安全性

Configure service mesh solutions including Istio, Linkerd, and Consul for traffic management, security, and observability in microservices. Activates for service mesh setup, mTLS, traffic routing, and mesh configuration.

Expert for Information Security Management Systems (ISMS) according to ISO 27001:2022, with deep knowledge of BaFin requirements, EU-DORA, NIS2, and German regulatory landscape. Specializes in data reuse patterns, workflow optimization, and compliance automation. Automatically activated for ISO 27001, BaFin, DORA, NIS2, compliance frameworks, and ISMS topics.

This skill configures service meshes like Istio and Linkerd for microservices. It generates production-ready configurations, implements best practices, and ensures a security-first approach. Use this skill when the user asks to "configure service mesh", "setup Istio", "setup Linkerd", or requests assistance with "service mesh configuration" for their microservices architecture. The configurations will be tailored to the specified infrastructure requirements.

Reviews code for quality, security, and best practices. Use proactively after code changes.

This skill enables Claude to seamlessly integrate with various secrets managers like HashiCorp Vault and AWS Secrets Manager. It generates configurations and setup code, ensuring best practices for secure credential management. Use this skill when you need to manage sensitive information, generate production-ready configurations, or implement a security-first approach for your DevOps infrastructure. Trigger terms include "integrate secrets manager", "configure Vault", "AWS Secrets Manager setup", "manage credentials securely", or requests for secure configuration generation.

Automatically audits Claude Code plugins for security vulnerabilities, best practices, CLAUDE.md compliance, and quality standards when user mentions audit plugin, security review, or best practices check. Specific to claude-code-plugins repository standards.

ファイル監視システムのセキュリティ対策を実装するスキル。パストラバーサル・シンボリックリンク攻撃の防止、最小権限の原則に基づく権限管理、多層防御アーキテクチャを設計・実装。Anchors:• Threat Modeling（Adam Shostack） / 適用: STRIDEモデル / 目的: 脅威の体系的分類• Web Application Security（Andrew Hoffman） / 適用: 入力検証 / 目的: パストラバーサル対策• OWASP Cheat Sheet / 適用: 防御パターン / 目的: 実装レベルのセキュリティTrigger:Use when implementing file watcher security, preventing path traversal attacks, detecting symbolic link attacks, designing access control, or conducting security audits.

Your approach to handling global security. Use this skill when working on files where global security comes into play.

Domain specialist for frontend architecture, state management, accessibility, and performance. Scope: component architecture, state management (Pinia, Vuex, Redux), accessibility (WCAG), responsive design, lazy loading, asset optimization, XSS prevention, CSP, frontend performance. Excludes: backend code, infrastructure, API design, security beyond XSS, performance profiling beyond frontend. Triggers: "frontend", "React", "Vue", "Angular", "component", "state management", "accessibility", "WCAG", "responsive", "XSS", "CSP".

GitHub Actionsワークフローでの安全な秘密情報管理を実現する。リポジトリ/環境/組織/Dependabotの4種類のシークレット使い分け、OIDCによるクラウド認証、ローテーション、監査を包括的に提供する。Anchors:• Web Application Security (Andrew Hoffman) / 適用: 脅威モデリング・セキュア設計 / 目的: シークレット管理戦略の基盤• GitHub Actions Secrets API / 適用: シークレット設定・アクセス制御 / 目的: 各タイプの正確な使い分け• OpenID Connect (OIDC) Specification / 適用: クラウドプロバイダー認証 / 目的: 長期認証情報の排除Trigger:Use when configuring GitHub Actions secrets, implementing cloud OIDC authentication, rotating secrets, or auditing secret access patterns.GitHub secrets, OIDC, secret rotation, environment secrets, organization secrets, cloud authentication

認証・認可の設計とセキュリティ検証（OAuth 2.0、JWT、セッション管理、アクセス制御）の実務指針を提供するスキル。脅威モデリング、トークン管理、権限モデルの選択を整理し、安全な認証基盤の設計判断を支援します。Anchors:• Web Application Security / 適用: 脅威モデリング / 目的: 認証・認可の脅威整理• OAuth 2.0 Simplified / 適用: フロー選定 / 目的: OAuth実装の安全性確保• OWASP ASVS / 適用: セキュリティ検証 / 目的: 要件基準の確認Trigger:Use when designing or reviewing authentication/authorization flows, selecting OAuth/JWT/session strategies, or validating access control and token security.

This skill enables Claude to manage container registries, including ECR, GCR, and Harbor. It should be used when the user needs to create, configure, or manage container image registries. It helps generate production-ready configurations, implement best practices, and ensure a security-first approach. Use this skill when the user mentions terms like "container registry," "ECR," "GCR," "Harbor," "image repository," or requests assistance with managing container images. It's also helpful for generating configuration code for DevOps pipelines related to container registries.

This skill enables Claude to check session security implementations within a codebase. It analyzes session management practices to identify potential vulnerabilities. Use this skill when a user requests to "check session security", "audit session handling", "review session implementation", or asks about "session security best practices" in their code. It helps identify issues like insecure session IDs, lack of proper session expiration, or insufficient protection against session fixation attacks. This skill leverages the session-security-checker plugin.

This skill assists with SOC2 audit preparation by automating tasks related to evidence gathering and documentation. It leverages the soc2-audit-helper plugin to generate reports, identify potential compliance gaps, and suggest remediation steps. Use this skill when the user requests help with "SOC2 audit", "compliance check", "security controls", "audit preparation", or "evidence gathering" related to SOC2. It streamlines the initial stages of SOC2 compliance, focusing on automated data collection and preliminary analysis.

Service mesh implementation with Istio for traffic management, security, and observability. Use when implementing mTLS, traffic routing, circuit breakers, or service-to-service communication. Triggers: istio, service mesh, virtualservice, destinationrule, gateway, mtls, sidecar, envoy, traffic management.

Industry-specific guide for implementing Fullstory in banking and financial services applications. Covers regulatory requirements (PCI DSS, GLBA, SOX), privacy controls for sensitive financial data, authentication flows, transaction monitoring, and fraud detection patterns. Includes detailed examples for retail banking, investment platforms, and payment applications.

Domain specialist for API routing, route discovery, middleware analysis, and parameter validation. Scope: route discovery patterns, automatic route detection, route mapping, middleware analysis, URL patterns, parameter validation, URL injection prevention. Excludes: backend business logic, database queries, security operations beyond URL injection, frontend routing. Triggers: "routing", "route", "URL pattern", "middleware", "parameter validation", "route discovery", "endpoint", "path", "slug".

DevSecOps practices including secrets management, SSL/TLS, vulnerability scanning, and compliance

This skill enables Claude to validate Cross-Origin Resource Sharing (CORS) policies. It uses the cors-policy-validator plugin to analyze CORS configurations and identify potential security vulnerabilities. Use this skill when the user requests to "validate CORS policy", "check CORS configuration", "analyze CORS headers", or asks about "CORS security". It helps ensure that CORS policies are correctly implemented, preventing unauthorized cross-origin requests and protecting sensitive data.

This skill configures service meshes like Istio and Linkerd for microservices. It generates production-ready configurations, implements best practices, and ensures a security-first approach. Use this skill when the user asks to "configure service mesh", "setup Istio", "setup Linkerd", or requests assistance with "service mesh configuration" for their microservices architecture. The configurations will be tailored to the specified infrastructure requirements.