Back to Details

explain

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Security Explainer

安全解释器

Interactive explainer for security frameworks, threat categories, vulnerability findings, and security concepts. Works at multiple levels of depth -- from a broad framework overview down to a single finding ID. Always uses the user's own codebase for concrete examples when possible.
交互式的安全框架、威胁类别、漏洞发现及安全概念解释工具。支持多深度层级解释——从宽泛的框架概述到单个发现ID的细节。尽可能使用用户自身的代码库提供具体示例。

Explanation Levels

解释层级

Detect what the user is asking about and respond at the appropriate level:
检测用户的问题类型,并给出对应层级的响应:

Level 1: Framework

层级1:框架

Triggered by framework names: STRIDE, OWASP, PASTA, LINDDUN, MITRE ATT&CK, SANS/CWE Top 25, DREAD.
What to cover:
  1. What the framework is, who created it, and when to use it.
  2. All categories/stages within the framework (e.g., all 6 STRIDE letters, all 10 OWASP categories, all 7 PASTA stages).
  3. For each category: one-sentence description and a real code example from the user's codebase if available.
  4. How the framework relates to other frameworks (cross-mappings).
  5. When to choose this framework over alternatives.
Framework references to read:
  • STRIDE: 
    ../../shared/frameworks/stride.md
  • OWASP Top 10: 
    ../../shared/frameworks/owasp-top10-2021.md
  • PASTA: 
    ../../shared/frameworks/pasta.md
  • LINDDUN: 
    ../../shared/frameworks/linddun.md
  • MITRE ATT&CK: 
    ../../shared/frameworks/mitre-attck.md
  • SANS/CWE Top 25: 
    ../../shared/frameworks/sans-cwe-top25.md
  • DREAD: 
    ../../shared/frameworks/dread.md
  • OWASP API Top 10: 
    ../../shared/frameworks/owasp-api-top10.md
由框架名称触发:STRIDE、OWASP、PASTA、LINDDUN、MITRE ATT&CK、SANS/CWE Top 25、DREAD。
需要涵盖的内容:
  1. 该框架是什么、创建者是谁以及适用场景。
  2. 框架内的所有类别/阶段(例如STRIDE的6个字母对应的类别、OWASP的全部10个类别、PASTA的7个阶段)。
  3. 每个类别:一句话描述,若有可用的用户代码库中的真实代码示例则附上。
  4. 该框架与其他框架的关联(跨映射)。
  5. 何时选择该框架而非其他替代方案。
框架参考文档:
  • STRIDE: 
    ../../shared/frameworks/stride.md
  • OWASP Top 10: 
    ../../shared/frameworks/owasp-top10-2021.md
  • PASTA: 
    ../../shared/frameworks/pasta.md
  • LINDDUN: 
    ../../shared/frameworks/linddun.md
  • MITRE ATT&CK: 
    ../../shared/frameworks/mitre-attck.md
  • SANS/CWE Top 25: 
    ../../shared/frameworks/sans-cwe-top25.md
  • DREAD: 
    ../../shared/frameworks/dread.md
  • OWASP API Top 10: 
    ../../shared/frameworks/owasp-api-top10.md

Level 2: Category

层级2:类别

Triggered by category names: "spoofing", "tampering", "injection", "broken access control", "A01", "A03", "STRIDE-S", "CWE-89", etc.
What to cover:
  1. Full definition of the category and which framework(s) it belongs to.
  2. The security property it protects (e.g., Spoofing protects Authentication).
  3. Common attack techniques in this category (3-5 examples).
  4. Real code patterns from the user's codebase that are relevant. Use Grep and Glob to find concrete examples.
  5. How to detect vulnerabilities in this category.
  6. How to prevent or remediate them.
  7. Related categories in other frameworks (cross-mapping).
由类别名称触发:“spoofing(欺骗)”“tampering(篡改)”“injection(注入)”“broken access control(访问控制失效)”“A01”“A03”“STRIDE-S”“CWE-89”等。
需要涵盖的内容:
  1. 该类别的完整定义及其所属的框架。
  2. 它所保护的安全属性(例如,欺骗保护身份验证)。
  3. 该类别中的常见攻击技术(3-5个示例)。
  4. 用户代码库中相关的真实代码模式。使用Grep和Glob查找具体示例。
  5. 如何检测该类别中的漏洞。
  6. 如何预防或修复这些漏洞。
  7. 其他框架中的相关类别(跨映射)。

