chore: import upstream snapshot with attribution
Component Security Validation / Security Audit (push) Has been cancelled
Deploy to Cloudflare Pages / deploy (push) Has been cancelled

This commit is contained in:
wehub-resource-sync
2026-07-13 12:38:58 +08:00
commit bb5c75ce05
8824 changed files with 1946442 additions and 0 deletions
@@ -0,0 +1,33 @@
---
allowed-tools: Read, Write, Edit, Bash
argument-hint: [auth-method] | --oauth | --jwt | --mfa | --passwordless
description: Implement secure user authentication system with chosen method and security best practices
---
# Add Authentication System
Implement secure user authentication system: **$ARGUMENTS**
## Current Application State
- Framework detection: @package.json or @requirements.txt or @Cargo.toml
- Existing auth: !`grep -r "auth\|login\|jwt\|session" src/ --include="*.js" --include="*.py" --include="*.rs" | wc -l`
- Security config: @.env* (check for auth-related variables)
- Database setup: Check for user models or auth tables
## Task
Implement comprehensive authentication system with security best practices:
**Authentication Methods**: Choose from username/password, OAuth 2.0, JWT, SAML, MFA, or passwordless based on $ARGUMENTS
**Implementation Areas**:
1. **User Management** - Registration, profiles, password policies, account verification
2. **Authentication Flow** - Login/logout, session management, token handling, middleware
3. **Authorization System** - RBAC, permissions, route protection, API security
4. **Security Hardening** - Password hashing, rate limiting, CSRF protection, secure cookies
5. **Integration** - Frontend components, API endpoints, database models, middleware
**Security Standards**: Implement OWASP authentication guidelines, secure session management, and proper error handling.
**Output**: Production-ready authentication system with comprehensive security controls and user-friendly interface.
@@ -0,0 +1,31 @@
---
allowed-tools: Read, Bash, Grep
argument-hint: [scope] | --security | --licenses | --updates | --all
description: Audit dependencies for security vulnerabilities, license compliance, and update recommendations
---
# Dependency Audit
Audit dependencies for security vulnerabilities and compliance: **$ARGUMENTS**
## Current Dependencies
- Package files: @package.json or @requirements.txt or @Cargo.toml or @pom.xml
- Lock files: @package-lock.json or @poetry.lock or @Cargo.lock
- Security scan: !`npm audit --audit-level=moderate 2>/dev/null || pip check 2>/dev/null || cargo audit 2>/dev/null || echo "No security scanner available"`
- Outdated packages: !`npm outdated 2>/dev/null || pip list --outdated 2>/dev/null || echo "Check manually"`
## Task
Perform comprehensive dependency security and compliance audit:
**Audit Scope**: Use $ARGUMENTS to focus on security, licenses, updates, or complete audit
**Analysis Areas**:
1. **Vulnerability Scanning** - Known CVEs, security advisories, exploit availability
2. **Version Analysis** - Outdated packages, breaking changes, update recommendations
3. **License Compliance** - License compatibility, restrictions, legal obligations
4. **Supply Chain Security** - Package authenticity, maintainer status, suspicious dependencies
5. **Performance Impact** - Bundle size, unused dependencies, optimization opportunities
**Output**: Prioritized security report with critical vulnerabilities, recommended actions, and compliance status.
@@ -0,0 +1,39 @@
---
allowed-tools: Read, Bash, Grep, Glob
argument-hint: [target] | --web-app | --api | --auth | --full-scan
description: Perform penetration testing and vulnerability assessment on application
---
# Penetration Test
Perform penetration testing and vulnerability assessment: **$ARGUMENTS**
## Application Context
- Running services: !`netstat -tlnp 2>/dev/null | grep LISTEN | head -10 || lsof -i -P | grep LISTEN | head -10`
- Web framework: @package.json or @requirements.txt (detect framework and version)
- API endpoints: !`grep -r "route\|endpoint\|@app\\.route\|@RequestMapping" src/ 2>/dev/null | wc -l`
- Authentication: !`grep -r "auth\|login\|jwt\|session" src/ 2>/dev/null | wc -l`
## Task
Conduct systematic penetration testing following ethical hacking methodologies:
**Test Target**: Use $ARGUMENTS to focus on web application, API, authentication, or comprehensive testing
**Testing Phases**:
1. **Reconnaissance** - Service discovery, technology fingerprinting, attack surface mapping
2. **Vulnerability Assessment** - OWASP Top 10, injection flaws, broken authentication
3. **Exploitation Testing** - XSS, CSRF, SQL injection, privilege escalation attempts
4. **Authentication Testing** - Brute force, session management, authorization bypasses
5. **API Security Testing** - Input validation, rate limiting, authentication bypass
6. **Infrastructure Testing** - Network security, container security, configuration issues
**Testing Methodology**:
- Follow OWASP Testing Guide and NIST guidelines
- Use both automated tools and manual testing techniques
- Document all findings with proof-of-concept examples
- Provide remediation recommendations for each vulnerability
- Maintain ethical boundaries and avoid data damage
**Output**: Comprehensive penetration test report with executive summary, detailed findings, risk ratings, and remediation roadmap.
