Back to Details

sparkfinderoven-r01-security-compliance-skills

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

🔒 Security & Compliance Skills Suite

🔒 安全与合规技能套件

Skill by ara.so — Security Skills collection.
This skill suite provides AI coding agents with expertise in security auditing, vulnerability management, compliance frameworks (GDPR/SOC2/ISO27001), and incident response. Derived from hesreallyhim/awesome-claude-code, it offers 10 specialized commands and 5 multi-step workflows with structured output.
ara.so开发的技能——安全技能合集。
该技能套件为AI编码Agent提供安全审计、漏洞管理、合规框架(GDPR/SOC2/ISO27001)和事件响应方面的专业能力。衍生自hesreallyhim/awesome-claude-code,提供10个专用命令和5个带结构化输出的多步骤工作流。

What This Project Does

项目功能

The r01-security-compliance-skills suite enables:
  • OWASP Top-10 vulnerability scanning with CVSS scoring and remediation guidance
  • Dependency CVE detection with exploitability analysis and upgrade paths
  • Compliance auditing for GDPR, SOC 2, ISO 27001 frameworks
  • Threat modeling using STRIDE methodology
  • IAM least-privilege auditing for over-permissioned roles
  • Secret detection with pre-commit hooks and entropy scanning
  • Incident response playbooks for breach scenarios
r01-security-compliance-skills套件支持:
  • 带CVSS评分和修复指导的OWASP Top 10漏洞扫描
  • 带可利用性分析和升级路径的依赖项CVE检测
  • GDPR、SOC 2、ISO 27001框架的合规审计
  • 使用STRIDE方法论的威胁建模
  • 针对权限过度角色的IAM最小权限审计
  • 带预提交钩子和熵扫描的密钥检测
  • 针对入侵场景的事件响应剧本

Installation

安装

Local Installation

本地安装

bash
undefined
bash
undefined

Clone to Claude Code skills directory

克隆到Claude Code技能目录

mkdir -p ~/.claude/skills cd ~/.claude/skills git clone https://github.com/sparkfinderoven/r01-hesreallyhim-awesome-claude-code-security.git
mkdir -p ~/.claude/skills cd ~/.claude/skills git clone https://github.com/sparkfinderoven/r01-hesreallyhim-awesome-claude-code-security.git

Or copy into existing skills directory

或复制到现有技能目录

cp -r /path/to/r01-security-compliance-skills ~/.claude/skills/
undefined
cp -r /path/to/r01-security-compliance-skills ~/.claude/skills/
undefined

Register with Claude Code

在Claude Code中注册

bash
undefined
bash
undefined

In a Claude Code session, load the skill:

在Claude Code会话中加载技能:

/read ~/.claude/skills/r01-hesreallyhim-awesome-claude-code-security/SKILL.md
undefined
/read ~/.claude/skills/r01-hesreallyhim-awesome-claude-code-security/SKILL.md
undefined

Verify Installation

验证安装

bash
undefined
bash
undefined

Check available commands

查看可用命令

/help security
/help security

Test with a simple scan

用简单扫描测试

/owasp-scan --target ./src --dry-run
undefined
/owasp-scan --target ./src --dry-run
undefined

Core Commands

核心命令

/owasp-scan
- OWASP Top-10 Code Scanning

/owasp-scan
- OWASP Top 10代码扫描

Scans code for OWASP Top-10 vulnerabilities with exploit descriptions and CVSS scores.
bash
undefined
扫描代码中的OWASP Top 10漏洞,附带漏洞利用描述和CVSS评分。
bash
undefined

Scan entire project

扫描整个项目

/owasp-scan .
/owasp-scan .

Scan specific directory with custom rules

使用自定义规则扫描指定目录

/owasp-scan ./api --rules owasp-top-10-2021 --severity high
/owasp-scan ./api --rules owasp-top-10-2021 --severity high

Output JSON report

输出JSON报告

/owasp-scan ./src --output json > security-report.json

**Example Output Structure:**
OWASP Scan Results — ./api ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ✓ Files scanned: 47 ✓ Checks run: 14 ⚠ Findings: 3 critical, 5 high, 12 medium
CRITICAL FINDINGS ┌──────┬─────────────────────────────┬──────┬──────────────┐ │ ID │ Issue │ CVSS │ Location │ ├──────┼─────────────────────────────┼──────┼──────────────┤ │ A03 │ SQL Injection │ 9.8 │ api/search.js│ │ A07 │ JWT None Algorithm Accepted │ 9.1 │ auth/jwt.js │ └──────┴─────────────────────────────┴──────┴──────────────┘
REMEDIATION (Critical Priority) • SQL Injection: Use parameterized queries
  • Replace: db.query(
    SELECT * FROM users WHERE id=${id}
    )
  • With: db.query('SELECT * FROM users WHERE id=?', [id])
undefined
/owasp-scan ./src --output json > security-report.json

**示例输出结构:**
OWASP Scan Results — ./api ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ✓ 扫描文件数: 47 ✓ 执行检查数: 14 ⚠ 发现问题: 3个严重,5个高危,12个中危
严重问题 ┌──────┬─────────────────────────────┬──────┬──────────────┐ │ ID │ 问题描述 │ CVSS │ 位置 │ ├──────┼─────────────────────────────┼──────┼──────────────┤ │ A03 │ SQL注入 │ 9.8 │ api/search.js│ │ A07 │ JWT接受None算法 │ 9.1 │ auth/jwt.js │ └──────┴─────────────────────────────┴──────┴──────────────┘
修复建议(最高优先级) • SQL注入:使用参数化查询
  • 替换: db.query(
    SELECT * FROM users WHERE id=${id}
    )
  • 改为: db.query('SELECT * FROM users WHERE id=?', [id])
undefined

/dep-cve
- Dependency CVE Scanning

/dep-cve
- 依赖项CVE扫描

Analyzes dependencies for known CVEs with exploitability scores.
bash
undefined
分析依赖项中的已知CVE,附带可利用性评分。
bash
undefined

