zhongwei/gh-jeremylongshore-claude-code-plugins-plus-plugins-packages-security-pro-pack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Zhongwei Li
2025-11-30 08:20:37 +08:00
commit 1862bc9ff7
10 changed files with 445 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,13 @@
{
"name": "security-pro-pack",
"description": "Professional security tools for Claude Code: vulnerability scanning, compliance, cryptography audit, container & API security",
"version": "1.0.0",
"author": {
"name": "Jeremy Longshore",
"email": "[email protected]",
"url": "https://github.com/jeremylongshore"
},
"skills": [
"./skills"
]
}

3
README.md Normal file
View File

@@ -0,0 +1,3 @@
# security-pro-pack
Professional security tools for Claude Code: vulnerability scanning, compliance, cryptography audit, container & API security

69
plugin.lock.json Normal file
View File

@@ -0,0 +1,69 @@
{
"$schema": "internal://schemas/plugin.lock.v1.json",
"pluginId": "gh:jeremylongshore/claude-code-plugins-plus:plugins/packages/security-pro-pack",
"normalized": {
"repo": null,
"ref": "refs/tags/v20251128.0",
"commit": "e105dc14ce57645f176ea2489eb387a98a7bbe38",
"treeHash": "58847a07330a6a8b1597f5b6d7250cacb303cfb9d44d9747ff9e6a583f897416",
"generatedAt": "2025-11-28T10:18:44.581299Z",
"toolVersion": "publish_plugins.py@0.2.0"
},
"origin": {
"remote": "git@github.com:zhongweili/42plugin-data.git",
"branch": "master",
"commit": "aa1497ed0949fd50e99e70d6324a29c5b34f9390",
"repoRoot": "/Users/zhongweili/projects/openmind/42plugin-data"
},
"manifest": {
"name": "security-pro-pack",
"description": "Professional security tools for Claude Code: vulnerability scanning, compliance, cryptography audit, container & API security",
"version": "1.0.0"
},
"content": {
"files": [
{
"path": "README.md",
"sha256": "85852c845ce3f4b760717b92383825e7d965014d030dae5962e3df5efd4725bf"
},
{
"path": ".claude-plugin/plugin.json",
"sha256": "8660f97f18005a6314bfeb5ed552abefecbc7cbcf55fbdad5b5435257ad71760"
},
{
"path": "skills/security-pro-pack/SKILL.md",
"sha256": "c14c9cdc5af1b6ca5f9cad33b056d3f9257d9258e1035eb28a13f136d2fa4a1d"
},
{
"path": "skills/security-pro-pack/references/README.md",
"sha256": "88e27fd6cd34bfcdf026f06f9d3a770e7cda47f5749f869a969d961645e3e612"
},
{
"path": "skills/security-pro-pack/scripts/README.md",
"sha256": "984803cdf134e96236d531b59dc9816e7035792e6f6a456c6518c20d96d4cb52"
},
{
"path": "skills/security-pro-pack/assets/compliance_report_template.md",
"sha256": "6d9a6707b4abaf77811f7021109f003f0a5ca30d503761904aaf2a2f509f7723"
},
{
"path": "skills/security-pro-pack/assets/README.md",
"sha256": "ef0ac7756877faf17f6455411d43acc54607fd16b209e0474404b963b3f58be7"
},
{
"path": "skills/security-pro-pack/assets/security_scan_report_template.md",
"sha256": "8fa92a8f40856bf42825e6b7ca677831f559725142d00b6f57adf46365efad85"
},
{
"path": "skills/security-pro-pack/assets/threat_model_template.md",
"sha256": "8b026065abb7338835c2bdcdc8dd61463f0117b3b5d8edc60d37e4c5fef8095e"
}
],
"dirSha256": "58847a07330a6a8b1597f5b6d7250cacb303cfb9d44d9747ff9e6a583f897416"
},
"security": {
"scannedAt": null,
"scannerVersion": null,
"flags": []
}
}

