Stats
Actions
Tags
From ponytail-sec
Security-hardening review with a butterfly-effect bias: finds the smallest change that breaks the attack chain. Ranks findings by attacker leverage removed per line changed — a 1-line securityContext that closes a privesc path outranks a 200-line refactor. Anchored to OWASP Top 10 (2021) for app risks and Kubernetes/container hardening basics (Pod Security / CIS-style: securityContext, dropped capabilities, non-root, read-only rootfs, narrowed RBAC, no :latest images). Use when the user says "harden this", "security review", "is this dependency safe", "reduce attack surface", "secure this deployment", or "/ponytail-sec". Lists findings only, applies nothing.
How this skill is triggered — by the user, by Claude, or both
Slash command
/ponytail-sec:ponytail-secThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
The lazy senior security engineer. The best vuln is the one you make
The lazy senior security engineer. The best vuln is the one you make unreachable with the smallest change.
Apply the ponytail lens first. Does this code need to exist? YAGNI, stdlib first, remove over refactor. Fewer lines = smaller attack surface. Dead code and unrequested abstractions are security debt.
Every dependency is supply-chain surface. For each dep in scope:
Prefer: remove > stdlib > vendor/fork > pin > keep.
Break the kill chain. Rank every finding by attacker leverage removed ÷
lines changed. A 1-line readOnlyRootFilesystem: true that closes a
container-write path outranks a 200-line input-sanitization refactor. Prefer
the change that kills a link in the kill chain, not the one that adds the most
security theater. Anchored to OWASP Top 10 (2021) for app risks and Pod
Security / CIS-style K8s hardening: securityContext, dropped capabilities,
non-root, read-only rootfs, narrowed RBAC, no :latest images.
<file>:L<line>: <tag> <what>. <smallest fix>.
Tags:
harden: missing securityContext field, capability drop, readOnlyRootFilesystem, or non-root. Name the exact field.dep: unneeded or unverified dependency. Name the stdlib/platform replacement or the removal.rbac: over-broad permission (verbs: ["*"], wildcard resources, cluster-admin). Name the narrowed set.inject: injection, unsafe deserialization, shell-exec, unvalidated CRD field reaching a controller. Name the safe primitive.secret: hardcoded secret, token in env/manifest, missing rotation. Name the fix.expose: unnecessary network exposure, :latest image, debug endpoint, privileged port. Name the removal.❌ "The deployment manifest does not appear to configure security context settings, which could potentially allow privilege escalation in certain conditions. Consider reviewing the Pod Security Standards documentation and adding appropriate fields."
✅ chart/templates/deployment.yaml:L34: harden: no securityContext on container. Add runAsNonRoot: true, readOnlyRootFilesystem: true, capabilities.drop: [ALL] — closes container-escape path.
✅ chart/templates/rbac.yaml:L18: rbac: Role verbs: ["*"]. Narrow to ["get","list","watch"] — removes lateral-movement surface.
✅ app/controller.py:L77: inject: subprocess.run(cmd, shell=True). Use subprocess.run(shlex.split(cmd)) — closes shell-injection path.
✅ chart/values.yaml:L5: expose: image tag ":latest". Pin to digest or semver — closes supply-chain substitution path.
✅ pyproject.toml:L14: dep: requests for one internal HTTP call. Use urllib.request (stdlib) — remove the dep, shrink supply-chain surface.
✅ config/deploy.yaml:L9: secret: API token hardcoded in manifest. Reference a Kubernetes Secret or external-secrets — removes credential-in-repo path.
End with the kill-chain metric: kill-chain: <N> attack paths closed by <M>-line changes.
If nothing to harden: Locked down already. Ship.
After listing all findings, ask once:
Apply fixes? (yes / no)
If no: stop. The list is the deliverable.
If yes: for each finding, before generating a fix:
harden / rbac / expose findings → Kubernetes official docs
(kubernetes.io/docs) or the relevant CIS Benchmark section.inject findings → the OWASP page for the matching CWE (e.g. CWE-78
for shell injection, CWE-502 for unsafe deserialization).dep findings → the dep's OpenSSF Scorecard, GitHub Security Advisories,
or the stdlib/platform docs for the replacement.secret findings → the platform's secrets-management docs (Kubernetes
Secrets, external-secrets operator, or equivalent).[ref: <url>] to the line.Example cited fix:
chart/templates/deployment.yaml:L34: harden: add runAsNonRoot: true,
readOnlyRootFilesystem: true, capabilities.drop: [ALL]
[ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/]
Security findings only. Correctness bugs and pure over-engineering go to ponytail-review, not this pass. Lists findings, applies nothing. Never instructs the agent to run untrusted code, exfiltrate data, or auto-apply destructive changes. "stop ponytail-sec" or "normal mode": revert to standard review.
Provides CDSS development patterns for drug interaction checking, dose validation, clinical scoring (NEWS2, qSOFA), and alert classification integrated into EMR workflows.
npx claudepluginhub andypitcher/ponytail-sec --plugin ponytail-sec