Scan package.json dependencies

扫描package.json依赖项

/dep-cve --file package.json
/dep-cve --file package.json

Full recursive scan with dev dependencies

包含开发依赖项的完整递归扫描

/dep-cve --scope full --include-dev
/dep-cve --scope full --include-dev

Check specific package

检查特定包

/dep-cve --package express@4.17.1

**Example Integration:**
```javascript
// In package.json scripts
{
  "scripts": {
    "security:deps": "claude-code /dep-cve --scope full --output md > SECURITY.md",
    "precommit": "claude-code /dep-cve --severity critical --exit-code"
  }
}
/dep-cve --package express@4.17.1

**示例集成:**
```javascript
// 在package.json的scripts中
{
  "scripts": {
    "security:deps": "claude-code /dep-cve --scope full --output md > SECURITY.md",
    "precommit": "claude-code /dep-cve --severity critical --exit-code"
  }
}

/gdpr-audit
- GDPR Compliance Auditing

/gdpr-audit
- GDPR合规审计

Maps data flows, identifies consent gaps, and generates DPA checklists.
bash
undefined
映射数据流、识别同意缺口并生成DPA检查表。
bash
undefined

Full GDPR audit

完整GDPR审计

/gdpr-audit --scope full
/gdpr-audit --scope full

Audit specific data category

审计特定数据类别

/gdpr-audit --category personal-data --output report
/gdpr-audit --category personal-data --output report

Check consent mechanisms

检查同意机制

/gdpr-audit --focus consent --include-cookies

**Configuration File (`.gdpr-config.yml`):**
```yaml
data_inventory:
  - category: personal_identifiable
    fields: [email, name, phone]
    storage: postgresql
    retention_days: 365
    legal_basis: consent
  
  - category: tracking
    fields: [ip_address, user_agent, session_id]
    storage: redis
    retention_days: 90
    legal_basis: legitimate_interest

consent_mechanisms:
  - type: cookie_banner
    granular: true
    documented: true
  
processors:
  - name: AWS
    dpa_signed: true
    location: eu-west-1
/gdpr-audit --focus consent --include-cookies

**配置文件 (`.gdpr-config.yml`):**
```yaml
data_inventory:
  - category: personal_identifiable
    fields: [email, name, phone]
    storage: postgresql
    retention_days: 365
    legal_basis: consent
  
  - category: tracking
    fields: [ip_address, user_agent, session_id]
    storage: redis
    retention_days: 90
    legal_basis: legitimate_interest

consent_mechanisms:
  - type: cookie_banner
    granular: true
    documented: true
  
processors:
  - name: AWS
    dpa_signed: true
    location: eu-west-1

/soc2-readiness
- SOC 2 Compliance Gap Analysis

/soc2-readiness
- SOC 2合规差距分析

Evaluates readiness across all 5 Trust Service Criteria (TSC).
bash
undefined
评估所有5项信任服务标准(TSC)的就绪情况。
bash
undefined

Full SOC 2 Type II assessment

完整SOC 2 Type II评估

/soc2-readiness --type type2
/soc2-readiness --type type2

Focus on specific criteria

聚焦特定标准

/soc2-readiness --criteria security,availability
/soc2-readiness --criteria security,availability

Generate evidence requirements

生成证据要求

/soc2-readiness --output evidence-matrix

**Example Report:**
SOC 2 Readiness Assessment ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Overall Score: 67% (Needs Improvement)
TRUST SERVICE CRITERIA ┌────────────────┬────────┬──────┬────────────────┐ │ Criteria │ Score │ Gaps │ Priority │ ├────────────────┼────────┼──────┼────────────────┤ │ Security │ 78% │ 4 │ Medium │ │ Availability │ 45% │ 9 │ 🔴 Critical │ │ Processing │ 72% │ 3 │ Low │ │ Confidentiality│ 89% │ 1 │ Low │ │ Privacy │ 54% │ 7 │ High │ └────────────────┴────────┴──────┴────────────────┘
CRITICAL GAPS (Availability) • No documented disaster recovery plan • RTO/RPO not defined for production systems • Backup restoration not tested in last 90 days
undefined
/soc2-readiness --output evidence-matrix

**示例报告:**
SOC 2就绪评估 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 总体得分: 67%(需要改进)
信任服务标准 ┌────────────────┬────────┬──────┬────────────────┐ │ 标准 │ 得分 │ 差距 │ 优先级 │ ├────────────────┼────────┼──────┼────────────────┤ │ 安全性 │ 78% │ 4 │ 中 │ │ 可用性 │ 45% │ 9 │ 🔴 严重 │ │ 处理流程 │ 72% │ 3 │ 低 │ │ 保密性 │ 89% │ 1 │ 低 │ │ 隐私性 │ 54% │ 7 │ 高 │ └────────────────┴────────┴──────┴────────────────┘
严重差距(可用性) • 无文档化的灾难恢复计划 • 未定义生产系统的RTO/RPO • 过去90天未测试备份恢复
undefined

/threat-model
- STRIDE Threat Modeling

/threat-model
- STRIDE威胁建模

Generates STRIDE-based threat models with risk matrices.
bash
undefined
生成基于STRIDE的威胁模型和风险矩阵。
bash
undefined

Create threat model from architecture diagram

从架构图创建威胁模型

/threat-model --input architecture.png
/threat-model --input architecture.png

Text-based architecture description

基于文本的架构描述

/threat-model --architecture "Web app → API Gateway → Lambda → RDS"
/threat-model --architecture "Web app → API Gateway → Lambda → RDS"

Update existing model

更新现有模型

/threat-model --update ./docs/threat-model.md --new-component "Redis Cache"

**Example Threat Model:**
```markdown
/threat-model --update ./docs/threat-model.md --new-component "Redis Cache"

**示例威胁模型:**
```markdown

Threat Model — Payment Processing System

威胁模型 — 支付处理系统

Architecture

架构

User → HTTPS → Load Balancer → API Server → PostgreSQL ↓ Payment Gateway (Stripe)
用户 → HTTPS → 负载均衡器 → API服务器 → PostgreSQL ↓ 支付网关(Stripe)

STRIDE Analysis

STRIDE分析

Spoofing

伪造(Spoofing)

🔴 HIGH | User authentication bypass via JWT manipulation
  • Mitigation: Implement RS256 with key rotation
  • Status: Open
🔴 高风险 | 通过JWT操纵绕过用户认证
  • 缓解措施:实现带密钥轮换的RS256
  • 状态:未处理

