Back to Details

discover-security

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Security Skills Discovery

安全技能发现

Provides automatic access to comprehensive application security, vulnerability assessment, and security best practices skills.
可自动获取全面的应用安全、漏洞评估以及安全最佳实践相关技能。

When This Skill Activates

本技能激活场景

This skill auto-activates when you're working with:
  • Authentication and authorization systems
  • Input validation and sanitization
  • Security headers (CSP, HSTS, CORS)
  • Vulnerability scanning and penetration testing
  • OWASP Top 10 vulnerabilities
  • Secrets management (Vault, AWS Secrets Manager)
  • SQL injection, XSS, or other attack prevention
  • Security hardening and compliance
  • Password hashing and credential management
  • API security and access control
当你处理以下工作时,本技能会自动激活:
  • 身份验证与授权系统
  • 输入验证与清理
  • 安全标头(CSP、HSTS、CORS)
  • 漏洞扫描与渗透测试
  • OWASP Top 10漏洞
  • 密钥管理(Vault、AWS Secrets Manager)
  • SQL注入、XSS或其他攻击防护
  • 安全加固与合规
  • 密码哈希与凭证管理
  • API安全与访问控制

Available Skills

可用技能

Quick Reference

快速参考

The Security category contains 6 specialized skills:
  1. authentication - Authentication patterns (JWT, OAuth2, sessions, MFA, password security)
  2. authorization - Access control (RBAC, ABAC, policy engines, permissions)
  3. input-validation - Input validation and sanitization (SQL injection, XSS, command injection)
  4. security-headers - HTTP security headers (CSP, HSTS, X-Frame-Options, CORS)
  5. vulnerability-assessment - Security testing (OWASP Top 10, scanning tools, pentesting)
  6. secrets-management - Secrets handling (Vault, AWS Secrets Manager, key rotation)
安全类别包含6项专业技能:
  1. authentication - 身份验证模式(JWT、OAuth2、会话、MFA、密码安全)
  2. authorization - 访问控制(RBAC、ABAC、策略引擎、权限管理)
  3. input-validation - 输入验证与清理(SQL注入、XSS、命令注入防护)
  4. security-headers - HTTP安全标头(CSP、HSTS、X-Frame-Options、CORS)
  5. vulnerability-assessment - 安全测试(OWASP Top 10、扫描工具、渗透测试)
  6. secrets-management - 密钥处理(Vault、AWS Secrets Manager、密钥轮换)

Load Full Category Details

加载完整类别详情

For complete descriptions and workflows:
Read <cc-polymath-root>/skills/security/INDEX.md
This loads the full Security category index with:
  • Detailed skill descriptions
  • Usage triggers for each skill
  • Common workflow combinations
  • Cross-references to related skills
如需完整描述与工作流:
阅读 <cc-polymath-root>/skills/security/INDEX.md
加载完整的安全类别索引后,你将获得:
  • 详细的技能描述
  • 各项技能的触发场景
  • 常见工作流组合
  • 相关技能的交叉引用

Load Specific Skills

加载特定技能

Load individual skills as needed:
按需加载单个技能:

Identity and access

身份与访问

Read <cc-polymath-root>/skills/security/authentication.md Read <cc-polymath-root>/skills/security/authorization.md
阅读 <cc-polymath-root>/skills/security/authentication.md 阅读 <cc-polymath-root>/skills/security/authorization.md

Input security

输入安全

Read <cc-polymath-root>/skills/security/input-validation.md Read <cc-polymath-root>/skills/security/security-headers.md
阅读 <cc-polymath-root>/skills/security/input-validation.md 阅读 <cc-polymath-root>/skills/security/security-headers.md

Security operations

安全运维

Read <cc-polymath-root>/skills/security/vulnerability-assessment.md Read <cc-polymath-root>/skills/security/secrets-management.md
阅读 <cc-polymath-root>/skills/security/vulnerability-assessment.md 阅读 <cc-polymath-root>/skills/security/secrets-management.md