Level 3: Finding

层级3:发现

Triggered by finding IDs: "INJ-003", "SPOOF-001", "AC-005", "SEC-002", etc. Also triggered by phrases like "explain this finding" or "what does this vulnerability mean" when a finding was recently reported.
What to cover:
  1. What the finding means in plain language.
  2. Why it is dangerous -- concrete attack scenario.
  3. How an attacker would exploit it step by step.
  4. The severity and confidence ratings and why they were assigned.
  5. Framework and CWE cross-references.
  6. Step-by-step remediation with code diff.
  7. How to verify the fix is correct.
  8. Similar vulnerabilities to watch for in the same codebase.
由发现ID触发:“INJ-003”“SPOOF-001”“AC-005”“SEC-002”等。当用户最近收到发现报告后,询问“解释这个发现”或“这个漏洞是什么意思”时也会触发。
需要涵盖的内容:
  1. 用通俗易懂的语言解释该发现的含义。
  2. 它的危险性——具体的攻击场景。
  3. 攻击者一步步利用该漏洞的过程。
  4. 严重性和置信度评级及其分配原因。
  5. 框架和CWE的交叉引用。
  6. 带代码差异的分步修复方案。
  7. 如何验证修复是否正确。
  8. 代码库中需要注意的类似漏洞。

Level 4: Comparison

层级4:对比

Triggered by "vs", "versus", "compared to", "difference between", or listing multiple frameworks/categories.
What to cover:
  1. Side-by-side overview of each item being compared.
  2. Key differences in approach, scope, and philosophy.
  3. When to use each one.
  4. Overlap and complementary strengths.
  5. Recommendation for the user's specific use case.
Common comparisons:
  • STRIDE vs PASTA: Categorization vs process-oriented
  • STRIDE vs LINDDUN: Security threats vs privacy threats
  • OWASP Top 10 vs SANS/CWE Top 25: Web app risks vs software weaknesses
  • OWASP Top 10 vs OWASP API Top 10: Web apps vs API-specific risks
  • DREAD vs CVSS: Qualitative vs quantitative risk scoring
由“vs”“versus”“compared to”“difference between”或列出多个框架/类别等触发。
需要涵盖的内容:
  1. 对每个被对比项的并列概述。
  2. 在方法、范围和理念上的主要差异。
  3. 各自的适用场景。
  4. 重叠部分和互补优势。
  5. 针对用户具体用例的推荐方案。
常见对比场景:
  • STRIDE vs PASTA:基于分类 vs 基于流程
  • STRIDE vs LINDDUN:安全威胁 vs 隐私威胁
  • OWASP Top 10 vs SANS/CWE Top 25:Web应用风险 vs 软件弱点
  • OWASP Top 10 vs OWASP API Top 10:Web应用 vs 特定API风险
  • DREAD vs CVSS:定性 vs 定量风险评分

Workflow

工作流程

1. Parse the Query

1. 解析查询

Determine:
  • Level: Framework, category, finding, or comparison.
  • Subject(s): Which specific framework(s), category(ies), or finding(s).
  • Context: Is there a recent analysis whose findings can be referenced?
确定:
  • 层级:框架、类别、发现或对比。
  • 主题:具体的框架、类别或发现。
  • 上下文:是否有可参考的近期分析发现?