55
skills/security-pro-pack/SKILL.md Normal file
View File

@@ -0,0 +1,55 @@
---
name: performing-security-audits
description: |
This skill allows Claude to conduct comprehensive security audits of code, infrastructure, and configurations. It leverages various tools within the security-pro-pack plugin, including vulnerability scanning, compliance checking, cryptography review, and infrastructure security analysis. Use this skill when a user requests a "security audit," "vulnerability assessment," "compliance review," or any task involving identifying and mitigating security risks. It helps to ensure code and systems adhere to security best practices and compliance standards. Activates when you request "performing security audits" functionality.
allowed-tools: Read, Write, Edit, Grep, Glob, Bash
version: 1.0.0
---
## Overview
This skill empowers Claude to perform in-depth security audits across various domains, from code vulnerability scanning to compliance verification and infrastructure security assessment. It utilizes the specialized tools within the security-pro-pack to provide a comprehensive security posture analysis.
## How It Works
1. **Analysis Selection**: Claude determines the appropriate security-pro-pack tool (e.g., `Security Auditor Expert`, `Compliance Checker`, `Crypto Audit`) based on the user's request and the context of the code or system being analyzed.
2. **Execution**: Claude executes the selected tool, providing it with the relevant code, configuration files, or API endpoints.
3. **Reporting**: Claude aggregates and presents the findings in a clear, actionable report, highlighting vulnerabilities, compliance issues, and potential security risks, along with suggested remediation steps.
## When to Use This Skill
This skill activates when you need to:
- Assess the security of code for vulnerabilities like those in the OWASP Top 10.
- Evaluate compliance with standards such as HIPAA, PCI DSS, GDPR, or SOC 2.
- Review cryptographic implementations for weaknesses.
- Perform container security scans or API security audits.
## Examples
### Example 1: Vulnerability Assessment
User request: "Please perform a security audit on this authentication code to find any potential vulnerabilities."
The skill will:
1. Invoke the `Security Auditor Expert` agent.
2. Analyze the provided authentication code for common vulnerabilities.
3. Generate a report detailing any identified vulnerabilities, their severity, and recommended fixes.
### Example 2: Compliance Check
User request: "Check this application against GDPR compliance requirements."
The skill will:
1. Invoke the `Compliance Checker` agent.
2. Evaluate the application's architecture and code against GDPR guidelines.
3. Generate a report highlighting any non-compliant areas and suggesting necessary changes.
## Best Practices
- **Specificity**: Provide clear and specific instructions about the scope of the audit (e.g., "audit this specific function" instead of "audit the whole codebase").
- **Context**: Include relevant context about the application, infrastructure, or data being audited to enable more accurate and relevant results.
- **Iteration**: Use the skill iteratively, addressing the most critical findings first and then progressively improving the overall security posture.
## Integration
This skill seamlessly integrates with all other components of the security-pro-pack plugin. It also works well with Claude's existing code analysis capabilities, allowing for a holistic and integrated security review process.

7
skills/security-pro-pack/assets/README.md Normal file
View File

@@ -0,0 +1,7 @@
# Assets
Bundled resources for security-pro-pack skill
- [ ] security_scan_report_template.md: Template for generating security scan reports.
- [ ] compliance_report_template.md: Template for generating compliance reports.
- [ ] threat_model_template.md: Template for creating threat models.

81
skills/security-pro-pack/assets/compliance_report_template.md Normal file
View File

