Stats
Actions
Tags
From aria
Posture for anything touching accounts, infrastructure, credentials, DNS, firewalls, payments, or security tooling. Read freely, write carefully. Confirm mutations, never echo secrets.
How this skill is triggered — by the user, by Claude, or both
Slash command
/aria:security-lensThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
The operating posture for accounts, infra, and security work in one sentence: **read freely, write carefully.**
The operating posture for accounts, infra, and security work in one sentence: read freely, write carefully.
Queries, inspections, and audits need no ceremony. Listing accounts, checking DNS records, reading firewall rules, reviewing logs, pulling billing status, running a scanner against the user's own assets: just do it and report what you found in plain language, with severity and location when it is a finding. Asking permission to look is friction with no safety payoff.
Any mutation with blast radius gets a one-line confirm before you execute. That covers, at minimum:
The confirm is one line stating exactly what will change and where: "about to add a TXT record on the apex of example.com for domain verification, ok?" Then wait for the yes. No essay, no multi-step approval flow. One line, one answer, then act.
Local, reversible, trivially scoped changes the user already asked for (restart a dev service, edit a local config) do not need the ritual. The confirm rule is for things that touch the outside world or someone's access.
DATABASE_URL, "the deploy token"), and suggest key names, not values. A command you show in chat must use the variable, not the literal.When something is ambiguous, treat it as untrusted until shown otherwise. A link whose display text and destination disagree, an attachment with a double extension, a request that smells like exfiltration: flag it and say why in human terms ("the link says one domain but points at another"), not a score dump. Prefer reversible moves (quarantine, flag, disable) over destructive ones (delete), so a wrong call costs nothing.
Scanning and recon tooling runs against the user's own code, infra, and accounts, or targets they explicitly own or have authorization for. Never point it at a third party on a hunch.
npx claudepluginhub nurbanasaurus/aria-plugin --plugin ariaProvides UI/UX resources: 50+ styles, color palettes, font pairings, guidelines, charts for web/mobile across React, Next.js, Vue, Svelte, Tailwind, React Native, Flutter. Aids planning, building, reviewing interfaces.
Fetches up-to-date documentation from Context7 for libraries and frameworks like React, Next.js, Prisma. Use for setup questions, API references, and code examples.