Back to Details

skill-name

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese
<!-- PROGRESSIVE DISCLOSURE GUIDELINES: - Keep this SKILL.md file under 500 lines - Only include core workflows and common patterns here - Move detailed content to references/ directory - Link clearly to when references should be consulted - See: references/WORKFLOW_CHECKLIST.md for workflow pattern examples - Challenge every sentence: "Does Claude really need this?" -->
<!-- 渐进式披露指南: - 保持此SKILL.md文件不超过500行 - 仅在此处包含核心工作流和常见模式 - 将详细内容移至references/目录 - 明确链接到需要查阅参考资料的场景 - 示例见:references/WORKFLOW_CHECKLIST.md中的工作流模式示例 - 对每句话进行斟酌:“Claude真的需要这些内容吗?” -->

Skill Name

技能名称

Overview

概述

Brief overview of what this skill provides and its security operations context.
简要说明该技能提供的功能及其安全运维场景。

Quick Start

快速开始

Provide the minimal example to get started immediately:
bash
undefined
提供可立即上手的最简示例:
bash
undefined

Example command or workflow

示例命令或工作流

tool-name --option value
undefined
tool-name --option value
undefined

Core Workflow

核心工作流

Sequential Workflow

顺序工作流

For straightforward step-by-step operations:
  1. First action with specific command or operation
  2. Second action with expected output or validation
  3. Third action with decision points if needed
适用于简单的分步操作:
  1. 执行首个操作(含具体命令或操作步骤)
  2. 执行第二个操作并验证预期输出
  3. 如有需要,执行第三个操作并设置决策点

Workflow Checklist (for complex operations)

工作流检查清单(适用于复杂操作)

For complex multi-step operations, use a checkable workflow:
Progress: [ ] 1. Initial setup and configuration [ ] 2. Run primary security scan or analysis [ ] 3. Review findings and classify by severity [ ] 4. Apply remediation patterns [ ] 5. Validate fixes with re-scan [ ] 6. Document findings and generate report
Work through each step systematically. Check off completed items.
For more workflow patterns, see references/WORKFLOW_CHECKLIST.md
针对复杂的多步骤操作,使用可勾选的工作流:
进度: [ ] 1. 初始设置与配置 [ ] 2. 运行核心安全扫描或分析 [ ] 3. 查看发现结果并按严重程度分类 [ ] 4. 应用修复方案 [ ] 5. 重新扫描以验证修复效果 [ ] 6. 记录发现结果并生成报告
按系统顺序完成每个步骤,勾选已完成的项。
更多工作流模式,请查看references/WORKFLOW_CHECKLIST.md

Feedback Loop Pattern (for validation)

反馈循环模式(适用于验证场景)

When validation and iteration are needed:
  1. Generate initial output (configuration, code, etc.)
  2. Run validation: 
    ./scripts/validator_example.py output.yaml
  3. Review validation errors and warnings
  4. Fix identified issues
  5. Repeat steps 2-4 until validation passes
  6. Apply the validated output
Note: Move detailed validation criteria to 
references/
if complex.
当需要进行验证和迭代时:
  1. 生成初始输出(配置、代码等)
  2. 运行验证:
    ./scripts/validator_example.py output.yaml
  3. 查看验证错误与警告
  4. 修复已识别的问题
  5. 重复步骤2-4直至验证通过
  6. 应用已验证的输出
注意:若验证标准较为复杂,请将详细内容移至
references/
目录。

Security Considerations

安全注意事项

  • Sensitive Data Handling: Guidance on handling secrets, credentials, PII
  • Access Control: Required permissions and authorization contexts
  • Audit Logging: What should be logged for security auditing
  • Compliance: Relevant compliance requirements (SOC2, GDPR, etc.)
  • 敏感数据处理:关于密钥、凭证、PII(个人可识别信息)的处理指南
  • 访问控制:所需权限与授权场景
  • 审计日志:安全审计需记录的内容
  • 合规性:相关合规要求(如SOC2、GDPR等)