2. Load References

2. 加载参考文档

Read the relevant framework reference file(s) from 
shared/frameworks/
. For finding explanations, also read the relevant skill's SKILL.md and detection patterns.
shared/frameworks/
读取相关的框架参考文件。对于发现解释,还需读取相关Skill的SKILL.md和检测模式。

3. Search the Codebase

3. 搜索代码库

Use Glob and Grep to find real examples from the user's codebase that illustrate the concept. This grounds the explanation in the user's actual code rather than generic examples.
Search strategy by level:
  • Framework: Scan for patterns relevant to each category. Show 1 example per category to make the framework tangible.
  • Category: Deep search for patterns specific to that category. Show 3-5 real examples with file paths and line numbers.
  • Finding: Read the specific file and lines referenced in the finding. Also search for similar patterns elsewhere in the codebase.
  • Comparison: Search for examples that highlight the difference between the compared items.
使用Glob和Grep查找用户代码库中能说明该概念的真实示例。这会让解释基于用户的实际代码而非通用示例。
按层级的搜索策略:
  • 框架:扫描与每个类别相关的模式。每个类别展示1个示例,让框架更具象。
  • 类别:深度搜索该类别特有的模式。展示3-5个真实示例,包含文件路径和行号。
  • 发现:读取发现中引用的具体文件和代码行。同时搜索代码库中其他类似的模式。
  • 对比:搜索能突出被对比项差异的示例。

4. Explain

4. 进行解释

Present the explanation at the appropriate level. Use clear headings, concrete code examples, and practical language. Avoid jargon without definition. When referencing CWEs or other identifiers, briefly explain what they mean.
按对应层级呈现解释内容。使用清晰的标题、具体的代码示例和实用语言。避免未定义的行话。当引用CWE或其他标识符时,简要说明其含义。

5. Offer Follow-Up

5. 提供后续服务

Always end with a contextual follow-up offer:
SituationOffer
Explained a framework"Want me to run a full {framework} analysis on your codebase?"
Explained a category"Want me to scan your code specifically for {category} issues?"
Explained a finding"Want me to generate the fix?" or "Want me to check for similar issues?"
Compared frameworks"Want me to run {recommended framework} on your codebase?"
Generic concept"Want me to check your code for related vulnerabilities?"
始终以上下文相关的后续服务提议结尾:
场景提议内容
解释了框架“需要我对您的代码库进行完整的{framework}分析吗?”
解释了类别“需要我专门扫描您的代码以查找{category}问题吗?”
解释了发现“需要我生成修复方案吗?”或“需要我检查是否存在类似问题吗?”
对比了框架“需要我在您的代码库上运行{推荐框架}分析吗?”
解释了通用概念“需要我检查您的代码是否存在相关漏洞吗?”

Presentation Guidelines

展示指南

  • Start with a one-sentence plain-language summary before diving into detail.
  • Use tables for structured comparisons and cross-references.
  • Show code snippets from the user's codebase when available, with file paths.
  • For findings, always include the attack scenario as a numbered step list.
  • Keep explanations practical. Developers want to know "what do I do about this?" not just "what is this?".
  • When explaining severity, connect it to real-world impact: "critical means an attacker can do X without authentication."
  • 在深入细节之前,先用一句话通俗易懂的总结开头。
  • 使用表格呈现结构化对比和交叉引用。
  • 若有可用的用户代码库代码片段,附上文件路径展示。
  • 对于发现,始终将攻击场景列为编号步骤列表。
  • 保持解释的实用性。开发者想知道“我该怎么做?”而非仅仅“这是什么?”。
  • 解释严重性时,关联到实际影响:“严重级别意味着攻击者无需身份验证即可执行X操作。”

Edge Cases

边缘情况

  • Unknown term: If the user asks about something not in the loaded frameworks, provide the best explanation possible from general security knowledge and note which frameworks/CWEs are related.
  • Ambiguous query: If "explain injection" could mean SQL injection, command injection, or the OWASP A03 category, briefly cover all and ask which the user wants to dive deeper into.
  • Finding not in context: If the user references a finding ID that was not part of a recent analysis, explain what findings with that prefix typically represent (e.g., "INJ findings are injection vulnerabilities detected by the injection skill") and offer to run the relevant scan.
  • 未知术语:如果用户询问的内容不在已加载的框架中,利用通用安全知识提供最佳解释,并注明相关的框架/CWE。
  • 模糊查询:如果“解释注入”可能指SQL注入、命令注入或OWASP A03类别,简要涵盖所有情况并询问用户想深入了解哪一个。
  • 无上下文的发现:如果用户引用的发现ID不属于近期分析,解释该前缀的发现通常代表什么(例如,“INJ类发现是由注入Skill检测到的注入漏洞”),并提议运行相关扫描。