security — active agentkit-forge, community, active, ide skills, framework, javascript, orchestration, phoenixvc, typescript, windows

v1.0.0
GitHub

이 스킬 정보

윈도우 우선 환경에서 포괄적인 취약성 평가 및 시크릿 검색이 필요한 다국어 에이전트에 적합합니다. Runs security-focused analysis: dependency vulnerability scanning, secret detection, OWASP compliance checks, and permission auditing. Generates a security report with severity ratings.

# Core Topics

active framework javascript orchestration phoenixvc typescript
phoenixvc phoenixvc
[0]
[0]
Updated: 3/21/2026

Killer-Skills Review

Decision support comes first. Repository text comes second.

Reference-Only Page Review Score: 7/11

This page remains useful for operators, but Killer-Skills treats it as reference material instead of a primary organic landing page.

Original recommendation layer Concrete use-case guidance Explicit limitations and caution
Review Score
7/11
Quality Score
42
Canonical Locale
en
Detected Body Locale
en

윈도우 우선 환경에서 포괄적인 취약성 평가 및 시크릿 검색이 필요한 다국어 에이전트에 적합합니다. Runs security-focused analysis: dependency vulnerability scanning, secret detection, OWASP compliance checks, and permission auditing. Generates a security report with severity ratings.

이 스킬을 사용하는 이유

에이전트에 의존성 취약성 스캔, 시크릿 검색, OWASP 규정 준수 검사 및 권한 감사를 수행하도록 허용하여 의존성 취약성 스캔 등의 프로토콜을 사용하여 자세한 보안 보고서 및 심각도 평가를 생성합니다.

최적의 용도

윈도우 우선 환경에서 포괄적인 취약성 평가 및 시크릿 검색이 필요한 다국어 에이전트에 적합합니다.

실행 가능한 사용 사례 for security

윈도우 기반 프로젝트에 대한 의존성 취약성 스캔 자동화
다국어 코드베이스에서 시크릿을 검색하는 것
OWASP 표준을 준수하기 위한 권한 감사

! 보안 및 제한 사항

  • 프로젝트 의존성 및 코드베이스에 대한 액세스가 필요함
  • 윈도우 우선 호환성으로 인해 비윈도우 환경에서 적용성이 제한될 수 있음

Why this page is reference-only

  • - Current locale does not satisfy the locale-governance contract.
  • - The underlying skill quality score is below the review floor.

Source Boundary

The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.

After The Review

Decide The Next Action Before You Keep Reading Repository Material

Killer-Skills should not stop at opening repository instructions. It should help you decide whether to install this skill, when to cross-check against trusted collections, and when to move into workflow rollout.

Install Path

Start With Installation And Validation

If this skill is worth continuing with, the next step is to confirm the install command, CLI write path, and environment validation.
Trusted Recheck

Cross-Check Against Trusted Picks

If you are still comparing multiple skills or vendors, go back to the trusted collection before amplifying repository noise.
Workflow

Move To Workflow Collections For Team Rollout

When the goal shifts from a single skill to team handoff, approvals, and repeatable execution, move into workflow collections.
Labs Demo

Browser Sandbox Environment

⚡️ Ready to unleash?

Experience this Agent in a zero-setup browser environment powered by WebContainers. No installation required.

Boot Container Sandbox

FAQ & Installation Steps

These questions and steps mirror the structured data on this page for better search understanding.

? Frequently Asked Questions

What is security?

윈도우 우선 환경에서 포괄적인 취약성 평가 및 시크릿 검색이 필요한 다국어 에이전트에 적합합니다. Runs security-focused analysis: dependency vulnerability scanning, secret detection, OWASP compliance checks, and permission auditing. Generates a security report with severity ratings.

How do I install security?

Run the command: npx killer-skills add phoenixvc/agentkit-forge. It works with Cursor, Windsurf, VS Code, Claude Code, and 19+ other IDEs.

What are the use cases for security?

Key use cases include: 윈도우 기반 프로젝트에 대한 의존성 취약성 스캔 자동화, 다국어 코드베이스에서 시크릿을 검색하는 것, OWASP 표준을 준수하기 위한 권한 감사.

Which IDEs are compatible with security?

This skill is compatible with Cursor, Windsurf, VS Code, Trae, Claude Code, OpenClaw, Aider, Codex, OpenCode, Goose, Cline, Roo Code, Kiro, Augment Code, Continue, GitHub Copilot, Sourcegraph Cody, and Amazon Q Developer. Use the Killer-Skills CLI for universal one-command installation.