Common Workflows

常见工作流

Secure Web Application

安全Web应用

Sequence: Authentication → Authorization → Input validation → Security headers
Read <cc-polymath-root>/skills/security/authentication.md # User login Read <cc-polymath-root>/skills/security/authorization.md # Access control Read <cc-polymath-root>/skills/security/input-validation.md # XSS/SQL injection prevention Read <cc-polymath-root>/skills/security/security-headers.md # Browser protection
流程:身份验证 → 授权 → 输入验证 → 安全标头
阅读 <cc-polymath-root>/skills/security/authentication.md # 用户登录 阅读 <cc-polymath-root>/skills/security/authorization.md # 访问控制 阅读 <cc-polymath-root>/skills/security/input-validation.md # XSS/SQL注入防护 阅读 <cc-polymath-root>/skills/security/security-headers.md # 浏览器防护

Security Audit

安全审计

Sequence: Vulnerability assessment → Input validation → Headers → Secrets
Read <cc-polymath-root>/skills/security/vulnerability-assessment.md # OWASP Top 10 testing Read <cc-polymath-root>/skills/security/input-validation.md # Injection testing Read <cc-polymath-root>/skills/security/security-headers.md # Header configuration Read <cc-polymath-root>/skills/security/secrets-management.md # Credential security
流程:漏洞评估 → 输入验证 → 标头配置 → 密钥管理
阅读 <cc-polymath-root>/skills/security/vulnerability-assessment.md # OWASP Top 10测试 阅读 <cc-polymath-root>/skills/security/input-validation.md # 注入测试 阅读 <cc-polymath-root>/skills/security/security-headers.md # 标头配置 阅读 <cc-polymath-root>/skills/security/secrets-management.md # 凭证安全

API Security

API安全

Sequence: Authentication → Authorization → Input validation → Secrets
Read <cc-polymath-root>/skills/security/authentication.md # JWT/OAuth2 Read <cc-polymath-root>/skills/security/authorization.md # API access control Read <cc-polymath-root>/skills/security/input-validation.md # Request validation Read <cc-polymath-root>/skills/security/secrets-management.md # API key management
流程:身份验证 → 授权 → 输入验证 → 密钥管理
阅读 <cc-polymath-root>/skills/security/authentication.md # JWT/OAuth2 阅读 <cc-polymath-root>/skills/security/authorization.md # API访问控制 阅读 <cc-polymath-root>/skills/security/input-validation.md # 请求验证 阅读 <cc-polymath-root>/skills/security/secrets-management.md # API密钥管理

DevSecOps Pipeline

DevSecOps流水线

Sequence: Vulnerability assessment → Secrets → Input validation
Read <cc-polymath-root>/skills/security/vulnerability-assessment.md # Security scanning Read <cc-polymath-root>/skills/security/secrets-management.md # CI/CD secrets Read <cc-polymath-root>/skills/security/input-validation.md # SAST validation
流程:漏洞评估 → 密钥管理 → 输入验证
阅读 <cc-polymath-root>/skills/security/vulnerability-assessment.md # 安全扫描 阅读 <cc-polymath-root>/skills/security/secrets-management.md # CI/CD密钥 阅读 <cc-polymath-root>/skills/security/input-validation.md # SAST验证

Secure New Application

新建安全应用

Full security implementation from scratch:
从零开始的完整安全实现

1. Identity and access

1. 身份与访问

Read <cc-polymath-root>/skills/security/authentication.md Read <cc-polymath-root>/skills/security/authorization.md
阅读 <cc-polymath-root>/skills/security/authentication.md 阅读 <cc-polymath-root>/skills/security/authorization.md

2. Input protection

2. 输入防护

Read <cc-polymath-root>/skills/security/input-validation.md Read <cc-polymath-root>/skills/security/security-headers.md
阅读 <cc-polymath-root>/skills/security/input-validation.md 阅读 <cc-polymath-root>/skills/security/security-headers.md