@@ -0,0 +1,81 @@
# Compliance Report
**Project Name:** [Enter Project Name Here]
**Report Date:** [Enter Date Here]
**Prepared By:** [Enter Your Name/Organization Here]
## 1. Executive Summary
[Provide a brief overview of the project's compliance status. Highlight key findings and recommendations. For example: "This report summarizes the compliance assessment of the [Project Name] project against [Compliance Standard, e.g., PCI DSS v4.0]. The project is generally compliant, however, several minor areas for improvement were identified, detailed in Section 3. Overall risk is considered low."]
## 2. Scope of Assessment
### 2.1. Targeted Systems and Components
[List the specific systems, applications, infrastructure components, and data flows that were included in this compliance assessment. Be specific. For example: "This assessment covered the following systems: Web application server (version X), Database server (version Y), Payment processing API (version Z), and the network segment containing these systems."]
### 2.2. Compliance Standard
[Specify the compliance standard(s) against which the project was assessed. Provide the full name and version of the standard. For example: "Payment Card Industry Data Security Standard (PCI DSS) version 4.0", "General Data Protection Regulation (GDPR)", "SOC 2 Type II"]
### 2.3. Assessment Methodology
[Describe the methodology used to conduct the compliance assessment. This should include the tools, techniques, and processes employed. For example: "The assessment included automated vulnerability scanning using [Tool Name], manual code review, configuration review, and interviews with key personnel."]
## 3. Findings and Recommendations
[This section details the specific findings of the compliance assessment, organized by compliance requirement or control. For each finding, provide a clear description of the issue, the potential impact, and a specific recommendation for remediation.]
**Example:**
### 3.1. PCI DSS Requirement 3.2: Do not store sensitive authentication data after authorization (even if encrypted).
* **Finding:** The application stores the Card Verification Value (CVV) in the database after transaction processing.
* **Impact:** This violates PCI DSS requirement 3.2 and significantly increases the risk of data breach. Storing CVV data is strictly prohibited.
* **Recommendation:** Modify the application to prevent the storage of CVV data after authorization. CVV data should only be used for the initial transaction and then discarded. Implement processes to ensure no CVV data exists in the database and schedule regular audits to verify adherence.
### 3.2. [Compliance Standard] Requirement [Number]: [Requirement Description]
* **Finding:** [Detailed description of the non-compliance issue.]
* **Impact:** [Explanation of the potential consequences of the non-compliance issue.]
* **Recommendation:** [Specific steps to remediate the non-compliance issue.]
[Repeat the above structure for each finding related to the compliance standard being assessed.]
## 4. Overall Compliance Status
[Provide a summary of the overall compliance status of the project, based on the findings in Section 3. Classify the compliance status (e.g., Compliant, Partially Compliant, Non-Compliant). For example: "Based on the assessment, the [Project Name] project is considered *Partially Compliant* with PCI DSS v4.0. While the project meets the majority of the requirements, the findings detailed in Section 3 must be addressed to achieve full compliance."]
## 5. Remediation Plan
[Outline a plan for addressing the findings identified in Section 3. This should include specific actions, responsible parties, and target completion dates. For example:]
| Finding | Action | Responsible Party | Target Completion Date | Status |
|---|---|---|---|---|
| 3.1: Storing CVV data | Modify application to prevent CVV storage | Development Team | 2024-10-27 | In Progress |
| 3.2: [Compliance Standard] Requirement [Number] | [Remediation Action] | [Responsible Party] | [Target Completion Date] | [Status] |
## 6. Supporting Documentation
[List any supporting documentation used in the compliance assessment, such as:
* System architecture diagrams
* Configuration files
* Code review reports
* Vulnerability scan reports
* Policy documents
* Training records]
## 7. Assumptions and Limitations
[List any assumptions made during the compliance assessment and any limitations that may affect the accuracy or completeness of the report. For example: "This assessment was based on the information provided by [Project Team] and the configuration of the systems at the time of the assessment. The scope was limited to the systems listed in Section 2.1. The assessment did not include penetration testing."]
## 8. Conclusion
[Provide a final summary of the compliance status and reiterate any key recommendations. For example: "While the [Project Name] project is currently considered *Partially Compliant*, addressing the findings outlined in this report will bring the project into full compliance with [Compliance Standard]. Continued monitoring and regular compliance assessments are recommended to maintain a strong security posture."]

100
skills/security-pro-pack/assets/security_scan_report_template.md Normal file
View File

