ReddRadar
Agent skill
security
Install this agent skill to your Project
npx add-skill https://github.com/DNYoussef/context-cascade/tree/main/skills/security/security
SKILL.md
/============================================================================/ /* SECURITY SKILL :: VERILINGUA x VERIX EDITION / /============================================================================*/
name: security version: 2.2.0 description: | [assert|neutral] Security specialists hub for application security, vulnerability assessment, and secure coding. Routes to specialists for OWASP, penetration testing, and security hardening. Use for security audits, v [ground:given] [conf:0.95] [state:confirmed] category: security tags:
- general author: system cognitive_frame: primary: evidential goal_analysis: first_order: "Execute security workflow" second_order: "Ensure quality and consistency" third_order: "Enable systematic security processes"
/----------------------------------------------------------------------------/ /* S0 META-IDENTITY / /----------------------------------------------------------------------------*/
[define|neutral] SKILL := { name: "security", category: "security", version: "2.2.0", layer: L1 } [ground:given] [conf:1.0] [state:confirmed]
/----------------------------------------------------------------------------/ /* S1 COGNITIVE FRAME / /----------------------------------------------------------------------------*/
[define|neutral] COGNITIVE_FRAME := { frame: "Evidential", source: "Turkish", force: "How do you know?" } [ground:cognitive-science] [conf:0.92] [state:confirmed]
Kanitsal Cerceve (Evidential Frame Activation)
Kaynak dogrulama modu etkin.
/----------------------------------------------------------------------------/ /* S2 TRIGGER CONDITIONS / /----------------------------------------------------------------------------*/
[define|neutral] TRIGGER_POSITIVE := { keywords: ["security", "security", "workflow"], context: "user needs security capability" } [ground:given] [conf:1.0] [state:confirmed]
/----------------------------------------------------------------------------/ /* S3 CORE CONTENT / /----------------------------------------------------------------------------*/
Security
Kanitsal Cerceve (Evidential Frame Activation)
Kaynak dogrulama modu etkin.
Central hub for application security, vulnerability assessment, and secure coding practices.
Phase 0: Expertise Loading
expertise_check:
domain: security
file: .claude/expertise/security.yaml
if_exists:
- Load vulnerability patterns
- Load OWASP guidelines
- Apply security baselines
if_not_exists:
- Flag discovery mode
- Document patterns learned
Cognitive Frame Activation
Kanitsal Guvenlik Denetimi (Evidential Security Audit)
Every security finding MUST include evidence. No vulnerabilities without proof.
Evidence Structure:
vulnerability:
id: VULN-001
cve_cwe: "CWE-89 (SQL Injection)" or "CVE-2024-12345"
lokasyon: "[file:line] src/api/users.js:42"
kanit: |
Proof of concept:
curl -X POST /api/login -d "username=admin' OR '1'='1"
Result: Bypassed authentication
siddet: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (Score: 9.8)"
evidence_type: "[DOGRUDAN]"
Evidence Type Taxonomy:
- [DOGRUDAN] (Direct): Vulnerability directly exploited in testing
- Example: Successfully injected SQL, achieved RCE
- [CIKARIM] (Inferred): Pattern analysis suggests vulnerability
- Example: User input concatenated to query without sanitization
- [BILDIRILEN] (Reported): Scanner/tool detected issue
- Example: npm audit flagged CVE-2024-12345
Mandatory Fields:
- CVE/CWE: Standard vulnerability reference
- LOKASYON: Exact code location [file:line]
- KANIT: Proof of concept or exploit evidence
- SIDDET: CVSS score with vector breakdown
Al-Itar al-Sarfi lil-Amn (Security Attack Morphology)
Decompose attack vectors into root causes. Fix the ROOT, not symptoms.
Attack Vector Decomposition Template:
attack_morphology:
vector: "SQL Injection (A03:2021)"
decomposition:
ROOT:
type: "Insufficient Input Validation"
location: "src/db/queries.js"
pattern: "String concatenation in SQL queries"
DERIVED_1:
from: ROOT
type: "User-Controlled Query Parameter"
location: "req.body.username (unvalidated)"
DERIVED_2:
from: ROOT
type: "Missing Parameterized Queries"
location: "db.query() uses template literals"
DERIVED_3:
from: DERIVED_1
type: "No Allowlist Validation"
location: "Username accepts special characters"
remediation:
target: ROOT
fix: "Implement parameterized queries (prepared statements)"
cascading_fixes:
- "Add input validation schema (Joi/Yup)"
- "Implement allowlist for usernames"
- "Remove string concatenation in all queries"
why_not_symptom: |
Escaping special characters (DERIVED_3) treats symptom.
Using parameterized queries (ROOT) prevents vulnerability class.
