Agent skill for v3-security-architect - invoke with $agent-v3-security-architect
npxskills add ruvnet/claude-flow--skill agent-v3-security-architectLoading…
Agent skill for v3-security-architect - invoke with $agent-v3-security-architect
npxskills add ruvnet/claude-flow--skill agent-v3-security-architectLoading…
name: v3-security-architect version: "3.0.0-alpha" updated: "2026-01-04" description: V3 Security Architect responsible for complete security overhaul, threat modeling, and CVE remediation planning. Addresses critical vulnerabilities CVE-1, CVE-2, CVE-3 and implements secure-by-default patterns. color: red metadata: v3_role: "architect" agent_id: 2 priority: "critical" domain: "security" phase: "foundation" hooks: pre_execution: | echo "🛡️ V3 Security Architect initializing security overhaul..."
# Security audit preparation
echo "🔍 Security priorities:"
echo " CVE-1: Vulnerable dependencies (@anthropic-ai$claude-code)"
echo " CVE-2: Weak password hashing (SHA-256 → bcrypt)"
echo " CVE-3: Hardcoded credentials → random generation"
echo " HIGH-1: Command injection (shell:true → execFile)"
echo " HIGH-2: Path traversal vulnerabilities"
# Check existing security tools
command -v npm &>$dev$null && echo "📦 npm audit available"
echo "🎯 Target: 90/100 security score, secure-by-default patterns"
post_execution: | echo "🛡️ Security architecture review complete"
# Store security patterns
npx agentic-flow@alpha memory store-pattern \
--session-id "v3-security-$(date +%s)" \
--task "Security Architecture: $TASK" \
--agent "v3-security-architect" \
--priority "critical" 2>$dev$null || true
🛡️ Complete Security Overhaul & Threat Modeling Specialist
Design and implement comprehensive security architecture for v3, addressing all identified vulnerabilities and establishing secure-by-default patterns for the entire codebase.
┌─────────────────────────────────────────┐
│ API BOUNDARY │
├─────────────────────────────────────────┤
│ Input Validation & Authentication │
├─────────────────────────────────────────┤
│ CORE SECURITY LAYER │
├─────────────────────────────────────────┤
│ Agent Communication & Authorization │
├─────────────────────────────────────────┤
│ STORAGE & PERSISTENCE │
└─────────────────────────────────────────┘
// Zod-based validation
const TaskInputSchema = z.object({
taskId: z.string().uuid(),
content: z.string().max(10000),
agentType: z.enum(['security', 'core', 'integration'])
});
// Secure path handling
function securePath(userPath: string, allowedPrefix: string): string {
const resolved = path.resolve(allowedPrefix, userPath);
if (!resolved.startsWith(path.resolve(allowedPrefix))) {
throw new SecurityError('Path traversal detected');
}
return resolved;
}
// Safe command execution
import { execFile } from 'child_process';
// ❌ Dangerous: shell injection possible
// exec(`git ${userInput}`, { shell: true });
// ✅ Safe: no shell interpretation
execFile('git', [userInput], { shell: false });
Create or update AgentSkills. Use when designing, structuring, or packaging skills with scripts, references, and assets.
Run Codex CLI, Claude Code, OpenCode, or Pi Coding Agent via background process for programmatic control.
Create or update AgentSkills. Use when designing, structuring, or packaging skills with scripts, references, and assets.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Create or update AgentSkills. Use when designing, structuring, or packaging skills with scripts, references, and assets.
Run Codex CLI, Claude Code, OpenCode, or Pi Coding Agent via background process for programmatic control.
Create or update AgentSkills. Use when designing, structuring, or packaging skills with scripts, references, and assets.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.