@@ -0,0 +1,38 @@
---
allowed-tools: Read, Bash, Grep, Glob
argument-hint: [scope] | --api-keys | --passwords | --certificates | --fix
description: Scan codebase for exposed secrets, credentials, and sensitive information
---
# Secrets Scanner
Scan codebase for exposed secrets and sensitive information: **$ARGUMENTS**
## Current Repository State
- Git status: !`git status --porcelain | wc -l` uncommitted files
- File types: !`find . -name "*.js" -o -name "*.py" -o -name "*.env*" -o -name "*.yml" | wc -l` scannables
- Recent commits: !`git log --oneline --grep="password\|key\|secret\|token" -5`
- Environment files: @.env* or @config/* (if exists)
## Task
Perform comprehensive secrets detection and remediation across codebase:
**Scan Scope**: Use $ARGUMENTS to focus on API keys, passwords, certificates, or complete scan
**Detection Categories**:
1. **API Keys & Tokens** - GitHub, AWS, Google Cloud, Stripe, third-party services
2. **Database Credentials** - Connection strings, usernames, passwords
3. **Certificates & Keys** - Private keys, SSH keys, SSL certificates
4. **Authentication Secrets** - JWT secrets, session keys, OAuth credentials
5. **Configuration Leaks** - Hardcoded URLs, internal endpoints, debug settings
**Remediation Actions**:
- Identify exposed secrets with file locations and line numbers
- Provide secure alternatives (environment variables, secret management)
- Generate .gitignore entries for sensitive files
- Create secure configuration templates
- Implement secrets management best practices
**Output**: Detailed security report with risk levels, immediate actions, and long-term security improvements.
@@ -0,0 +1,81 @@
---
allowed-tools: Read, Bash, Grep, Glob
argument-hint: [focus-area] | --full
description: Perform comprehensive security assessment and vulnerability analysis
---
# Security Audit
Perform comprehensive security assessment: $ARGUMENTS
## Current Environment
- Dependency scan: !`npm audit --audit-level=moderate 2>/dev/null || pip check 2>/dev/null || echo "No package manager detected"`
- Environment files: @.env* (if exists)
- Security config: @.github/workflows/security.yml or @security/ (if exists)
- Recent commits: !`git log --oneline --grep="security\|fix" -10`
## Task
Perform systematic security audit following these steps:
1. **Environment Setup**
- Identify the technology stack and framework
- Check for existing security tools and configurations
- Review deployment and infrastructure setup
2. **Dependency Security**
- Scan all dependencies for known vulnerabilities
- Check for outdated packages with security issues
- Review dependency sources and integrity
- Use appropriate tools: `npm audit`, `pip check`, `cargo audit`, etc.
3. **Authentication & Authorization**
- Review authentication mechanisms and implementation
- Check for proper session management
- Verify authorization controls and access restrictions
- Examine password policies and storage
4. **Input Validation & Sanitization**
- Check all user input validation and sanitization
- Look for SQL injection vulnerabilities
- Identify potential XSS (Cross-Site Scripting) issues
- Review file upload security and validation
5. **Data Protection**
- Identify sensitive data handling practices
- Check encryption implementation for data at rest and in transit
- Review data masking and anonymization practices
- Verify secure communication protocols (HTTPS, TLS)
6. **Secrets Management**
- Scan for hardcoded secrets, API keys, and passwords
- Check for proper secrets management practices
- Review environment variable security
- Identify exposed configuration files
7. **Error Handling & Logging**
- Review error messages for information disclosure
- Check logging practices for security events
- Verify sensitive data is not logged
- Assess error handling robustness
8. **Infrastructure Security**
- Review containerization security (Docker, etc.)
- Check CI/CD pipeline security
- Examine cloud configuration and permissions
- Assess network security configurations
9. **Security Headers & CORS**
- Check security headers implementation
- Review CORS configuration
- Verify CSP (Content Security Policy) settings
- Examine cookie security attributes
10. **Reporting**
- Document all findings with severity levels (Critical, High, Medium, Low)
- Provide specific remediation steps for each issue
- Include code examples and file references
- Create an executive summary with key recommendations
Use automated security scanning tools when available and provide manual review for complex security patterns.
@@ -0,0 +1,32 @@
---
allowed-tools: Read, Write, Edit, Bash
argument-hint: [focus-area] | --headers | --auth | --encryption | --infrastructure
description: Harden application security configuration with comprehensive security controls
---
# Security Hardening
Harden application security configuration and controls: **$ARGUMENTS**
## Current Security Posture
- Framework: @package.json or @requirements.txt or @Cargo.toml (detect framework)
- Security headers: !`curl -I http://localhost:3000 2>/dev/null | grep -i 'x-\|content-security\|strict-transport' || echo "No server running"`
- Environment config: @.env* (check for security-related variables)
- Dependencies: !`npm audit --audit-level=moderate 2>/dev/null || echo "Run dependency audit first"`
## Task
Implement comprehensive security hardening based on security best practices:
**Hardening Focus**: Use $ARGUMENTS to target specific areas or apply comprehensive hardening
**Security Controls**:
1. **Authentication & Authorization** - MFA, RBAC, session security, password policies
2. **Input Validation** - XSS prevention, SQL injection protection, CSRF tokens
3. **Secure Communication** - HTTPS/TLS, HSTS, certificate management
4. **Data Protection** - Encryption at rest/transit, key management, secure storage
5. **Security Headers** - CSP, CORS, security response headers
6. **Infrastructure Security** - Container hardening, network segmentation, monitoring
**Output**: Hardened application with comprehensive security controls, proper configuration, and monitoring capabilities.