@@ -0,0 +1,100 @@
# Security Scan Report
**Generated by: Security Pro Pack - Vulnerability Scanner Plugin**
**Date:** `[Insert Date of Scan: YYYY-MM-DD]`
**Time:** `[Insert Time of Scan: HH:MM:SS UTC]`
**Report ID:** `[Insert Unique Report ID]`
## 1. Executive Summary
`[Provide a high-level overview of the security scan findings. Include the total number of vulnerabilities found, the severity distribution, and a brief summary of the most critical issues. Example: This report summarizes the results of a vulnerability scan performed on [Target]. A total of [Number] vulnerabilities were identified, with [Number] classified as Critical, [Number] as High, [Number] as Medium, and [Number] as Low. The most critical issues involve [Briefly describe the most critical issues].]`
## 2. Scan Details
* **Target:** `[Specify the target of the scan (e.g., repository URL, file path, container image name, API endpoint). Example: Repository: github.com/example/project]`
* **Scan Type:** `[Specify the type of scan performed (e.g., Static Analysis, Dynamic Analysis, Dependency Scan). Example: Static Analysis]`
* **Scanner Version:** `[Specify the version of the Security Pro Pack plugin and the underlying scanner used. Example: Security Pro Pack - Vulnerability Scanner v1.0.0 using Semgrep v1.10.0]`
* **Configuration:** `[Describe any custom configurations or settings used during the scan. If default settings were used, state that. Example: Default Semgrep ruleset was used.]`
* **Scan Duration:** `[Specify the total time taken to complete the scan. Example: 5 minutes 30 seconds]`
## 3. Vulnerability Findings
This section details the vulnerabilities identified during the scan. Each vulnerability is listed with its severity, description, location, and recommended remediation.
### 3.1 Critical Vulnerabilities
`[List all vulnerabilities classified as Critical. For each vulnerability, provide the following information:]`
* **Vulnerability ID:** `[Unique identifier for the vulnerability. Example: CRITICAL-001]`
* **Description:** `[Detailed explanation of the vulnerability and its potential impact. Example: SQL Injection vulnerability in the login form allows attackers to execute arbitrary SQL commands.]`
* **Severity:** **Critical**
* **Location:** `[Precise location of the vulnerability in the code or configuration. Example: src/auth/login.php: line 42]`
* **Affected Component:** `[Specify which component or module is affected. Example: Authentication Module]`
* **Recommendation:** `[Specific steps to remediate the vulnerability. Example: Implement parameterized queries or use an ORM to prevent SQL injection.]`
* **Evidence:** `[Provide evidence of the vulnerability, such as code snippets, request/response examples, or screenshots. Example: Code snippet showing the vulnerable SQL query.]`
### 3.2 High Vulnerabilities
`[List all vulnerabilities classified as High. For each vulnerability, provide the same information as in section 3.1.]`
* **Vulnerability ID:** `[Unique identifier for the vulnerability. Example: HIGH-002]`
* **Description:** `[Detailed explanation of the vulnerability and its potential impact. Example: Cross-Site Scripting (XSS) vulnerability allows attackers to inject malicious scripts into the website.]`
* **Severity:** **High**
* **Location:** `[Precise location of the vulnerability in the code or configuration. Example: public/js/comment.js: line 15]`
* **Affected Component:** `[Specify which component or module is affected. Example: Commenting System]`
* **Recommendation:** `[Specific steps to remediate the vulnerability. Example: Implement proper input validation and output encoding to prevent XSS.]`
* **Evidence:** `[Provide evidence of the vulnerability, such as code snippets, request/response examples, or screenshots. Example: Example of a malicious script being injected and executed.]`
### 3.3 Medium Vulnerabilities
`[List all vulnerabilities classified as Medium. For each vulnerability, provide the same information as in section 3.1.]`
* **Vulnerability ID:** `[Unique identifier for the vulnerability. Example: MEDIUM-003]`
* **Description:** `[Detailed explanation of the vulnerability and its potential impact. Example: Insecure Direct Object Reference (IDOR) allows users to access resources belonging to other users.]`
* **Severity:** **Medium**
* **Location:** `[Precise location of the vulnerability in the code or configuration. Example: src/profile/profile.php: line 28]`
* **Affected Component:** `[Specify which component or module is affected. Example: User Profile Module]`
* **Recommendation:** `[Specific steps to remediate the vulnerability. Example: Implement proper authorization checks to ensure users can only access their own resources.]`
* **Evidence:** `[Provide evidence of the vulnerability, such as code snippets, request/response examples, or screenshots. Example: Example of a user accessing another user's profile.]`
### 3.4 Low Vulnerabilities
`[List all vulnerabilities classified as Low. For each vulnerability, provide the same information as in section 3.1.]`
* **Vulnerability ID:** `[Unique identifier for the vulnerability. Example: LOW-004]`
* **Description:** `[Detailed explanation of the vulnerability and its potential impact. Example: Information leakage through error messages.]`
* **Severity:** **Low**
* **Location:** `[Precise location of the vulnerability in the code or configuration. Example: config/database.php]`
* **Affected Component:** `[Specify which component or module is affected. Example: Database Configuration]`
* **Recommendation:** `[Specific steps to remediate the vulnerability. Example: Disable detailed error messages in production environments.]`
* **Evidence:** `[Provide evidence of the vulnerability, such as code snippets, request/response examples, or screenshots. Example: Example of an error message revealing sensitive information.]`
## 4. Compliance Checks
`[If the scan included compliance checks, list the results here. Specify the compliance standard being checked (e.g., PCI DSS, HIPAA, GDPR) and the status of each requirement.]`
* **Compliance Standard:** `[Specify the compliance standard. Example: PCI DSS v3.2.1]`
* **Requirement 1.1.1:** `[Description of the requirement. Example: Establish and document security policies and operating procedures.]`
* **Status:** `[Pass/Fail. Example: Pass]`
* **Details:** `[Any relevant details about the compliance check. Example: Security policies and operating procedures are documented and reviewed annually.]`
* **Requirement 2.2.2:** `[Description of the requirement. Example: Implement and maintain a firewall configuration to protect cardholder data.]`
* **Status:** `[Pass/Fail. Example: Fail]`
* **Details:** `[Any relevant details about the compliance check. Example: Firewall rules are not properly configured to restrict access to cardholder data.]`
## 5. Recommendations
`[Provide general recommendations for improving the security posture of the target. This section should include advice on secure coding practices, vulnerability management, and security awareness training. Example: Implement a secure coding lifecycle, conduct regular vulnerability scans, and provide security awareness training to developers.]`
## 6. Conclusion
`[Summarize the overall security posture of the target based on the scan results. Highlight any significant risks and reiterate the importance of addressing the identified vulnerabilities. Example: The scan identified several critical and high vulnerabilities that pose a significant risk to the application. It is crucial to address these vulnerabilities promptly to protect sensitive data and prevent potential attacks.]`
## 7. Appendix
`[Include any additional information or supporting documentation, such as links to relevant resources or detailed scan logs. Example: Links to relevant security advisories and documentation on vulnerability remediation.]`
* [Link to Security Advisories](`[Insert Link Here]`)
* [Link to Vulnerability Remediation Documentation](`[Insert Link Here]`)
* [Detailed Scan Logs (Attached Separately)]