Morphological Rules:
- Identify ROOT cause (the fundamental flaw)
- Map DERIVED vulnerabilities (cascading from ROOT)
- Target ROOT in remediation (fix once, prevent many)
- Explain why not symptom (justify root cause focus)
When to Use This Skill
Use security when:
- Auditing code for vulnerabilities
- Fixing security issues
- Implementing authentication/authorization
- Hardening infrastructure
- Security code review
Security Finding Template (Evidence-Based)
Use this template for ALL security findings:
finding:
id: "VULN-{number}"
title: "{Vulnerability Name}"
# EVIDENTIAL REQUIREMENTS (Turkish Frame)
evidence:
cve_cwe: "CWE-{number} ({Name})" # or CVE-YYYY-NNNNN
lokasyon: "[file:line] {path}:{line_number}"
kanit: |
{Proof of concept exploit}
{Test results showing vulnerability}
siddet: "CVSS:3.1/{vector_string} (Score: {0.0-10.0})"
evidence_type: "[DOGRUDAN|CIKARIM|BILDIRILEN]"
# MORPHOLOGICAL ANALYSIS (Arabic Frame)
attack_morphology:
vector: "{Attack Type} (OWASP {category})"
decomposition:
R
/*----------------------------------------------------------------------------*/
/* S4 SUCCESS CRITERIA */
/*----------------------------------------------------------------------------*/
[define|neutral] SUCCESS_CRITERIA := {
primary: "Skill execution completes successfully",
quality: "Output meets quality thresholds",
verification: "Results validated against requirements"
} [ground:given] [conf:1.0] [state:confirmed]
/*----------------------------------------------------------------------------*/
/* S5 MCP INTEGRATION */
/*----------------------------------------------------------------------------*/
[define|neutral] MCP_INTEGRATION := {
memory_mcp: "Store execution results and patterns",
tools: ["mcp__memory-mcp__memory_store", "mcp__memory-mcp__vector_search"]
} [ground:witnessed:mcp-config] [conf:0.95] [state:confirmed]
/*----------------------------------------------------------------------------*/
/* S6 MEMORY NAMESPACE */
/*----------------------------------------------------------------------------*/
[define|neutral] MEMORY_NAMESPACE := {
pattern: "skills/security/security/{project}/{timestamp}",
store: ["executions", "decisions", "patterns"],
retrieve: ["similar_tasks", "proven_patterns"]
} [ground:system-policy] [conf:1.0] [state:confirmed]
[define|neutral] MEMORY_TAGGING := {
WHO: "security-{session_id}",
WHEN: "ISO8601_timestamp",
PROJECT: "{project_name}",
WHY: "skill-execution"
} [ground:system-policy] [conf:1.0] [state:confirmed]
/*----------------------------------------------------------------------------*/
/* S7 SKILL COMPLETION VERIFICATION */
/*----------------------------------------------------------------------------*/
[direct|emphatic] COMPLETION_CHECKLIST := {
agent_spawning: "Spawn agents via Task()",
registry_validation: "Use registry agents only",
todowrite_called: "Track progress with TodoWrite",
work_delegation: "Delegate to specialized agents"
} [ground:system-policy] [conf:1.0] [state:confirmed]
/*----------------------------------------------------------------------------*/
/* S8 ABSOLUTE RULES */
/*----------------------------------------------------------------------------*/
[direct|emphatic] RULE_NO_UNICODE := forall(output): NOT(unicode_outside_ascii) [ground:windows-compatibility] [conf:1.0] [state:confirmed]
[direct|emphatic] RULE_EVIDENCE := forall(claim): has(ground) AND has(confidence) [ground:verix-spec] [conf:1.0] [state:confirmed]
[direct|emphatic] RULE_REGISTRY := forall(agent): agent IN AGENT_REGISTRY [ground:system-policy] [conf:1.0] [state:confirmed]
/*----------------------------------------------------------------------------*/
/* PROMISE */
/*----------------------------------------------------------------------------*/
[commit|confident] <promise>SECURITY_VERILINGUA_VERIX_COMPLIANT</promise> [ground:self-validation] [conf:0.99] [state:confirmed]
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
DNYoussef/context-cascade
cognitive-mode
Comprehensive cognitive mode management skill for the VERILINGUA x VERIX x DSPy x GlobalMOO integration. Enables automatic mode selection, frame configuration, VERIX epistemic notation, and GlobalMOO optimization. Use this skill when configuring AI behavior for specific task types, optimizing prompt engineering, or ensuring epistemic consistency in responses.
DNYoussef/context-cascade
bootstrap-loop
DNYoussef/context-cascade
fix-bug
Fix bug command
DNYoussef/context-cascade
clarity-linter
DNYoussef/context-cascade
dependencies
DNYoussef/context-cascade
when-mapping-dependencies-use-dependency-mapper
Didn't find tool you were looking for?