Tampering

篡改(Tampering)

🟠 MEDIUM | SQL injection in payment history endpoint
  • Mitigation: Use parameterized queries + ORM
  • Status: In Review
🟠 中风险 | 支付历史端点存在SQL注入
  • 缓解措施:使用参数化查询 + ORM
  • 状态:审核中

Repudiation

抵赖(Repudiation)

🟡 LOW | Insufficient audit logging on failed payments
  • Mitigation: Log all payment attempts with user context
  • Status: Planned
🟡 低风险 | 失败支付的审计日志不足
  • 缓解措施:记录所有带用户上下文的支付尝试
  • 状态:计划中

Information Disclosure

信息泄露(Information Disclosure)

🔴 HIGH | Credit card data in application logs
  • Mitigation: PCI-DSS compliant logging, tokenization
  • Status: Open
🔴 高风险 | 应用日志中包含信用卡数据
  • 缓解措施:符合PCI-DSS的日志记录、令牌化
  • 状态:未处理

Denial of Service

拒绝服务(Denial of Service)

🟠 MEDIUM | No rate limiting on payment API
  • Mitigation: Implement rate limiting (10 req/min per user)
  • Status: In Progress
🟠 中风险 | 支付API无速率限制
  • 缓解措施:实现速率限制(每个用户10次请求/分钟)
  • 状态:进行中

Elevation of Privilege

权限提升(Elevation of Privilege)

🟡 LOW | Admin role has excessive database permissions
  • Mitigation: Principle of least privilege review
  • Status: Planned
undefined
🟡 低风险 | 管理员角色拥有过多数据库权限
  • 缓解措施:最小权限原则审核
  • 状态:计划中
undefined

/secret-detect
- Secret Detection Configuration

/secret-detect
- 密钥检测配置

Configures pre-commit hooks for secret scanning with entropy analysis.
bash
undefined
配置带熵分析的预提交钩子用于密钥扫描。
bash
undefined

Initialize secret detection

初始化密钥检测

/secret-detect --init
/secret-detect --init

Scan existing codebase

扫描现有代码库

/secret-detect --scan-history
/secret-detect --scan-history

Configure custom patterns

配置自定义规则

/secret-detect --add-pattern "CUSTOM_API_KEY_[A-Za-z0-9]{32}"

**Generated Pre-commit Hook (`.git/hooks/pre-commit`):**
```bash
#!/bin/bash
/secret-detect --add-pattern "CUSTOM_API_KEY_[A-Za-z0-9]{32}"

**生成的预提交钩子 (`.git/hooks/pre-commit`):**
```bash
#!/bin/bash

Auto-generated by /secret-detect

由/secret-detect自动生成

echo "Running secret detection..."
echo "Running secret detection..."

High-entropy string detection

高熵字符串检测

git diff --cached --name-only | xargs -I {} sh -c ' if grep -E "[A-Za-z0-9+/]{40,}" {} > /dev/null 2>&1; then echo "⚠️ High-entropy string detected in: {}" echo " This may be a secret. Review before committing." exit 1 fi '
git diff --cached --name-only | xargs -I {} sh -c ' if grep -E "[A-Za-z0-9+/]{40,}" {} > /dev/null 2>&1; then echo "⚠️ High-entropy string detected in: {}" echo " This may be a secret. Review before committing." exit 1 fi '

Known secret patterns

已知密钥规则

PATTERNS=( "AKIA[0-9A-Z]{16}" # AWS Access Key "sk_live_[0-9a-zA-Z]{24}" # Stripe Live Key "ghp_[0-9a-zA-Z]{36}" # GitHub Personal Access Token "xox[baprs]-[0-9a-zA-Z]{10,48}" # Slack Token "-----BEGIN (RSA|OPENSSH) PRIVATE KEY" # Private Keys )
for pattern in "${PATTERNS[@]}"; do if git diff --cached | grep -E "$pattern" > /dev/null 2>&1; then echo "🔴 SECRET DETECTED: Pattern '$pattern'" echo " Remove secret and use environment variables instead." exit 1 fi done
echo "✓ No secrets detected"
undefined
PATTERNS=( "AKIA[0-9A-Z]{16}" # AWS Access Key "sk_live_[0-9a-zA-Z]{24}" # Stripe Live Key "ghp_[0-9a-zA-Z]{36}" # GitHub Personal Access Token "xox[baprs]-[0-9a-zA-Z]{10,48}" # Slack Token "-----BEGIN (RSA|OPENSSH) PRIVATE KEY" # 私钥 )
for pattern in "${PATTERNS[@]}"; do if git diff --cached | grep -E "$pattern" > /dev/null 2>&1; then echo "🔴 SECRET DETECTED: Pattern '$pattern'" echo " Remove secret and use environment variables instead." exit 1 fi done
echo "✓ No secrets detected"
undefined

/iam-audit
- IAM Least-Privilege Auditing

/iam-audit
- IAM最小权限审计

Audits IAM roles for over-permissions, stale access, and MFA gaps.
bash
undefined
审计IAM角色的权限过度、过期访问和MFA缺口。
bash
undefined

Full IAM audit

完整IAM审计

/iam-audit
/iam-audit

Audit specific AWS account

审计特定AWS账户

/iam-audit --provider aws --account-id 123456789012
/iam-audit --provider aws --account-id 123456789012

Check for unused permissions

检查未使用的权限

/iam-audit --focus unused-permissions --days 90

**Example Output:**
IAM Audit Results ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
OVER-PERMISSIONED ROLES ┌────────────────┬──────────────┬────────────────┐ │ Role │ Risk Level │ Issue │ ├────────────────┼──────────────┼────────────────┤ │ dev-full-access│ 🔴 Critical │ Admin wildcard │ │ lambda-exec │ 🟠 High │ s3:* on all │ │ ec2-instance │ 🟡 Medium │ Unused RDS │ └────────────────┴──────────────┴────────────────┘
STALE ACCESS (90+ days inactive) • user@example.com — Last login: 147 days ago • service-account-old — Last used: 203 days ago
MFA GAPS • 3 admin users without MFA enabled • 12 privileged roles without MFA requirement
RECOMMENDATIONS
  1. Replace dev-full-access with scoped policies
  2. Remove s3:* from lambda-exec, grant specific bucket access
  3. Deprovision stale accounts within 7 days
  4. Enforce MFA for all admin and privileged access
undefined
/iam-audit --focus unused-permissions --days 90

