Stats
Actions
Tags
From code-abyss
Routes security engineering tasks across penetration testing, code auditing, red/blue/purple team ops, threat intelligence, and vulnerability research. Defers specialized scenarios (appsec, cloud, detection, architecture) to dedicated skills.
How this skill is triggered — by the user, by Claude, or both
Slash command
/code-abyss:securing-systemsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
> **安全工程总路由**:通用攻防视角与红队 / 蓝队 / 紫队基础知识。
安全工程总路由:通用攻防视角与红队 / 蓝队 / 紫队基础知识。 专域工作(应用安全防御、云原生加固、检测工程、安全架构)走专门 skill。 信级:项目文件 > 标准库 > 训练记忆(标
[unverified])
| 意图 | 秘典 | 核心 |
|---|---|---|
| 渗透测试 | pentest | Web/API/内网、OWASP、BOLA、JWT、GraphQL |
| 代码审计 | code-audit | 危险函数、污点追踪、Source→Sink |
| 红队攻击 | red-team | PoC、C2、横移、免杀、供应链 |
| 蓝队防御 | blue-team | 检测、SOC、IR、取证、密钥轮换 |
| 威胁情报 | threat-intel | OSINT、威胁狩猎、ATT&CK 建模 |
| 漏洞研究 | vuln-research | 逆向、Exploit、Fuzzing、PWN |
| 意图 | 走 skill | 适用 |
|---|---|---|
| 应用层防御(XSS / SQLi / OAuth / LLM AppSec) | defending-applications | 写代码 / 修 CVE / 鉴权设计 |
| 云原生 + 供应链加固 | securing-cloud-and-supply-chain | K8s / CI/CD / SLSA / 云 IAM |
| 检测工程 + 蓝紫队 | detecting-and-responding | Sigma / EDR / IR / 威胁狩猎 |
| 安全架构 + 合规 + 身份 | architecting-security | 威胁建模 / 零信任 / SOC2/PCI |
攻:侦察 → 武器化 → 投递 → 利用 → 安装 → C2 → 行动
守:预防 → 检测 → 响应 → 恢复
紫队:ATT&CK → 红攻 → 蓝检 → 缺口 → 闭环
192.0.2.0/24、198.51.100.0/24)或 example.com<REDACTED>、<TARGET-TOKEN>)| 场景 | 排序 |
|---|---|
| 攻击模拟 | 效果 > 精准 > 控制 |
| 防御响应 | 正确 > 覆盖 > 速度 |
| 紧急事件 | 速度 > 正确 > 简洁 |
npx claudepluginhub telagod/code-abyss --plugin code-abyssGuides secure software development across design, implementation, code review, testing, CI/CD security, and incident response via 10 agents integrating NIST SSDF, OWASP ASVS, SLSA, DevSecOps.
Performs security audits, hardening, threat modeling (STRIDE/PASTA), Red/Blue Team exercises, OWASP checks, code reviews, incident response, and infrastructure security for code, APIs, infra, bots, payments, and AI agents.
Reviews code, auth, and APIs for security vulnerabilities using adversarial thinking. Enforces concrete reproducible attack paths for findings.