playbooks

home / skills / questnova502 / claude-skills-sync / senior-security

senior-security skill

/skills/senior-security

This skill provides automated threat modeling, security auditing, and pentest automation to strengthen architecture, compliance, and defense-in-depth across

npx playbooks add skill questnova502/claude-skills-sync --skill senior-security

Review the files below or copy the command above to add this skill to your agents.

Files (7)
SKILL.md
4.4 KB
---
name: senior-security
description: Comprehensive security engineering skill for application security, penetration testing, security architecture, and compliance auditing. Includes security assessment tools, threat modeling, crypto implementation, and security automation. Use when designing security architecture, conducting penetration tests, implementing cryptography, or performing security audits.
---

# Senior Security

Complete toolkit for senior security with modern tools and best practices.

## Quick Start

### Main Capabilities

This skill provides three core capabilities through automated scripts:

```bash
# Script 1: Threat Modeler
python scripts/threat_modeler.py [options]

# Script 2: Security Auditor
python scripts/security_auditor.py [options]

# Script 3: Pentest Automator
python scripts/pentest_automator.py [options]
```

## Core Capabilities

### 1. Threat Modeler

Automated tool for threat modeler tasks.

**Features:**
- Automated scaffolding
- Best practices built-in
- Configurable templates
- Quality checks

**Usage:**
```bash
python scripts/threat_modeler.py <project-path> [options]
```

### 2. Security Auditor

Comprehensive analysis and optimization tool.

**Features:**
- Deep analysis
- Performance metrics
- Recommendations
- Automated fixes

**Usage:**
```bash
python scripts/security_auditor.py <target-path> [--verbose]
```

### 3. Pentest Automator

Advanced tooling for specialized tasks.

**Features:**
- Expert-level automation
- Custom configurations
- Integration ready
- Production-grade output

**Usage:**
```bash
python scripts/pentest_automator.py [arguments] [options]
```

## Reference Documentation

### Security Architecture Patterns

Comprehensive guide available in `references/security_architecture_patterns.md`:

- Detailed patterns and practices
- Code examples
- Best practices
- Anti-patterns to avoid
- Real-world scenarios

### Penetration Testing Guide

Complete workflow documentation in `references/penetration_testing_guide.md`:

- Step-by-step processes
- Optimization strategies
- Tool integrations
- Performance tuning
- Troubleshooting guide

### Cryptography Implementation

Technical reference guide in `references/cryptography_implementation.md`:

- Technology stack details
- Configuration examples
- Integration patterns
- Security considerations
- Scalability guidelines

## Tech Stack

**Languages:** TypeScript, JavaScript, Python, Go, Swift, Kotlin
**Frontend:** React, Next.js, React Native, Flutter
**Backend:** Node.js, Express, GraphQL, REST APIs
**Database:** PostgreSQL, Prisma, NeonDB, Supabase
**DevOps:** Docker, Kubernetes, Terraform, GitHub Actions, CircleCI
**Cloud:** AWS, GCP, Azure

## Development Workflow

### 1. Setup and Configuration

```bash
# Install dependencies
npm install
# or
pip install -r requirements.txt

# Configure environment
cp .env.example .env
```

### 2. Run Quality Checks

```bash
# Use the analyzer script
python scripts/security_auditor.py .

# Review recommendations
# Apply fixes
```

### 3. Implement Best Practices

Follow the patterns and practices documented in:
- `references/security_architecture_patterns.md`
- `references/penetration_testing_guide.md`
- `references/cryptography_implementation.md`

## Best Practices Summary

### Code Quality
- Follow established patterns
- Write comprehensive tests
- Document decisions
- Review regularly

### Performance
- Measure before optimizing
- Use appropriate caching
- Optimize critical paths
- Monitor in production

### Security
- Validate all inputs
- Use parameterized queries
- Implement proper authentication
- Keep dependencies updated

### Maintainability
- Write clear code
- Use consistent naming
- Add helpful comments
- Keep it simple

## Common Commands

```bash
# Development
npm run dev
npm run build
npm run test
npm run lint

# Analysis
python scripts/security_auditor.py .
python scripts/pentest_automator.py --analyze

# Deployment
docker build -t app:latest .
docker-compose up -d
kubectl apply -f k8s/
```

## Troubleshooting

### Common Issues

Check the comprehensive troubleshooting section in `references/cryptography_implementation.md`.

### Getting Help

- Review reference documentation
- Check script output messages
- Consult tech stack documentation
- Review error logs

## Resources

- Pattern Reference: `references/security_architecture_patterns.md`
- Workflow Guide: `references/penetration_testing_guide.md`
- Technical Guide: `references/cryptography_implementation.md`
- Tool Scripts: `scripts/` directory

Overview

This skill is a comprehensive security engineering toolkit for senior practitioners focused on application security, penetration testing, security architecture, cryptography, and compliance auditing. It bundles automated scripts, reference guides, and best-practice workflows to accelerate assessments, hardening, and secure design. Use it to introduce repeatable, production-grade security processes into development and operations.

How this skill works

The skill exposes automated scripts for threat modeling, deep security auditing, and penetration test automation that scan code, configurations, and runtime artifacts. It generates scaffolded threat models, prioritizes findings, offers remediation recommendations and automated fixes where safe, and supports custom configuration for complex environments. Reference guides and patterns explain architecture choices, cryptographic implementations, and testing workflows to help convert findings into concrete design and code changes.

When to use it

  • Designing or reviewing security architecture for new systems or major features
  • Performing a security audit or automated code/configuration analysis before release
  • Running repeatable penetration tests and targeted attack simulations
  • Implementing or validating cryptographic components and key management
  • Preparing for compliance audits or security assessments

Best practices

  • Run threat modeling early and iterate as design changes
  • Automate baseline security checks in CI/CD and fail fast on high-risk findings
  • Prioritize fixes by likelihood and impact, and track mitigations to closure
  • Use vetted cryptographic primitives and centralize key management
  • Keep dependencies and tooling up to date and validate tool results with manual review

Example use cases

  • Generate a project-specific threat model and actionable checklist before development sprints
  • Automate an overnight security audit across a microservice fleet and collect prioritized fix guidance
  • Run a scripted penetration test against staging and produce a reproducible report for stakeholders
  • Validate cryptographic configurations and migration plans during a platform upgrade
  • Integrate security auditor into CI to prevent regressions and enforce guardrails

FAQ

Can this skill run in CI/CD pipelines?

Yes. The scripts are designed to be automated and can be invoked from CI pipelines to run audits, generate reports, and block merges on defined policies.

Does it provide automated fixes?

The auditor suggests automated fixes for low-risk configuration issues and can apply them where safe; high-risk or design issues are surfaced as recommendations requiring manual review.

Is the cryptography guidance production-ready?

The references contain implementation patterns, configuration examples, and scalability notes intended for production but should be reviewed by cryptography experts for critical systems.