99
skills/security-pro-pack/assets/threat_model_template.md Normal file
View File

@@ -0,0 +1,99 @@
# Threat Model Template
This template is designed to help you create a comprehensive threat model for your application or system. Use this template as a starting point, tailoring it to your specific needs and context.
## 1. Introduction
* **Project Name:** [Enter Project Name Here]
* **Version:** [Enter Version Number Here]
* **Author(s):** [Enter Author(s) Here]
* **Date:** [Enter Date Here]
* **Purpose:** [Describe the purpose of this threat model. For example: "To identify potential security threats to the [Project Name] application and outline mitigation strategies."]
## 2. System Overview
* **Description:** [Provide a high-level description of the system. What does it do? What are its key components?]
* **Architecture Diagram:** [Include a diagram showing the system architecture. This could be a simple block diagram or a more detailed representation. Consider using Mermaid diagrams.]
```mermaid
graph LR
A[User] --> B(Web Application);
B --> C{Database};
B --> D(API Server);
D --> E{External Service};
```
[Replace the above Mermaid diagram with your actual system architecture.]
* **Key Components:**
* [Component 1: Name, Description, Functionality]
* [Component 2: Name, Description, Functionality]
* [Component 3: Name, Description, Functionality]
* [...]
* **Data Flow:** [Describe how data flows through the system. Where does data originate? Where is it stored? How is it transformed?]
## 3. Threat Modeling Methodology
* **Methodology Used:** [Specify the threat modeling methodology used (e.g., STRIDE, PASTA, OCTAVE). If you're using a custom approach, describe it here.]
* **Assumptions:** [List any assumptions made during the threat modeling process. For example: "We assume that the underlying operating system is patched and up-to-date."]
* **Scope:** [Define the scope of the threat model. What parts of the system are included? What parts are excluded?]
## 4. Threat Identification
Use the following table to document identified threats. Feel free to add columns as needed.
| Threat ID | Component | Threat Category | Threat Description | Impact | Likelihood | Risk Rating | Mitigation Strategy | Status | Owner |
|---|---|---|---|---|---|---|---|---|---|
| T-001 | Web Application | Injection | SQL injection vulnerability in the login form. | High (Data Breach) | Medium | High | Implement parameterized queries or an ORM. | Planned | Dev Team |
| T-002 | API Server | Authentication | Weak API authentication mechanism. | Medium (Unauthorized Access) | High | High | Implement OAuth 2.0 or JWT authentication. | In Progress | Security Team |
| T-003 | Database | Data Security | Unencrypted sensitive data stored in the database. | High (Data Breach) | Low | Medium | Implement database encryption. | To Do | DBA |
| T-004 | External Service | Availability | Dependency on an external service with no redundancy. | Medium (Service Interruption) | Low | Low | Implement circuit breaker pattern or failover mechanism. | Reviewed | DevOps |
| [...] | [...] | [...] | [...] | [...] | [...] | [...] | [...] | [...] | [...] |
**Column Definitions:**
* **Threat ID:** A unique identifier for the threat.
* **Component:** The component of the system affected by the threat.
* **Threat Category:** The category of the threat (e.g., Injection, Authentication, Data Security, Availability). You can use STRIDE categories (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) as a starting point.
* **Threat Description:** A detailed description of the threat.
* **Impact:** The potential impact of the threat if it is realized (e.g., High, Medium, Low). Consider factors like data breach, service disruption, financial loss, and reputational damage.
* **Likelihood:** The likelihood of the threat being realized (e.g., High, Medium, Low). Consider factors like the attacker's skill level, the attractiveness of the target, and the presence of existing security controls.
