-Type-Options\tnosniff\nStrict-Transport-Security\tmax-age=31536000; includeSubDomains\nReferrer-Policy\tstrict-origin-when-cross-origin\nPermissions-Policy\tgeolocation=(), microphone=(), camera=()\n\nFor compliance framework requirements (OWASP ASVS, CIS Benchmarks, NIST CSF, PCI-DSS, HIPAA, SOC 2), refer to the respective official documentation.\n\nRelated Skills\nSkill\tIntegration Point\nsenior-devops\tCI/CD security, infrastructure hardening\nsenior-secops\tSecurity monitoring, incident response\nsenior-backend\tSecure API development\nsenior-architect\tSecurity architecture decisions" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/alirezarezvani/senior-security", "publisherUrl": "https://clawhub.ai/alirezarezvani/senior-security", "owner": "alirezarezvani", "version": "2.1.1", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/senior-security", "downloadUrl": "https://openagent3.xyz/downloads/senior-security", "agentUrl": "https://openagent3.xyz/skills/senior-security/agent", "manifestUrl": "https://openagent3.xyz/skills/senior-security/agent.json", "briefUrl": "https://openagent3.xyz/skills/senior-security/agent.md" } }