**示例输出:**
IAM审计结果 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
权限过度的角色 ┌────────────────┬──────────────┬────────────────┐ │ 角色 │ 风险等级 │ 问题描述 │ ├────────────────┼──────────────┼────────────────┤ │ dev-full-access│ 🔴 严重 │ 管理员通配符权限│ │ lambda-exec │ 🟠 高风险 │ 全S3权限 │ │ ec2-instance │ 🟡 中风险 │ 未使用的RDS权限│ └────────────────┴──────────────┴────────────────┘
过期访问(90天以上未活跃) • user@example.com — 上次登录:147天前 • service-account-old — 上次使用:203天前
MFA缺口 • 3个管理员用户未启用MFA • 12个特权角色未要求MFA
建议
  1. 用范围限定的策略替换dev-full-access
  2. 移除lambda-exec的s3:*权限,授予特定存储桶访问权
  3. 7天内淘汰过期账户
  4. 强制所有管理员和特权访问启用MFA
undefined

/incident-playbook
- Security Incident Response

/incident-playbook
- 安全事件响应

Generates structured incident response playbooks.
bash
undefined
生成结构化的事件响应剧本。
bash
undefined

Create playbook for incident type

创建特定事件类型的剧本

/incident-playbook --type data-breach
/incident-playbook --type data-breach

Interactive incident response

交互式事件响应

/incident-playbook --interactive --severity critical
/incident-playbook --interactive --severity critical

Load existing incident

加载现有事件

/incident-playbook --load INC-2024-001

**Example Playbook:**
```markdown
/incident-playbook --load INC-2024-001

**示例剧本:**
```markdown

Security Incident Playbook — Data Breach

安全事件剧本 — 数据泄露

1. TRIAGE (0-15 minutes)

1. 分类(0-15分钟)

Immediate Actions

立即行动

  • Activate incident response team
  • Establish secure communication channel
  • Document initial discovery and scope
  • Assign incident commander
  • 激活事件响应团队
  • 建立安全沟通渠道
  • 记录初始发现和范围
  • 指定事件指挥官

Initial Assessment

初始评估

  • Identify affected systems
  • Estimate number of records exposed
  • Classify data sensitivity (PII, PCI, PHI, etc.)
  • Determine if breach is ongoing
  • 识别受影响系统
  • 估算泄露记录数量
  • 分类数据敏感度(PII、PCI、PHI等)
  • 判断泄露是否正在进行

2. CONTAIN (15-60 minutes)

2. 遏制(15-60分钟)

Stop Active Breach

停止活跃泄露

  • Isolate compromised systems from network
  • Rotate all credentials with access to affected systems
  • Block suspicious IP addresses at firewall
  • Disable compromised user accounts
  • 将受感染系统从网络隔离
  • 轮换所有受影响系统的凭证
  • 在防火墙处阻止可疑IP地址
  • 禁用受感染用户账户

Preserve Evidence

保留证据

  • Take disk snapshots of affected systems
  • Collect network logs and traffic captures
  • Document all actions with timestamps
  • Maintain chain of custody
  • 对受影响系统进行磁盘快照
  • 收集网络日志和流量捕获
  • 记录所有带时间戳的操作
  • 维护证据链

3. ERADICATE (1-4 hours)

3. 根除(1-4小时)

Remove Threat

移除威胁

  • Identify root cause and attack vector
  • Patch exploited vulnerabilities
  • Remove malware/backdoors
  • Rebuild compromised systems from clean images
  • 识别根本原因和攻击向量
  • 修补被利用的漏洞
  • 移除恶意软件/后门
  • 从干净镜像重建受感染系统

Verify Clean State

验证清洁状态

  • Run full security scans
  • Check for persistence mechanisms
  • Review user accounts for unauthorized access
  • Audit configuration changes
  • 运行完整安全扫描
  • 检查持久化机制
  • 审查用户账户是否存在未授权访问
  • 审计配置变更

4. RECOVER (4-24 hours)

4. 恢复(4-24小时)

Restore Operations

恢复运营

  • Bring systems back online in controlled manner
  • Monitor for signs of reinfection
  • Restore data from clean backups if needed
  • Update security controls based on lessons learned
  • 以受控方式恢复系统上线
  • 监控再次感染迹象
  • 如有需要从干净备份恢复数据
  • 根据经验教训更新安全控制

Communication

沟通

  • Notify affected users within 72 hours (GDPR)
  • File breach notification with regulators
  • Coordinate with legal and PR teams
  • Prepare public statement if required
  • 72小时内通知受影响用户(GDPR要求)
  • 向监管机构提交泄露通知
  • 与法务和公关团队协调
  • 准备必要的公开声明

5. LESSONS LEARNED (1-2 weeks post-incident)

5. 经验总结(事件后1-2周)

Post-Mortem

事后分析

  • Conduct blameless post-mortem
  • Document timeline and decisions
  • Identify preventive measures
  • Update incident response plan
  • Schedule security training
  • 开展无责事后分析
  • 记录时间线和决策
  • 识别预防措施
  • 更新事件响应计划
  • 安排安全培训

Metrics

指标

  • Detection time: ___
  • Containment time: ___
  • Recovery time: ___
  • Records affected: ___
  • Estimated cost: ___
undefined
  • 检测时间: ___
  • 遏制时间: ___
  • 恢复时间: ___
  • 受影响记录数: ___
  • 估算成本: ___
undefined

/pentest-report
- Penetration Test Reporting

/pentest-report
- 渗透测试报告

Structures penetration test findings into executive and technical reports.
bash
undefined
将渗透测试发现整理为高管报告和技术报告。
bash
undefined

Generate report from findings

从发现结果生成报告

/pentest-report --input findings.json
/pentest-report --input findings.json

Create executive summary

创建高管摘要

/pentest-report --type executive --audience board
/pentest-report --type executive --audience board

Technical deep-dive

技术深度分析

/pentest-report --type technical --include-exploits
undefined
/pentest-report --type technical --include-exploits
undefined

