Stats
Actions
Tags
From prodsec-skills
Enforces authenticated and authorized access to model registry storage with RBAC, encryption, access logging, and network isolation controls.
How this skill is triggered — by the user, by Claude, or both
Slash command
/prodsec-skills:model-registry-secure-storageThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Only authenticated and authorized users MUST be able to access the storage where models are stored. Unauthorized access to model storage can lead to model theft, tampering, or injection of malicious models.
Only authenticated and authorized users MUST be able to access the storage where models are stored. Unauthorized access to model storage can lead to model theft, tampering, or injection of malicious models.
| Control | Description |
|---|---|
| Authentication | All access to storage requires authenticated identity |
| Authorization | RBAC controls over read, write, and delete operations |
| Encryption at rest | Model files encrypted on the storage backend |
| Access logging | All storage access operations logged |
| Network isolation | Storage accessible only from authorized networks/services |
| Role | Read Models | Write/Upload | Delete | Admin |
|---|---|---|---|---|
| Inference engine (service) | Yes | No | No | No |
| ML engineer | Yes | Yes (with approval) | No | No |
| Model pipeline (CI/CD) | Yes | Yes | No | No |
| Registry admin | Yes | Yes | Yes | Yes |
| Unauthorized | No | No | No | No |
npx claudepluginhub redhatproductsecurity/prodsec-skills --plugin prodsec-skillsSecures model registry admin interfaces with authentication, RBAC, MFA, session management, and audit logging.
Secures CoreWeave Kubernetes deployments using RBAC, network policies, secrets for GPU workloads, model access, and namespace isolation.