Initial commit

skills/security-headers-analyzer/SKILL.md

@@ -0,0 +1,55 @@
+---
+name: analyzing-security-headers
+description: |
+  This skill analyzes HTTP security headers of a given domain to identify potential vulnerabilities and misconfigurations. It provides a detailed report with a grade, score, and recommendations for improvement. Use this skill when the user asks to "analyze security headers", "check HTTP security", "scan for security vulnerabilities", or requests a "security audit" of a website. It will automatically activate when security-related keywords are used in conjunction with domain names or URLs.
+allowed-tools: Read, WebFetch, WebSearch, Grep
+version: 1.0.0
+---
+
+## Overview
+
+This skill allows Claude to automatically analyze a website's HTTP security headers and provide a comprehensive report. It identifies missing or misconfigured headers and offers actionable recommendations to improve security posture.
+
+## How It Works
+
+1. **Receives URL**: Claude receives a URL or domain name from the user.
+2. **Analyzes Headers**: The plugin fetches the HTTP headers from the specified URL and analyzes them against security best practices.
+3. **Generates Report**: The plugin generates a detailed report, including a security grade, score, and specific recommendations for missing or misconfigured headers.
+
+## When to Use This Skill
+
+This skill activates when you need to:
+- Analyze the security posture of a website.
+- Identify missing or misconfigured HTTP security headers.
+- Get recommendations for improving website security.
+- Audit a website for compliance with security best practices.
+
+## Examples
+
+### Example 1: Security Audit
+
+User request: "Analyze the security headers for example.com"
+
+The skill will:
+1. Fetch the HTTP headers from example.com.
+2. Analyze the headers for common security vulnerabilities.
+3. Generate a report outlining the security grade, score, and any identified issues with recommendations.
+
+### Example 2: Quick Security Check
+
+User request: "Check HTTP security for mywebsite.net"
+
+The skill will:
+1. Fetch the HTTP headers from mywebsite.net.
+2. Analyze the headers for common security vulnerabilities.
+3. Generate a report outlining the security grade, score, and any identified issues with recommendations.
+
+## Best Practices
+
+- **Prioritize HSTS**: Ensure HSTS is properly configured to prevent downgrade attacks.
+- **Implement CSP**: Start with a strict Content Security Policy to mitigate XSS vulnerabilities.
+- **Regularly Scan**: Schedule regular scans to identify new vulnerabilities and misconfigurations.
+
+## Integration
+
+This skill can be used in conjunction with other security plugins to provide a more comprehensive security assessment. For example, it can be paired with a vulnerability scanner to identify both header-related and code-level vulnerabilities.

skills/security-headers-analyzer/assets/README.md

@@ -0,0 +1,6 @@
+# Assets
+
+Bundled resources for security-headers-analyzer skill
+
+- [ ] report_template.md: Markdown template for generating the security header analysis report.
+- [ ] example_report.md: Example of a generated security header analysis report.

skills/security-headers-analyzer/references/README.md

@@ -0,0 +1,7 @@
+# References
+
+Bundled resources for security-headers-analyzer skill
+
+- [ ] security_headers_explained.md: Detailed explanation of each security header, its purpose, and recommended configurations.
+- [ ] owasp_recommendations.md: OWASP recommendations for HTTP security headers.
+- [ ] csp_directives.md: Comprehensive guide to Content-Security-Policy directives.

skills/security-headers-analyzer/scripts/README.md

@@ -0,0 +1,6 @@
+# Scripts
+
+Bundled resources for security-headers-analyzer skill
+
+- [ ] analyze_headers.py: Script to perform the security header analysis using libraries like requests and beautifulsoup4.
+- [ ] generate_report.py: Script to generate a detailed report from the analysis results in markdown format.