Are there any limitations for security?

프로젝트 의존성 및 코드베이스에 대한 액세스가 필요함. 윈도우 우선 호환성으로 인해 비윈도우 환경에서 적용성이 제한될 수 있음.

How To Install

  1. 1. Open your terminal

    Open the terminal or command line in your project directory.

  2. 2. Run the install command

    Run: npx killer-skills add phoenixvc/agentkit-forge. The CLI will automatically detect your IDE or AI agent and configure the skill.

  3. 3. Start using the skill

    The skill is now active. Your AI agent can use security immediately in the current project.

! Reference-Only Mode

This page remains useful for installation and reference, but Killer-Skills no longer treats it as a primary indexable landing page. Read the review above before relying on the upstream repository instructions.

Upstream Repository Material

The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.

Upstream Source

security

Install security, an AI agent skill for AI agent workflows and automation. Review the use cases, limitations, and setup path before rollout.

SKILL.md
Readonly
Upstream Repository Material
The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.
Supporting Evidence
<!-- GENERATED by AgentKit Forge v3.1.0 — DO NOT EDIT --> <!-- Source: .agentkit/spec + .agentkit/overlays/agentkit-forge --> <!-- Regenerate: pnpm -C .agentkit agentkit:sync -->

security

Runs security-focused analysis: dependency vulnerability scanning, secret detection, OWASP compliance checks, and permission auditing. Generates a security report with severity ratings.

Usage

Invoke this skill when you need to perform the security operation.

Role

You are the Security Agent. Perform a structured security review. You do NOT fix issues — report them with severity, location, and remediation guidance.

Audit Categories

1. OWASP Top 10 Review

Check for: Broken Access Control (unprotected endpoints, IDOR), Cryptographic Failures (weak hashing, hardcoded keys), Injection (SQL, command, XSS, path traversal, NoSQL), Insecure Design (client-only controls, missing rate limiting), Security Misconfiguration (permissive CORS, missing security headers), Authentication Failures (session management, JWT validation, password storage), Data Integrity (CI/CD protection, dependency integrity), Logging Failures (auth event logging, log injection protection), SSRF (user-controlled server-side URLs).

2. Dependency Audit

Run the stack-appropriate scanner: npm audit, cargo audit, pip-audit, govulncheck. Report: total vulnerabilities, severity breakdown, top 5 most severe with CVEs.

3. Authentication & Authorization Flow

Trace auth end-to-end: method, middleware, protected vs. public endpoints, token lifecycle, password storage, privilege escalation paths.

4. Hardcoded Secrets Scan

Search for: API keys, AWS keys, private keys, connection strings, passwords, tokens, committed .env files. Exclude test fixtures with obviously fake values.

Severity Classification

SeverityCriteria
CRITICALExploitable remotely, no auth required, data breach or RCE possible
HIGHLow complexity exploit, auth bypass, significant data exposure
MEDIUMRequires specific conditions, limited impact, defense-in-depth gap
LOWBest practice violation, minimal direct impact

Output

Produce: Executive Summary, Risk Score, Findings by severity (with ID, file:line, category, description, impact, remediation, references), Dependency Vulnerabilities table, Hardcoded Secrets table, Auth Flow Assessment, Positive Security Practices, and Recommended Priority Actions.

Rules

  1. Do NOT fix anything — report only.
  2. Do NOT print actual secret values.
  3. Minimize false positives — mark uncertain items as "potential".
  4. Be specific about remediation (exact file and line).
  5. Exclude test fixtures from secret scanning.

Project Context

  • Repository: agentkit-forge
  • Default branch: main
    • Tech stack: javascript, yaml, markdown

Conventions

  • Write minimal, focused changes
  • Maintain backwards compatibility
  • Include tests for behavioral changes
  • Never expose secrets or credentials
  • Follow the project's established patterns

관련 스킬

Looking for an alternative to security or another community skill for your workflow? Explore these related open-source skills.

모두 보기

openclaw-release-maintainer

Logo of openclaw
openclaw

Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞

333.8k
0
인공지능

widget-generator

Logo of f
f

prompts.chat 피드 시스템을 위한 사용자 지정 가능한 위젯 플러그인을 생성합니다

149.6k
0
인공지능

flags

Logo of vercel
vercel

리액트 프레임워크

138.4k
0
브라우저

pr-review

Logo of pytorch
pytorch

파이썬에서 텐서와 동적 신경망 구현 및 강력한 GPU 가속 지원

98.6k
0
개발자