ReddRadar
Agent skill
V3 Security Overhaul
Complete security architecture overhaul for claude-flow v3. Addresses critical CVEs (CVE-1, CVE-2, CVE-3) and implements secure-by-default patterns. Use for security-first v3 implementation.
Install this agent skill to your Project
npx add-skill https://github.com/ruvnet/ruflo/tree/main/v3/@claude-flow/cli/.claude/skills/v3-security-overhaul
SKILL.md
V3 Security Overhaul
What This Skill Does
Orchestrates comprehensive security overhaul for claude-flow v3, addressing critical vulnerabilities and establishing security-first development practices using specialized v3 security agents.
Quick Start
# Initialize V3 security domain (parallel)
Task("Security architecture", "Design v3 threat model and security boundaries", "v3-security-architect")
Task("CVE remediation", "Fix CVE-1, CVE-2, CVE-3 critical vulnerabilities", "security-auditor")
Task("Security testing", "Implement TDD London School security framework", "test-architect")
Critical Security Fixes
CVE-1: Vulnerable Dependencies
npm update @anthropic-ai/claude-code@^2.0.31
npm audit --audit-level high
CVE-2: Weak Password Hashing
// ❌ Old: SHA-256 with hardcoded salt
const hash = crypto.createHash('sha256').update(password + salt).digest('hex');
// ✅ New: bcrypt with 12 rounds
import bcrypt from 'bcrypt';
const hash = await bcrypt.hash(password, 12);
CVE-3: Hardcoded Credentials
// ✅ Generate secure random credentials
const apiKey = crypto.randomBytes(32).toString('hex');
Security Patterns
Input Validation (Zod)
import { z } from 'zod';
const TaskSchema = z.object({
taskId: z.string().uuid(),
content: z.string().max(10000),
agentType: z.enum(['security', 'core', 'integration'])
});
Path Sanitization
function securePath(userPath: string, allowedPrefix: string): string {
const resolved = path.resolve(allowedPrefix, userPath);
if (!resolved.startsWith(path.resolve(allowedPrefix))) {
throw new SecurityError('Path traversal detected');
}
return resolved;
}
Safe Command Execution
import { execFile } from 'child_process';
// ✅ Safe: No shell interpretation
const { stdout } = await execFile('git', [userInput], { shell: false });
Success Metrics
- Security Score: 90/100 (npm audit + custom scans)
- CVE Resolution: 100% of critical vulnerabilities fixed
- Test Coverage: >95% security-critical code
- Implementation: All secure patterns documented and tested
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
ruvnet/ruflo
add-model-descriptions
Add descriptions for new models from the HuggingFace router to chat-ui configuration. Use when new models are released on the router and need descriptions added to prod.yaml and dev.yaml. Triggers on requests like "add new model descriptions", "update models from router", "sync models", or when explicitly invoking /add-model-descriptions.
ruvnet/ruflo
agent-swarm-pr
Agent skill for swarm-pr - invoke with $agent-swarm-pr
ruvnet/ruflo
agent-neural-network
Agent skill for neural-network - invoke with $agent-neural-network
ruvnet/ruflo
agent-performance-analyzer
Agent skill for performance-analyzer - invoke with $agent-performance-analyzer
ruvnet/ruflo
agent-researcher
Agent skill for researcher - invoke with $agent-researcher
ruvnet/ruflo
V3 Memory Unification
Unify 6+ memory systems into AgentDB with HNSW indexing for 150x-12,500x search improvements. Implements ADR-006 (Unified Memory Service) and ADR-009 (Hybrid Memory Backend).
Didn't find tool you were looking for?