Refactor high-complexity React components in Dify frontend. Use when `pnpm analyze-component...
security-expert
0
0
# Install this skill:
npx skills add ramidamolis-alt/agent-skills-workflows --skill "security-expert"
Install specific skill from multi-skill repository
# Description
Expert security analyst using ALL MCP servers. Uses Memory for known vulnerabilities, UltraThink for threat modeling, search MCPs for CVEs, and MongoDB for audit logs.
# SKILL.md
name: security-expert
description: Expert security analyst using ALL MCP servers. Uses Memory for known vulnerabilities, UltraThink for threat modeling, search MCPs for CVEs, and MongoDB for audit logs.
π Security Expert Skill (Full MCP Integration)
Master security analyst using ALL 11 MCP servers.
MCP Security Arsenal
| MCP Server | Security Role |
|---|---|
| Memory | Known vulns, past audits |
| UltraThink | Threat modeling, analysis |
| Brave/Tavily | CVE search, security blogs |
| Context7 | Security documentation |
| MongoDB | Audit logs, access logs |
| Filesystem | Config files, secrets scan |
| NotebookLM | Deep security research |
| Notion | Security policies |
Advanced Security Patterns
1. Threat Modeling with UltraThink
await mcp_UltraThink_ultrathink({
thought: `
# STRIDE Threat Model: ${component}
## Spoofing
- Threat: ${spoofingThreats}
- Mitigation: ${spoofingMitigation}
- Risk: High/Medium/Low
## Tampering
- Threat: ${tamperingThreats}
- Mitigation: ${tamperingMitigation}
## Repudiation
- Threat: ${repudiationThreats}
- Mitigation: Audit logging
## Information Disclosure
- Threat: ${infoDisclosureThreats}
- Mitigation: Encryption, access control
## Denial of Service
- Threat: ${dosThreats}
- Mitigation: Rate limiting, circuit breakers
## Elevation of Privilege
- Threat: ${privilegeThreats}
- Mitigation: Least privilege, RBAC
## Priority Ranking
1. Most critical: ...
2. ...
`,
total_thoughts: 30,
confidence: 0.85
});
2. CVE & Vulnerability Search
// Parallel search for vulnerabilities
const [braveResults, tavilyResults, context7Results] = await Promise.all([
mcp_Brave_brave_news_search(
`${library} CVE vulnerability 2026`,
{ freshness: "pm" } // Past month
),
mcp_Tavily_search(
`${library} security vulnerability exploit`,
),
mcp_Context7_query-docs(
securityLibraryId,
`${library} security advisory`
)
]);
// Check Memory for known issues
const knownVulns = await mcp_Memory_search_nodes(
`vulnerability ${library}`
);
3. Code Security Analysis Pipeline
// Step 1: Gather code to analyze
const files = await mcp_Filesystem_search_files(
projectPath,
"**/*.{ts,js,py}"
);
// Step 2: Sequential security review
for (const file of files) {
const content = await mcp_Filesystem_read_file(file);
await mcp_SequentialThinking_sequentialthinking({
thought: `
# Security Review: ${file}
## Check 1: Injection Vulnerabilities
- SQL Injection: ${hasSQLInjection(content) ? "β οΈ FOUND" : "β
OK"}
- XSS: ${hasXSS(content) ? "β οΈ FOUND" : "β
OK"}
- Command Injection: ${hasCommandInjection(content) ? "β οΈ FOUND" : "β
OK"}
## Check 2: Authentication/Authorization
- Hardcoded credentials: ${hasHardcodedCreds(content) ? "β οΈ FOUND" : "β
OK"}
- Auth bypass possible: ...
## Check 3: Data Exposure
- Sensitive data logged: ...
- PII exposure: ...
## Findings
${findings}
`,
thoughtNumber: 1,
totalThoughts: 5
});
}
4. Audit Log Analysis (MongoDB)
// Detect suspicious patterns
const suspiciousActivity = await mcp_MongoDB_aggregate(
"security", "audit_logs",
[
{ $match: { timestamp: { $gte: oneDayAgo } } },
{ $group: {
_id: "$userId",
failedLogins: {
$sum: { $cond: [{ $eq: ["$event", "login_failed"] }, 1, 0] }
},
sensitiveAccess: {
$sum: { $cond: [{ $eq: ["$resourceType", "sensitive"] }, 1, 0] }
},
uniqueIPs: { $addToSet: "$sourceIP" }
}},
{ $match: {
$or: [
{ failedLogins: { $gte: 5 } }, // Brute force
{ sensitiveAccess: { $gte: 10 } }, // Data exfil
{ "uniqueIPs.4": { $exists: true } } // Multiple IPs
]
}}
]
);
// Alert and analyze
if (suspiciousActivity.length > 0) {
await mcp_UltraThink_ultrathink({
thought: `
# Security Alert Analysis
Suspicious users detected: ${suspiciousActivity.length}
## User Analysis
${suspiciousActivity.map(u => `
User: ${u._id}
Failed logins: ${u.failedLogins}
Sensitive access: ${u.sensitiveAccess}
IPs: ${u.uniqueIPs.join(", ")}
Risk: ...