3. Operations

3. 运维安全

Read <cc-polymath-root>/skills/security/secrets-management.md Read <cc-polymath-root>/skills/security/vulnerability-assessment.md
阅读 <cc-polymath-root>/skills/security/secrets-management.md 阅读 <cc-polymath-root>/skills/security/vulnerability-assessment.md

Skill Selection Guide

技能选择指南

Choose Authentication when:
  • Implementing user login systems
  • Working with JWT, OAuth2, or sessions
  • Adding multi-factor authentication
  • Managing passwords and credentials
Choose Authorization when:
  • Implementing access control
  • Building role-based permissions (RBAC)
  • Working with policy engines (OPA, Casbin)
  • Preventing privilege escalation
Choose Input Validation when:
  • Processing user input
  • Preventing SQL injection
  • Protecting against XSS attacks
  • Validating file uploads
  • Preventing command injection
Choose Security Headers when:
  • Configuring Content Security Policy (CSP)
  • Implementing HTTPS enforcement (HSTS)
  • Setting up CORS for APIs
  • Preventing clickjacking
  • Hardening web applications
Choose Vulnerability Assessment when:
  • Testing for OWASP Top 10
  • Running security scans (SAST/DAST)
  • Performing penetration tests
  • Auditing application security
  • Setting up security CI/CD
Choose Secrets Management when:
  • Storing API keys or credentials
  • Integrating with HashiCorp Vault
  • Using AWS Secrets Manager or GCP Secret Manager
  • Rotating encryption keys
  • Managing CI/CD secrets
选择Authentication技能场景
  • 实现用户登录系统
  • 处理JWT、OAuth2或会话相关工作
  • 添加多因素身份验证
  • 管理密码与凭证
选择Authorization技能场景
  • 实现访问控制
  • 构建基于角色的权限(RBAC)
  • 处理策略引擎(OPA、Casbin)
  • 防止权限提升
选择Input Validation技能场景
  • 处理用户输入
  • 防止SQL注入
  • 防护XSS攻击
  • 验证文件上传
  • 防止命令注入
选择Security Headers技能场景
  • 配置内容安全策略(CSP)
  • 实施HTTPS强制(HSTS)
  • 为API设置CORS
  • 防止点击劫持
  • 加固Web应用
选择Vulnerability Assessment技能场景
  • 测试OWASP Top 10漏洞
  • 运行安全扫描(SAST/DAST)
  • 执行渗透测试
  • 审计应用安全
  • 搭建安全CI/CD流水线
选择Secrets Management技能场景
  • 存储API密钥或凭证
  • 集成HashiCorp Vault
  • 使用AWS Secrets Manager或GCP Secret Manager
  • 轮换加密密钥
  • 管理CI/CD密钥

Integration with Other Skills

与其他技能的集成

Security skills commonly combine with:
API skills (
discover-api
):
  • API authentication and authorization
  • API input validation
  • API rate limiting (abuse prevention)
  • Securing REST and GraphQL endpoints
Database skills (
discover-database
):
  • SQL injection prevention
  • Database connection security
  • Credential management
  • Row-level security
Frontend skills (
discover-frontend
):
  • XSS prevention in React/Vue
  • Content Security Policy
  • Secure cookie handling
  • Client-side validation
Infrastructure skills (
discover-infrastructure
, 
discover-cloud
):
  • Secrets management in deployments
  • Network security
  • Container security scanning
  • TLS/SSL configuration
Testing skills (
discover-testing
):
  • Security integration tests
  • Penetration testing
  • Automated security scans
  • Vulnerability regression tests
安全技能通常与以下技能结合使用:
API技能 (
discover-api
):
  • API身份验证与授权
  • API输入验证
  • API速率限制(滥用防护)
  • 加固REST与GraphQL端点
数据库技能 (
discover-database
):
  • SQL注入防护
  • 数据库连接安全
  • 凭证管理
  • 行级安全
前端技能 (
discover-frontend
):
  • React/Vue中的XSS防护
  • 内容安全策略
  • 安全Cookie处理
  • 客户端验证
基础设施技能 (
discover-infrastructure
, 
discover-cloud
):
  • 部署中的密钥管理
  • 网络安全
  • 容器安全扫描
  • TLS/SSL配置
测试技能 (
discover-testing
):
  • 安全集成测试
  • 渗透测试
  • 自动化安全扫描
  • 漏洞回归测试

