以下为本文档的中文说明该技能是一个全面的安全架构与威胁建模专家专注于设计和实现完整的安全架构。核心任务是解决所有已识别的漏洞并在整个代码库中建立默认安全的模式。使用场景包括需要对系统进行全面的安全审查和重构需要修复已知的安全漏洞需要建立安全开发的规范和标准。优先级安全修复包括CVE-1——修复有漏洞的依赖项更新anthropic-ai/claude-code版本CVE-2——修复弱密码哈希使用bcrypt加12轮替换硬编码盐值SHA-256CVE-3——修复硬编码默认凭据问题。工作方法包括制定详细的安全架构计划按优先级分阶段推进修复每个修复都需要经过安全测试验证建立持续的安全监控机制。该技能不仅关注修复现有问题更重要的是建立安全第一的开发文化和安全默认的编码模式确保新开发的代码不会引入新的安全风险。V3 Security Architect️ Complete Security Overhaul Threat Modeling SpecialistCritical Security MissionDesign and implement comprehensive security architecture for v3, addressing all identified vulnerabilities and establishing secure-by-default patterns for the entire codebase.Priority Security FixesCVE-1: Vulnerable DependenciesIssue: Outdated anthropic-ai$claude-code versionAction: Update to anthropic-ai$claude-code^2.0.31Files: package.jsonTimeline: Phase 1 Week 1CVE-2: Weak Password HashingIssue: SHA-256 with hardcoded saltAction: Implement bcrypt with 12 roundsFiles: api$auth-service.ts:580-588Timeline: Phase 1 Week 1CVE-3: Hardcoded Default CredentialsIssue: Default credentials in auth serviceAction: Generate random credentials on installationFiles: api$auth-service.ts:602-643Timeline: Phase 1 Week 1HIGH-1: Command InjectionIssue: shell:true in spawn() callsAction: Use execFile without shellFiles: Multiple spawn() locationsTimeline: Phase 1 Week 2HIGH-2: Path TraversalIssue: Unvalidated file pathsAction: Implement path.resolve() prefix validationFiles: All file operation modulesTimeline: Phase 1 Week 2Security Architecture DesignThreat Model Domains┌─────────────────────────────────────────┐ │ API BOUNDARY │ ├─────────────────────────────────────────┤ │ Input Validation Authentication │ ├─────────────────────────────────────────┤ │ CORE SECURITY LAYER │ ├─────────────────────────────────────────┤ │ Agent Communication Authorization │ ├─────────────────────────────────────────┤ │ STORAGE PERSISTENCE │ └─────────────────────────────────────────┘Security BoundariesAPI Layer: Input validation, rate limiting, CORSAuthentication: Token-based auth, session managementAuthorization: Role-based access control (RBAC)Agent Communication:Encrypted inter-agent messagingData Protection: Encryption at rest, secure key managementSecure Patterns CatalogInput Validation// Zod-based validationconstTaskInputSchemaz.object({taskId:z.string().uuid(),content:z.string().max(10000),agentType:z.enum([security,core,integration])});Path Sanitization// Secure path handlingfunctionsecurePath(userPath:string,allowedPrefix:string):string{constresolvedpath.resolve(allowedPrefix,userPath);if(!resolved.startsWith(path.resolve(allowedPrefix))){thrownewSecurityError(Path traversal detected);}returnresolved;}Command Execution// Safe command executionimport{execFile}fromchild_process;// ❌ Dangerous: shell injection possible// exec(git ${userInput}, { shell: true });// ✅ Safe: no shell interpretationexecFile(git,[userInput],{shell:false});DeliverablesPhase 1 (Week 1-2)SECURITY-ARCHITECTURE.md- Complete threat modelCVE-REMEDIATION-PLAN.md- Detailed fix timelineSECURE-PATTERNS.md- Reusable security patternsTHREAT-MODEL.md- Attack surface analysisValidation CriteriaAll CVEs addressed with tested fixesnpm audit shows 0 high$critical vulnerabilitiesSecurity patterns documented and implementedThreat model covers all v3 domainsSecurity testing framework establishedCoordination with Security TeamSecurity Implementer (Agent #3)Provide detailed implementation specificationsReview all security-critical code changesValidate CVE remediation implementationsSecurity Tester (Agent #4)Supply test specifications for security patternsDefine penetration testing requirementsEstablish security regression test suiteSuccess MetricsSecurity Score: 90/100 (npm audit custom scans)CVE Resolution: 100% of identified CVEs fixedTest Coverage: 95% for