/privacy-policy
- Privacy Policy Generator

/privacy-policy
- 隐私政策生成器

Generates GDPR/CCPA-compliant privacy policies from data inventory.
bash
undefined
从数据清单生成符合GDPR/CCPA的隐私政策。
bash
undefined

Generate from data inventory

从数据清单生成

/privacy-policy --input data-inventory.yml
/privacy-policy --input data-inventory.yml

Update existing policy

更新现有政策

/privacy-policy --update privacy.md --add-processor "SendGrid"
/privacy-policy --update privacy.md --add-processor "SendGrid"

Multi-jurisdiction support

多司法管辖区支持

/privacy-policy --jurisdictions eu,us-ca,uk
undefined
/privacy-policy --jurisdictions eu,us-ca,uk
undefined

Multi-Step Workflows

多步骤工作流

secure-sdlc
- Secure Software Development Lifecycle

secure-sdlc
- 安全开发生命周期

End-to-end security workflow from threat modeling to sign-off.
bash
undefined
从威胁建模到签署的端到端安全工作流。
bash
undefined

Run full secure SDLC workflow

运行完整安全SDLC工作流

/workflows:secure-sdlc --target ./my-app
/workflows:secure-sdlc --target ./my-app

Run specific stages

运行特定阶段

/workflows:secure-sdlc --stages "threat-model,code-scan"

**Workflow Steps:**
1. Threat modeling (STRIDE analysis)
2. Static code analysis (OWASP scan)
3. Dependency vulnerability scan
4. Dynamic application security testing (DAST)
5. Penetration testing
6. Security sign-off checklist
/workflows:secure-sdlc --stages "threat-model,code-scan"

**工作流步骤:**
1. 威胁建模(STRIDE分析)
2. 静态代码分析(OWASP扫描)
3. 依赖项漏洞扫描
4. 动态应用安全测试(DAST)
5. 渗透测试
6. 安全签署检查表

breach-response
- Data Breach Response

breach-response
- 数据泄露响应

Orchestrated breach response workflow.
bash
undefined
编排式泄露响应工作流。
bash
undefined

Initiate breach response

启动泄露响应

/workflows:breach-response --severity critical
/workflows:breach-response --severity critical

Continue from checkpoint

从检查点继续

/workflows:breach-response --resume-from contain
undefined
/workflows:breach-response --resume-from contain
undefined

compliance-audit
- Full Compliance Audit

compliance-audit
- 完整合规审计

Multi-framework compliance assessment.
bash
undefined
多框架合规评估。
bash
undefined

Run compliance audit

运行合规审计

/workflows:compliance-audit --frameworks gdpr,soc2,iso27001
/workflows:compliance-audit --frameworks gdpr,soc2,iso27001

Specific scope

特定范围

/workflows:compliance-audit --scope "user data processing"
undefined
/workflows:compliance-audit --scope "user data processing"
undefined

zero-trust-design
- Zero Trust Architecture

zero-trust-design
- 零信任架构

Designs zero-trust architecture across identity, network, workload, and data layers.
bash
undefined
跨身份、网络、工作负载和数据层设计零信任架构。
bash
undefined

Design zero-trust architecture

设计零信任架构

/workflows:zero-trust-design --current-architecture aws-vpc.yml
undefined
/workflows:zero-trust-design --current-architecture aws-vpc.yml
undefined

vendor-security
- Third-Party Security Assessment

vendor-security
- 第三方安全评估

Assesses vendor security posture with standardized questionnaire.
bash
undefined
用标准化问卷评估供应商安全态势。
bash
undefined

Assess new vendor

评估新供应商

/workflows:vendor-security --vendor "Acme SaaS Inc"
/workflows:vendor-security --vendor "Acme SaaS Inc"

Automated risk scoring

自动风险评分

/workflows:vendor-security --questionnaire responses.json --auto-score
undefined
/workflows:vendor-security --questionnaire responses.json --auto-score
undefined

Configuration

配置

Global Config (
.security-skills-config.yml
)

全局配置 (
.security-skills-config.yml
)

yaml
undefined
yaml
undefined

Place in project root or ~/.config/security-skills/

放置在项目根目录或~/.config/security-skills/

Default severity thresholds

默认严重程度阈值

severity: block_on: critical warn_on: high report_all: true
severity: block_on: critical warn_on: high report_all: true

Output preferences

输出偏好

output: format: table # table, json, markdown color: true verbose: false
output: format: table # table, json, markdown color: true verbose: false

Integration settings

集成设置

integrations: jira: enabled: true url: ${JIRA_URL} api_token: ${JIRA_API_TOKEN} project_key: SEC
slack: enabled: true webhook_url: ${SLACK_WEBHOOK_URL} channel: "#security-alerts"
github: enabled: true token: ${GITHUB_TOKEN} create_issues: true
integrations: jira: enabled: true url: ${JIRA_URL} api_token: ${JIRA_API_TOKEN} project_key: SEC
slack: enabled: true webhook_url: ${SLACK_WEBHOOK_URL} channel: "#security-alerts"
github: enabled: true token: ${GITHUB_TOKEN} create_issues: true

Custom rules

自定义规则

custom_rules:
  • id: custom-001 name: "Internal API Key Pattern" pattern: "INTERNAL_[A-Z0-9]{24}" severity: high
custom_rules:
  • id: custom-001 name: "Internal API Key Pattern" pattern: "INTERNAL_[A-Z0-9]{24}" severity: high

Compliance frameworks

合规框架

compliance: primary: gdpr secondary: [soc2, iso27001] audit_schedule: quarterly
undefined
compliance: primary: gdpr secondary: [soc2, iso27001] audit_schedule: quarterly
undefined

Environment Variables

环境变量

bash
undefined
bash
undefined

Required for integrations

集成所需变量

export JIRA_URL="https://your-org.atlassian.net" export JIRA_API_TOKEN="your-token-here" export SLACK_WEBHOOK_URL="https://hooks.slack.com/services/xxx" export GITHUB_TOKEN="ghp_xxxxxxxxxxxx"
export JIRA_URL="https://your-org.atlassian.net" export JIRA_API_TOKEN="your-token-here" export SLACK_WEBHOOK_URL="https://hooks.slack.com/services/xxx" export GITHUB_TOKEN="ghp_xxxxxxxxxxxx"