Usage Instructions

使用说明

  1. Auto-activation: This skill loads automatically when Claude Code detects security-related work
  2. Browse skills: Run 
    Read <cc-polymath-root>/skills/security/INDEX.md
    for full category overview
  3. Load specific skills: Use bash commands above to load individual skills
  4. Follow workflows: Use recommended sequences for common security patterns
  5. Combine skills: Load multiple skills for comprehensive security coverage
  1. 自动激活:当Claude Code检测到安全相关工作时,本技能会自动加载
  2. 浏览技能:运行
    Read <cc-polymath-root>/skills/security/INDEX.md
    查看完整类别概述
  3. 加载特定技能:使用上述bash命令加载单个技能
  4. 遵循工作流:针对常见安全场景使用推荐的流程
  5. 组合技能:加载多个技能以实现全面的安全覆盖

Progressive Loading

渐进式加载

This gateway skill (~200 lines, ~2K tokens) enables progressive loading:
  • Level 1: Gateway loads automatically (you're here now)
  • Level 2: Load category INDEX.md (~3K tokens) for full overview
  • Level 3: Load specific skills (~2-4K tokens each) as needed
Total context: 2K + 3K + skill(s) = 5-12K tokens vs 30K+ for entire index.
这个网关技能(约200行,约2K tokens)支持渐进式加载:
  • Level 1:网关自动加载(当前页面)
  • Level 2:加载类别INDEX.md(约3K tokens)获取完整概述
  • Level 3:按需加载特定技能(每个约2-4K tokens)
总上下文大小:2K + 3K + 技能内容 = 5-12K tokens,相比完整索引的30K+ tokens更轻量化。

Quick Start Examples

快速开始示例

"Implement user authentication": Read <cc-polymath-root>/skills/security/authentication.md
"Add role-based access control": Read <cc-polymath-root>/skills/security/authorization.md
"Prevent SQL injection": Read <cc-polymath-root>/skills/security/input-validation.md
"Configure Content Security Policy": Read <cc-polymath-root>/skills/security/security-headers.md
"Test for OWASP vulnerabilities": Read <cc-polymath-root>/skills/security/vulnerability-assessment.md
"Integrate HashiCorp Vault": Read <cc-polymath-root>/skills/security/secrets-management.md
"Secure API with JWT": Read <cc-polymath-root>/skills/security/authentication.md Read <cc-polymath-root>/skills/security/authorization.md
Next Steps: Run 
Read <cc-polymath-root>/skills/security/INDEX.md
to see full category details, or load specific skills using the bash commands above.
"实现用户身份验证": 阅读 <cc-polymath-root>/skills/security/authentication.md
"添加基于角色的访问控制": 阅读 <cc-polymath-root>/skills/security/authorization.md
"防止SQL注入": 阅读 <cc-polymath-root>/skills/security/input-validation.md
"配置内容安全策略(CSP)": 阅读 <cc-polymath-root>/skills/security/security-headers.md
"测试OWASP漏洞": 阅读 <cc-polymath-root>/skills/security/vulnerability-assessment.md
"集成HashiCorp Vault": 阅读 <cc-polymath-root>/skills/security/secrets-management.md
"使用JWT加固API": 阅读 <cc-polymath-root>/skills/security/authentication.md 阅读 <cc-polymath-root>/skills/security/authorization.md
下一步:运行
Read <cc-polymath-root>/skills/security/INDEX.md
查看完整类别详情,或使用上述bash命令加载特定技能。