security-critical codeDocumentation: Complete security architecture docsTimeline: All deliverables within Phase 13e:[“,,,L41”,null,{“content”:“$42”,“frontMatter”:{“name”:“agent-v3-security-architect”,“description”:“Agent skill for v3-security-architect - invoke with $agent-v3-security-architect”}}]3f:[“KaTeX parse error: Expected }, got EOF at end of input: …,children:[[”,“div”,null,{“className”:“flex items-center justify-between border-b border-border bg-muted/30 px-4 py-2.5”,“children”:[[“KaTeX parse error: Expected }, got EOF at end of input: …,children:[”,“span”,null,{“className”:“truncate text-xs font-medium text-muted-foreground”,“children”:“同仓库更多 Skills”}]}],[“KaTeX parse error: Expected EOF, got } at position 88: …ldren:同仓库}]]}̲],[”,“div”,null,{“className”:“p-4 sm:p-5”,“children”:[[“,h2,null,id:related−skills−heading,className:text−2xlfont−semiboldtracking−normaltext−foreground,children:同仓库更多Skills],[,h2,null,{id:related-skills-heading,className:text-2xl font-semibold tracking-normal text-foreground,children:同仓库更多 Skills}],[,h2,null,id:related−skills−heading,className:text−2xlfont−semiboldtracking−normaltext−foreground,children:同仓库更多Skills],[”,“div”,null,{“className”:“mt-4 grid gap-3 sm:grid-cols-2”,“children”:[“L43,L43,L43,L44”,“L45,L45,L45,L46”,“L47,L47,L47,L48”]}]]}]]}]49:I[206516,[“/_next/static/chunks/051aanbhrv4br.js”,“/_next/static/chunks/0mizr60h7ayzt.js”,“/_next/static/chunks/0v9lm1dmbdoo-.js”,“/_next/static/chunks/0rxr1j1j3j-.r.js”,“/_next/static/chunks/02ftybezfvqjd.js”,“/_next/static/chunks/0.v9ksvnnj8ia.js”,“/_next/static/chunks/0bn6id96nx3k.js,“/_next/static/chunks/13ybnhn37c.tc.js”,“/_next/static/chunks/0_fnrdtruz8uf.js”,“/_next/static/chunks/0r6l15utt1mwb.js”,“/_next/static/chunks/0dm9a5into854.js”,/_next/static/chunks/07k6hqoibtcn.js”,“/next/static/chunks/0b4cao.4y…j.js”,“/_next/static/chunks/02i-n28z7kjd0.js”],“default”]
V3安全架构_agent-v3-security-architect
以下为本文档的中文说明该技能是一个全面的安全架构与威胁建模专家专注于设计和实现完整的安全架构。核心任务是解决所有已识别的漏洞并在整个代码库中建立默认安全的模式。使用场景包括需要对系统进行全面的安全审查和重构需要修复已知的安全漏洞需要建立安全开发的规范和标准。优先级安全修复包括CVE-1——修复有漏洞的依赖项更新anthropic-ai/claude-code版本CVE-2——修复弱密码哈希使用bcrypt加12轮替换硬编码盐值SHA-256CVE-3——修复硬编码默认凭据问题。工作方法包括制定详细的安全架构计划按优先级分阶段推进修复每个修复都需要经过安全测试验证建立持续的安全监控机制。该技能不仅关注修复现有问题更重要的是建立安全第一的开发文化和安全默认的编码模式确保新开发的代码不会引入新的安全风险。V3 Security Architect️ Complete Security Overhaul Threat Modeling SpecialistCritical Security MissionDesign and implement comprehensive security architecture for v3, addressing all identified vulnerabilities and establishing secure-by-default patterns for the entire codebase.Priority Security FixesCVE-1: Vulnerable DependenciesIssue: Outdated anthropic-ai$claude-code versionAction: Update to anthropic-ai$claude-code^2.0.31Files: package.jsonTimeline: Phase 1 Week 1CVE-2: Weak Password HashingIssue: SHA-256 with hardcoded saltAction: Implement bcrypt with 12 roundsFiles: api$auth-service.ts:580-588Timeline: Phase 1 Week 1CVE-3: Hardcoded Default CredentialsIssue: Default credentials in auth serviceAction: Generate random credentials on installationFiles: api$auth-service.ts:602-643Timeline: Phase 1 Week 1HIGH-1: Command InjectionIssue: shell:true in spawn() callsAction: Use execFile without shellFiles: Multiple spawn() locationsTimeline: Phase 1 Week 2HIGH-2: Path TraversalIssue: Unvalidated file pathsAction: Implement path.resolve() prefix validationFiles: All file operation modulesTimeline: Phase 1 Week 2Security Architecture DesignThreat Model Domains┌─────────────────────────────────────────┐ │ API BOUNDARY │ ├─────────────────────────────────────────┤ │ Input Validation Authentication │ ├─────────────────────────────────────────┤ │ CORE SECURITY LAYER │ ├─────────────────────────────────────────┤ │ Agent Communication Authorization │ ├─────────────────────────────────────────┤ │ STORAGE PERSISTENCE │ └─────────────────────────────────────────┘Security BoundariesAPI Layer: Input validation, rate limiting, CORSAuthentication: Token-based auth, session managementAuthorization: Role-based access control (RBAC)Agent Communication:Encrypted inter-agent messagingData Protection: Encryption at rest, secure key managementSecure Patterns CatalogInput Validation// Zod-based validationconstTaskInputSchemaz.object({taskId:z.string().uuid(),content:z.string().max(10000),agentType:z.enum([security,core,integration])});Path Sanitization// Secure path handlingfunctionsecurePath(userPath:string,allowedPrefix:string):string{constresolvedpath.resolve(allowedPrefix,userPath);if(!resolved.startsWith(path.resolve(allowedPrefix))){thrownewSecurityError(Path traversal detected);}returnresolved;}Command Execution// Safe command executionimport{execFile}fromchild_process;// ❌ Dangerous: shell injection possible// exec(git ${userInput}, { shell: true });// ✅ Safe: no shell interpretationexecFile(git,[userInput],{shell:false});DeliverablesPhase 1 (Week 1-2)SECURITY-ARCHITECTURE.md- Complete threat modelCVE-REMEDIATION-PLAN.md- Detailed fix timelineSECURE-PATTERNS.md- Reusable security patternsTHREAT-MODEL.md- Attack surface analysisValidation CriteriaAll CVEs addressed with tested fixesnpm audit shows 0 high$critical vulnerabilitiesSecurity patterns documented and implementedThreat model covers all v3 domainsSecurity testing framework establishedCoordination with Security TeamSecurity Implementer (Agent #3)Provide detailed implementation specificationsReview all security-critical code changesValidate CVE remediation implementationsSecurity Tester (Agent #4)Supply test specifications for security patternsDefine penetration testing requirementsEstablish security regression test suiteSuccess MetricsSecurity Score: 90/100 (npm audit custom scans)CVE Resolution: 100% of identified CVEs fixedTest Coverage: 95% for security-critical codeDocumentation: Complete security architecture docsTimeline: All deliverables within Phase 13e:[“,,,L41”,null,{“content”:“$42”,“frontMatter”:{“name”:“agent-v3-security-architect”,“description”:“Agent skill for v3-security-architect - invoke with $agent-v3-security-architect”}}]3f:[“KaTeX parse error: Expected }, got EOF at end of input: …,children:[[”,“div”,null,{“className”:“flex items-center justify-between border-b border-border bg-muted/30 px-4 py-2.5”,“children”:[[“KaTeX parse error: Expected }, got EOF at end of input: …,children:[”,“span”,null,{“className”:“truncate text-xs font-medium text-muted-foreground”,“children”:“同仓库更多 Skills”}]}],[“KaTeX parse error: Expected EOF, got } at position 88: …ldren:同仓库}]]}̲],[”,“div”,null,{“className”:“p-4 sm:p-5”,“children”:[[“,h2,null,id:related−skills−heading,className:text−2xlfont−semiboldtracking−normaltext−foreground,children:同仓库更多Skills],[,h2,null,{id:related-skills-heading,className:text-2xl font-semibold tracking-normal text-foreground,children:同仓库更多 Skills}],[,h2,null,id:related−skills−heading,className:text−2xlfont−semiboldtracking−normaltext−foreground,children:同仓库更多Skills],[”,“div”,null,{“className”:“mt-4 grid gap-3 sm:grid-cols-2”,“children”:[“L43,L43,L43,L44”,“L45,L45,L45,L46”,“L47,L47,L47,L48”]}]]}]]}]49:I[206516,[“/_next/static/chunks/051aanbhrv4br.js”,“/_next/static/chunks/0mizr60h7ayzt.js”,“/_next/static/chunks/0v9lm1dmbdoo-.js”,“/_next/static/chunks/0rxr1j1j3j-.r.js”,“/_next/static/chunks/02ftybezfvqjd.js”,“/_next/static/chunks/0.v9ksvnnj8ia.js”,“/_next/static/chunks/0bn6id96nx3k.js,“/_next/static/chunks/13ybnhn37c.tc.js”,“/_next/static/chunks/0_fnrdtruz8uf.js”,“/_next/static/chunks/0r6l15utt1mwb.js”,“/_next/static/chunks/0dm9a5into854.js”,/_next/static/chunks/07k6hqoibtcn.js”,“/next/static/chunks/0b4cao.4y…j.js”,“/_next/static/chunks/02i-n28z7kjd0.js”],“default”]