* **Risk Rating:** The overall risk rating, typically calculated by multiplying Impact and Likelihood (e.g., High, Medium, Low).
* **Mitigation Strategy:** The proposed mitigation strategy to address the threat.
* **Status:** The current status of the mitigation strategy (e.g., Planned, In Progress, Completed, Reviewed).
* **Owner:** The individual or team responsible for implementing the mitigation strategy.
## 5. Data Flow Diagram (DFD) Analysis (Optional)
If a Data Flow Diagram (DFD) was created, include an analysis of potential threats at each stage of the data flow. This can supplement the table above.
* **Data Flow 1:** [Describe the data flow. e.g., User Login]
* **Process:** [Describe the process. e.g., User enters credentials on the login form.]
* **Potential Threats:** [List potential threats. e.g., Credential stuffing, XSS on the login page.]
* **Mitigation Strategies:** [List mitigation strategies. e.g., Rate limiting, input validation, output encoding.]
* **Data Store:** [Describe the data store. e.g., Database containing user credentials.]
* **Potential Threats:** [List potential threats. e.g., SQL injection, brute-force attack.]
* **Mitigation Strategies:** [List mitigation strategies. e.g., Parameterized queries, account lockout policy.]
* **Data Flow 2:** [Describe the data flow]
* [...]
## 6. Security Requirements
Based on the identified threats, define specific security requirements for the system.
* **Requirement 1:** [e.g., Implement multi-factor authentication for all user accounts.]
* **Justification:** [e.g., Mitigates the risk of unauthorized access due to compromised credentials.]
* **Requirement 2:** [e.g., Encrypt all sensitive data at rest and in transit.]
* **Justification:** [e.g., Protects data from unauthorized disclosure in case of a data breach.]
* **Requirement 3:** [e.g., Regularly scan the application for vulnerabilities.]
* **Justification:** [e.g., Identifies and addresses potential security flaws before they can be exploited.]
## 7. Conclusion
* **Summary of Findings:** [Summarize the key findings of the threat model.]
* **Recommendations:** [Provide recommendations for improving the security of the system.]
* **Next Steps:** [Outline the next steps to be taken, such as implementing the mitigation strategies and security requirements.]
## 8. Appendix (Optional)
* **Glossary of Terms:** [Define any technical terms used in the threat model.]
* **References:** [List any relevant references, such as security standards, best practices, or vendor documentation.]

10
skills/security-pro-pack/references/README.md Normal file
View File

@@ -0,0 +1,10 @@
# References
Bundled resources for security-pro-pack skill
- [ ] owasp_top_10.md: Detailed documentation on OWASP Top 10 vulnerabilities.
- [ ] hipaa_compliance.md: Guidelines and requirements for HIPAA compliance.
- [ ] pci_dss_compliance.md: Guidelines and requirements for PCI DSS compliance.
- [ ] gdpr_compliance.md: Guidelines and requirements for GDPR compliance.
- [ ] soc2_compliance.md: Guidelines and requirements for SOC 2 compliance.
- [ ] cryptography_best_practices.md: Best practices for cryptographic implementation (AES, RSA, bcrypt, Argon2).

8
skills/security-pro-pack/scripts/README.md Normal file
View File

@@ -0,0 +1,8 @@
# Scripts
Bundled resources for security-pro-pack skill
- [ ] security_scan.sh: Automates running various security scans (e.g., nmap, nessus) and parsing the results.
- [ ] compliance_check.py: Checks code and infrastructure against compliance standards (HIPAA, PCI DSS, GDPR, SOC 2).
- [ ] crypto_audit.py: Performs automated cryptographic code review, identifying potential vulnerabilities in cryptographic implementations.
- [ ] infrastructure_scan.sh: Scans infrastructure for security misconfigurations and vulnerabilities.