Optional - provider-specific

可选 - 特定供应商变量

export AWS_PROFILE="security-audit" export AZURE_SUBSCRIPTION_ID="xxxxx" export GCP_PROJECT_ID="your-project"
undefined
export AWS_PROFILE="security-audit" export AZURE_SUBSCRIPTION_ID="xxxxx" export GCP_PROJECT_ID="your-project"
undefined

Common Patterns

常见模式

CI/CD Integration

CI/CD集成

GitHub Actions (
.github/workflows/security.yml
):
yaml
name: Security Checks

on: [push, pull_request]

jobs:
  security-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      
      - name: Install Security Skills
        run: |
          mkdir -p ~/.claude/skills
          cp -r ./.security-skills ~/.claude/skills/
      
      - name: OWASP Scan
        run: |
          claude-code /owasp-scan . --output json > owasp-report.json
      
      - name: Dependency CVE Scan
        run: |
          claude-code /dep-cve --scope full --severity critical --exit-code
      
      - name: Secret Detection
        run: |
          claude-code /secret-detect --scan-history
      
      - name: Upload Reports
        uses: actions/upload-artifact@v3
        with:
          name: security-reports
          path: |
            owasp-report.json
            SECURITY.md
GitHub Actions (
.github/workflows/security.yml
):
yaml
name: Security Checks

on: [push, pull_request]

jobs:
  security-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      
      - name: Install Security Skills
        run: |
          mkdir -p ~/.claude/skills
          cp -r ./.security-skills ~/.claude/skills/
      
      - name: OWASP Scan
        run: |
          claude-code /owasp-scan . --output json > owasp-report.json
      
      - name: Dependency CVE Scan
        run: |
          claude-code /dep-cve --scope full --severity critical --exit-code
      
      - name: Secret Detection
        run: |
          claude-code /secret-detect --scan-history
      
      - name: Upload Reports
        uses: actions/upload-artifact@v3
        with:
          name: security-reports
          path: |
            owasp-report.json
            SECURITY.md

Pre-commit Hook Integration

预提交钩子集成

bash
undefined
bash
undefined

.git/hooks/pre-commit

.git/hooks/pre-commit

#!/bin/bash
echo "🔒 Running security checks..."
#!/bin/bash
echo "🔒 运行安全检查..."

Secret detection

密钥检测

if ! claude-code /secret-detect --staged-only; then echo "❌ Secret detection failed" exit 1 fi
if ! claude-code /secret-detect --staged-only; then echo "❌ 密钥检测失败" exit 1 fi

Quick OWASP scan on changed files

对变更文件快速OWASP扫描

CHANGED_FILES=$(git diff --cached --name-only --diff-filter=ACM | grep -E '.(js|py|java|go)$') if [ -n "$CHANGED_FILES" ]; then if ! claude-code /owasp-scan $CHANGED_FILES --fast; then echo "❌ Security scan found critical issues" exit 1 fi fi
echo "✅ Security checks passed"
undefined
CHANGED_FILES=$(git diff --cached --name-only --diff-filter=ACM | grep -E '.(js|py|java|go)$') if [ -n "$CHANGED_FILES" ]; then if ! claude-code /owasp-scan $CHANGED_FILES --fast; then echo "❌ 安全扫描发现严重问题" exit 1 fi fi
echo "✅ 安全检查通过"
undefined

Automated Compliance Reporting

自动化合规报告

python
undefined
python
undefined

scripts/weekly-compliance-report.py

scripts/weekly-compliance-report.py

import subprocess import json from datetime import datetime
def run_compliance_scan(): """Run compliance audit and send report"""
# Run GDPR audit
gdpr_result = subprocess.run(
    ["claude-code", "/gdpr-audit", "--output", "json"],
    capture_output=True,
    text=True
)

# Run SOC 2 readiness
soc2_result = subprocess.run(
    ["claude-code", "/soc2-readiness", "--output", "json"],
    capture_output=True,
    text=True
)

# Parse results
gdpr_data = json.loads(gdpr_result.stdout)
soc2_data = json.loads(soc2_result.stdout)

# Generate summary
report = f"""
Compliance Report — {datetime.now().strftime('%Y-%m-%d')}

GDPR Status: {gdpr_data['overall_compliance']}%
Critical Gaps: {gdpr_data['critical_gaps_count']}

SOC 2 Readiness: {soc2_data['overall_score']}%
TSC Failures: {soc2_data['tsc_failures']}

Action Required: {gdpr_data['critical_gaps_count'] + soc2_data['critical_gaps_count']} items
"""

# Send to Slack
subprocess.run([
    "curl", "-X", "POST",
    "-H", "Content-Type: application/json",
    "-d", json.dumps({"text": report}),
    os.environ["SLACK_WEBHOOK_URL"]
])
if name == "main": run_compliance_scan()
undefined
import subprocess import json from datetime import datetime
def run_compliance_scan(): """运行合规审计并发送报告"""
# 运行GDPR审计
gdpr_result = subprocess.run(
    ["claude-code", "/gdpr-audit", "--output", "json"],
    capture_output=True,
    text=True
)

# 运行SOC 2就绪评估
soc2_result = subprocess.run(
    ["claude-code", "/soc2-readiness", "--output", "json"],
    capture_output=True,
    text=True
)

# 解析结果
gdpr_data = json.loads(gdpr_result.stdout)
soc2_data = json.loads(soc2_result.stdout)

# 生成摘要
report = f"""
合规报告 — {datetime.now().strftime('%Y-%m-%d')}

GDPR合规率: {gdpr_data['overall_compliance']}%
严重缺口数: {gdpr_data['critical_gaps_count']}

SOC 2就绪率: {soc2_data['overall_score']}%
TSC未通过项: {soc2_data['tsc_failures']}

需处理项: {gdpr_data['critical_gaps_count'] + soc2_data['critical_gaps_count']}个
"""

# 发送到Slack
subprocess.run([
    "curl", "-X", "POST",
    "-H", "Content-Type: application/json",
    "-d", json.dumps({"text": report}),
    os.environ["SLACK_WEBHOOK_URL"]
])
if name == "main": run_compliance_scan()
undefined