`).join("\n")}
## Recommended Actions
1. ...
`,
total_thoughts: 15
});
}
5. Secrets Detection
// Scan filesystem for secrets
const allFiles = await mcp_Filesystem_search_files(
projectPath,
"**/*"
);
const secretPatterns = [
/api[_-]?key\s*[:=]\s*["'][^"']+["']/gi,
/password\s*[:=]\s*["'][^"']+["']/gi,
/secret\s*[:=]\s*["'][^"']+["']/gi,
/AWS[A-Z0-9]{20}/g,
/-----BEGIN (?:RSA )?PRIVATE KEY-----/g
];
for (const file of allFiles) {
const content = await mcp_Filesystem_read_file(file);
for (const pattern of secretPatterns) {
if (pattern.test(content)) {
console.log(`β οΈ Secret found in ${file}`);
// Store finding
await mcp_Memory_add_observations([{
entityName: "SecurityAudit_" + projectName,
contents: [`Secret found: ${file} matches ${pattern}`]
}]);
}
}
}
Secret Security Techniques
1. Security Knowledge Persistence
// After every security review
await mcp_Memory_create_entities([{
name: `SecurityAudit_${project}_${date}`,
entityType: "SecurityAudit",
observations: [
`Scope: ${auditScope}`,
`Findings: ${findingsCount}`,
`Critical: ${criticalCount}`,
`Recommendations: ${recommendations}`,
`Verified fixes: ${verifiedFixes}`
]
}]);
2. Attack Surface Mapping
await mcp_UltraThink_ultrathink({
thought: `
# Attack Surface Analysis
## Entry Points
${entryPoints.map(e => `- ${e.type}: ${e.url} (auth: ${e.auth})`)}
## Data Flows
${dataFlows.map(f => `- ${f.from} β ${f.to} (sensitivity: ${f.level})`)}
## Trust Boundaries
${trustBoundaries}
## High-Risk Areas
1. ...
`,
total_thoughts: 25
});
3. Dependency Vulnerability Check
// Check npm audit results
const auditResult = await runCommand("npm audit --json");
// Search for fixes
for (const vuln of auditResult.vulnerabilities) {
const fixes = await mcp_Brave_brave_web_search(
`${vuln.name} ${vuln.severity} fix patch`
);
await mcp_Memory_add_observations([{
entityName: "DependencyVulns_" + project,
contents: [`${vuln.name}: ${vuln.severity} - Fix: ${fixes[0]}`]
}]);
}
4. Security Documentation Sync
// Export security findings to Notion
const securityEntities = await mcp_Memory_search_nodes("SecurityAudit");
for (const entity of securityEntities) {
await mcp_Notion_API-post-page({
parent: { database_id: securityDbId },
properties: {
title: [{ text: { content: entity.name } }],
Status: { select: { name: "Needs Review" } }
},
children: entity.observations.map(obs => ({
type: "bulleted_list_item",
bulleted_list_item: {
rich_text: [{ text: { content: obs } }]
}
}))
});
}
5. Zero-Day Research Pipeline
// For investigating new vulnerabilities
const research = await mcp_NotebookLM_ask_question(
`Explain the technical details of ${vulnerability}.
What are the attack vectors?
What are effective mitigations?`,
securityNotebookId
);
const analysis = await mcp_UltraThink_ultrathink({
thought: `
# Zero-Day Analysis: ${vulnerability}
## Research Findings
${research}
## Applicability to Our Systems
- Affected: ...
- Not affected: ...
## Immediate Actions
1. ...
`,
total_thoughts: 20
});
# Related Skills
Trigger when the user requests a review of frontend files (e.g., `.tsx`, `.ts`, `.js`). Support...
Generate Vitest + React Testing Library tests for Dify frontend components, hooks, and...
Guide for implementing oRPC contract-first API patterns in Dify frontend. Triggers when creating...
# Supported AI Coding Agents
This skill is compatible with the SKILL.md standard and works with all major AI coding agents:
Amp
Antigravity
Claude Code
Clawdbot
Codex
Cursor
Droid
Gemini CLI
GitHub Copilot
Goose
Kilo Code
Kiro CLI
OpenCode
Roo Code
Trae
Windsurf
Learn more about the SKILL.md standard and how to use these skills with your preferred AI coding agent.