Bundled Resources

捆绑资源

Scripts (
scripts/
)

脚本(
scripts/
目录)

Executable scripts for deterministic operations. Use scripts for low-freedom operations requiring consistency.
  • example_script.py
    - Python script template with argparse, error handling, and JSON output
  • example_script.sh
    - Bash script template with argument parsing and colored output
  • validator_example.py
    - Validation script demonstrating feedback loop pattern
When to use scripts:
  • Deterministic operations that must be consistent
  • Complex parsing or data transformation
  • Validation and quality checks
用于确定性操作的可执行脚本。脚本适用于需要一致性的低自由度操作。
  • example_script.py
    - 带有argparse、错误处理和JSON输出的Python脚本模板
  • example_script.sh
    - 带有参数解析和彩色输出的Bash脚本模板
  • validator_example.py
    - 演示反馈循环模式的验证脚本
脚本适用场景
  • 必须保持一致性的确定性操作
  • 复杂解析或数据转换
  • 验证与质量检查

References (
references/
)

参考资料(
references/
目录)

On-demand documentation loaded when needed. Keep SKILL.md concise by moving detailed content here.
  • EXAMPLE.md
    - Template for reference documentation with security standards sections
  • WORKFLOW_CHECKLIST.md
    - Multiple workflow pattern examples (sequential, conditional, iterative, feedback loop)
When to use references:
  • Detailed framework mappings (OWASP, CWE, MITRE ATT&CK)
  • Advanced configuration options
  • Language-specific patterns
  • Content exceeding 100 lines
按需加载的文档。将详细内容移至此处可保持SKILL.md简洁。
  • EXAMPLE.md
    - 带有安全标准章节的参考文档模板
  • WORKFLOW_CHECKLIST.md
    - 多种工作流模式示例(顺序、条件、迭代、反馈循环)
参考资料适用场景
  • 详细的框架映射(OWASP、CWE、MITRE ATT&CK)
  • 高级配置选项
  • 特定语言模式
  • 内容超过100行的文档

Assets (
assets/
)

资源文件(
assets/
目录)

Templates and configuration files used in output (not loaded into context). These are referenced but not read until needed.
  • ci-config-template.yml
    - Security-enhanced CI/CD pipeline with SAST, dependency scanning, secrets detection
  • rule-template.yaml
    - Security rule template with OWASP/CWE mappings and remediation guidance
When to use assets:
  • Configuration templates
  • Policy templates
  • Boilerplate secure code
  • CI/CD pipeline examples
输出中使用的模板与配置文件(不会加载到上下文)。这些文件仅被引用,需用时才会读取。
  • ci-config-template.yml
    - 增强安全的CI/CD流水线模板,包含SAST、依赖项扫描、密钥检测
  • rule-template.yaml
    - 带有OWASP/CWE映射和修复指导的安全规则模板
资源文件适用场景
  • 配置模板
  • 策略模板
  • 安全代码样板
  • CI/CD流水线示例

Common Patterns

常见模式

Pattern 1: [Pattern Name]

模式1:[模式名称]

Description and example of common usage pattern.
常见使用模式的说明与示例。

Pattern 2: [Pattern Name]

模式2:[模式名称]

Additional patterns as needed.
按需添加更多模式。

Integration Points

集成点

  • CI/CD: How this integrates with build pipelines
  • Security Tools: Compatible security scanning/monitoring tools
  • SDLC: Where this fits in the secure development lifecycle
  • CI/CD:该技能与构建流水线的集成方式
  • 安全工具:兼容的安全扫描/监控工具
  • SDLC:该技能在安全开发生命周期中的位置

Troubleshooting

故障排除

Issue: [Common Problem]

问题:[常见问题]

Solution: Steps to resolve.
解决方案:解决步骤。

References

参考链接