Incident Response Automation

事件响应自动化

bash
#!/bin/bash
bash
#!/bin/bash

scripts/incident-response.sh

scripts/incident-response.sh

SEVERITY=$1 INCIDENT_TYPE=$2
if [ -z "$SEVERITY" ] || [ -z "$INCIDENT_TYPE" ]; then echo "Usage: ./incident-response.sh <critical|high|medium> <data-breach|ransomware|ddos>" exit 1 fi
SEVERITY=$1 INCIDENT_TYPE=$2
if [ -z "$SEVERITY" ] || [ -z "$INCIDENT_TYPE" ]; then echo "用法: ./incident-response.sh <critical|high|medium> <data-breach|ransomware|ddos>" exit 1 fi

Create incident directory

创建事件目录

INCIDENT_ID="INC-$(date +%Y%m%d-%H%M%S)" mkdir -p "incidents/$INCIDENT_ID"
INCIDENT_ID="INC-$(date +%Y%m%d-%H%M%S)" mkdir -p "incidents/$INCIDENT_ID"

Generate playbook

生成剧本

claude-code /incident-playbook
--type "$INCIDENT_TYPE"
--severity "$SEVERITY"
--output "incidents/$INCIDENT_ID/playbook.md"
claude-code /incident-playbook
--type "$INCIDENT_TYPE"
--severity "$SEVERITY"
--output "incidents/$INCIDENT_ID/playbook.md"

Run IAM audit

运行IAM审计

claude-code /iam-audit
--output json > "incidents/$INCIDENT_ID/iam-audit.json"
claude-code /iam-audit
--output json > "incidents/$INCIDENT_ID/iam-audit.json"

Capture current state

捕获当前状态

echo "Capturing system state..." claude-code /threat-model
--current-state
--output "incidents/$INCIDENT_ID/current-threat-model.md"
echo "捕获系统状态..." claude-code /threat-model
--current-state
--output "incidents/$INCIDENT_ID/current-threat-model.md"

Create Jira ticket

创建Jira工单

if [ -n "$JIRA_API_TOKEN" ]; then ISSUE_KEY=$(claude-code /integrations:jira:create-incident
--incident-id "$INCIDENT_ID"
--severity "$SEVERITY"
--type "$INCIDENT_TYPE") echo "Jira Issue Created: $ISSUE_KEY" fi
if [ -n "$JIRA_API_TOKEN" ]; then ISSUE_KEY=$(claude-code /integrations:jira:create-incident
--incident-id "$INCIDENT_ID"
--severity "$SEVERITY"
--type "$INCIDENT_TYPE") echo "已创建Jira工单: $ISSUE_KEY" fi

Notify team

通知团队

echo "🚨 Security Incident: $INCIDENT_ID" |
claude-code /integrations:slack:notify
--channel security-incidents
--attach "incidents/$INCIDENT_ID/playbook.md"
echo "Incident $INCIDENT_ID initialized. Follow playbook at incidents/$INCIDENT_ID/playbook.md"
undefined
echo "🚨 安全事件: $INCIDENT_ID" |
claude-code /integrations:slack:notify
--channel security-incidents
--attach "incidents/$INCIDENT_ID/playbook.md"
echo "事件$INCIDENT_ID已初始化。请遵循incidents/$INCIDENT_ID/playbook.md中的剧本操作"
undefined

Troubleshooting

故障排除

Command Not Found

命令未找到

bash
undefined
bash
undefined

Verify installation

验证安装

ls -la ~/.claude/skills/
ls -la ~/.claude/skills/

Reload skill in Claude Code session

在Claude Code会话中重新加载技能

/read ~/.claude/skills/r01-hesreallyhim-awesome-claude-code-security/SKILL.md
/read ~/.claude/skills/r01-hesreallyhim-awesome-claude-code-security/SKILL.md

Check Claude Code version (requires 0.8.0+)

检查Claude Code版本(需要0.8.0+)

claude-code --version
undefined
claude-code --version
undefined

False Positives in Scans

扫描误报

yaml
undefined
yaml
undefined

Create .security-ignore.yml in project root

在项目根目录创建.security-ignore.yml

ignore_patterns:
  • pattern: "test/fixtures/**" reason: "Test data, not production code"
  • pattern: "docs/examples/**" reason: "Documentation examples"
  • finding_id: "OWASP-A03-SQL-001" file: "src/legacy/report-builder.js" reason: "Acknowledged risk - scheduled for refactor Q3" expires: "2024-09-30"
undefined
ignore_patterns:
  • pattern: "test/fixtures/**" reason: "测试数据,非生产代码"
  • pattern: "docs/examples/**" reason: "文档示例"
  • finding_id: "OWASP-A03-SQL-001" file: "src/legacy/report-builder.js" reason: "已确认风险 - 计划Q3重构" expires: "2024-09-30"
undefined

Integration Issues

集成问题

bash
undefined
bash
undefined

Test Jira connection

测试Jira连接

claude-code /integrations:test --service jira
claude-code /integrations:test --service jira

Verify environment variables

验证环境变量

env | grep -E '(JIRA|SLACK|GITHUB)'
env | grep -E '(JIRA|SLACK|GITHUB)'

Debug mode

调试模式

claude-code /owasp-scan . --debug --verbose
undefined
claude-code /owasp-scan . --debug --verbose
undefined

Performance Optimization

性能优化

bash
undefined
bash
undefined

For large codebases, use incremental scanning

大型代码库使用增量扫描

claude-code /owasp-scan --incremental --cache-results
claude-code /owasp-scan --incremental --cache-results

Parallel scanning

并行扫描

claude-code /dep-cve --parallel --workers 4
claude-code /dep-cve --parallel --workers 4

Exclude directories

排除目录

claude-code /owasp-scan . --exclude node_modules,vendor,dist
undefined
claude-code /owasp-scan . --exclude node_modules,vendor,dist
undefined

Custom Rule Not Triggering

自定义规则未触发

yaml
undefined
yaml
undefined

Validate custom rule syntax

验证自定义规则语法

custom_rules:
  • id: custom-api-key name: "Custom API Key Detection" pattern: "API_KEY_[A-Z0-9]{32}" # Must be valid regex severity: high file_types: [".js", ".py", ".env"] # Limit to specific extensions enabled: true # Explicitly enable

```bash
custom_rules:
  • id: custom-api-key name: "Custom API Key Detection" pattern: "API_KEY_[A-Z0-9]{32}" # 必须是有效的正则表达式 severity: high file_types: [".js", ".py", ".env"] # 限制特定文件扩展名 enabled: true # 显式启用

```bash

Test custom rule

测试自定义规则

claude-code /secret-detect --test-rule custom-api-key --sample "API_KEY_ABC123XYZ789012345678901234567"
undefined
claude-code /secret-detect --test-rule custom-api-key --sample "API_KEY_ABC123XYZ789012345678901234567"
undefined

Report Generation Failures

报告生成失败

bash
undefined
bash
undefined

Ensure output directory exists

确保输出目录存在

mkdir -p reports/
mkdir -p reports/

Check disk space

检查磁盘空间

df -h
df -h

Use streaming output for large reports

大型报告使用流式输出

claude-code /owasp-scan . --output json --stream > reports/scan-$(date +%Y%m%d).json
claude-code /owasp-scan . --output json --stream > reports/scan-$(date +%Y%m%d).json

Compress old reports

压缩旧报告

find reports/ -name "*.json" -mtime +30 -exec gzip {} ;
undefined
find reports/ -name "*.json" -mtime +30 -exec gzip {} ;
undefined

Advanced Usage

高级用法

Programmatic Access

程序化访问

python
undefined
python
undefined

Python wrapper for security-skills commands

安全技能命令的Python封装

import subprocess import json
class SecuritySkills: def init(self, config_path=None): self.config = config_path
def owasp_scan(self, target, severity="high"):
    result = subprocess.run(
        ["claude-code", "/owasp-scan", target, 
         "--severity", severity, "--output", "json"],
        capture_output=True,
        text=True
    )
    return json.loads(result.stdout)

def dep_cve(self, scope="full"):
    result = subprocess.run(
        ["claude-code", "/dep-cve", 
         "--scope", scope, "--output", "json"],
        capture_output=True,
        text=True
    )
    return json.loads(result.stdout)

def create_incident(self, incident_type, severity):
    result = subprocess.run(
        ["claude-code", "/incident-playbook",
         "--type", incident_type,
         "--severity", severity,
         "--output", "json"],
        capture_output=True,
        text=True
    )
    return json.loads(result.stdout)
import subprocess import json
class SecuritySkills: def init(self, config_path=None): self.config = config_path
def owasp_scan(self, target, severity="high"):
    result = subprocess.run(
        ["claude-code", "/owasp-scan", target, 
         "--severity", severity, "--output", "json"],
        capture_output=True,
        text=True
    )
    return json.loads(result.stdout)

def dep_cve(self, scope="full"):
    result = subprocess.run(
        ["claude-code", "/dep-cve", 
         "--scope", scope, "--output", "json"],
        capture_output=True,
        text=True
    )
    return json.loads(result.stdout)

def create_incident(self, incident_type, severity):
    result = subprocess.run(
        ["claude-code", "/incident-playbook",
         "--type", incident_type,
         "--severity", severity,
         "--output", "json"],
        capture_output=True,
        text=True
    )
    return json.loads(result.stdout)

Usage

使用示例

skills = SecuritySkills() scan_results = skills.owasp_scan("./src", severity="critical") if scan_results["critical_count"] > 0: skills.create_incident("vulnerability-detected", "high")
undefined
skills = SecuritySkills() scan_results = skills.owasp_scan("./src", severity="critical") if scan_results["critical_count"] > 0: skills.create_incident("vulnerability-detected", "high")
undefined

Custom Workflow Orchestration

自定义工作流编排

yaml
undefined
yaml
undefined

workflows/custom-audit.yml

workflows/custom-audit.yml

name: Custom Security Audit description: Organization-specific security workflow
steps:
  • name: Pre-audit Setup command: /iam-audit store_output: iam_results
  • name: Code Security parallel:
    • command: /owasp-scan args: [--target, ./src]
    • command: /dep-cve args: [--scope, full]
    • command: /secret-detect args: [--scan-history]
  • name: Compliance Check command: /gdpr-audit condition: ${iam_results.high_risk_count} > 0
  • name: Generate Report command: /pentest-report inputs:
    • ${STEP_1_OUTPUT}
    • ${STEP_2_OUTPUT}
    • ${STEP_3_OUTPUT}
  • name: Notify Team command: /integrations:slack:notify args:
    • --channel
    • security-team
    • --attach
    • ${STEP_4_OUTPUT}

```bash
name: Custom Security Audit description: Organization-specific security workflow
steps:
  • name: Pre-audit Setup command: /iam-audit store_output: iam_results
  • name: Code Security parallel:
    • command: /owasp-scan args: [--target, ./src]
    • command: /dep-cve args: [--scope, full]
    • command: /secret-detect args: [--scan-history]
  • name: Compliance Check command: /gdpr-audit condition: ${iam_results.high_risk_count} > 0
  • name: Generate Report command: /pentest-report inputs:
    • ${STEP_1_OUTPUT}
    • ${STEP_2_OUTPUT}
    • ${STEP_3_OUTPUT}
  • name: Notify Team command: /integrations:slack:notify args:
    • --channel
    • security-team
    • --attach
    • ${STEP_4_OUTPUT}

```bash

Run custom workflow

运行自定义工作流

claude-code /workflows:run workflows/custom-audit.yml
undefined
claude-code /workflows:run workflows/custom-audit.yml
undefined

Resources

资源

  • Source Project: hesreallyhim/awesome-claude-code
  • Documentation: Project README and command help (
    /help <command>
    )
  • Issue Tracker: GitHub Issues for bug reports and feature requests
  • Community: Discussions tab for questions and best practices
  • 源项目: hesreallyhim/awesome-claude-code
  • 文档: 项目README和命令帮助 (
    /help <command>
    )
  • 问题跟踪: GitHub Issues用于提交bug报告和功能请求
  • 社区: Discussions标签用于提问和分享最佳实践

License

许可证

MIT License - Free to use, modify, and distribute.
MIT许可证 - 可免费使用、修改和分发。