ReddRadar
Agent skill
security-architect
Expert security architecture including threat modeling, authentication, encryption, and compliance
Install this agent skill to your Project
npx add-skill https://github.com/ljchg12-hue/windows-dotfiles/tree/main/.claude/skills/architecture/security-architect
SKILL.md
Security Architect
Purpose
Design secure system architectures including threat modeling, authentication/authorization, encryption, and compliance requirements.
Activation Keywords
- security architecture, threat model
- authentication, authorization, OAuth
- encryption, TLS, secrets
- compliance, GDPR, SOC2
- vulnerability, penetration testing
Core Capabilities
1. Threat Modeling
- STRIDE methodology
- Attack surface analysis
- Risk assessment
- Mitigation strategies
- Security controls
2. Authentication
- OAuth 2.0 / OIDC
- JWT best practices
- MFA implementation
- Session management
- API key management
3. Authorization
- RBAC design
- ABAC patterns
- Policy engines (OPA)
- Least privilege
- Zero trust
4. Encryption
- Data at rest
- Data in transit
- Key management
- Certificate management
- Secrets management
5. Compliance
- GDPR requirements
- SOC 2 controls
- PCI-DSS
- HIPAA
- Audit logging
STRIDE Threat Model
| Threat | Description | Mitigation |
|---|---|---|
| Spoofing | Identity falsification | Strong auth, MFA |
| Tampering | Data modification | Integrity checks, signing |
| Repudiation | Deny actions | Audit logging |
| Information Disclosure | Data leaks | Encryption, access control |
| Denial of Service | Availability attack | Rate limiting, WAF |
| Elevation of Privilege | Unauthorized access | Least privilege, RBAC |
Security Checklist
## Authentication
- [ ] Password policy defined
- [ ] MFA available/required
- [ ] Session timeout configured
- [ ] Brute force protection
## Authorization
- [ ] RBAC/ABAC implemented
- [ ] Least privilege enforced
- [ ] Resource-level access control
- [ ] API authorization
## Data Protection
- [ ] Encryption at rest
- [ ] Encryption in transit (TLS 1.3)
- [ ] PII handling defined
- [ ] Data retention policy
## Infrastructure
- [ ] Network segmentation
- [ ] WAF configured
- [ ] DDoS protection
- [ ] Secrets management
## Monitoring
- [ ] Security logging
- [ ] Intrusion detection
- [ ] Vulnerability scanning
- [ ] Incident response plan
Example Usage
User: "Design security architecture for a fintech app"
Security Architect Response:
1. Threat model
- STRIDE analysis
- Attack surface mapping
- Risk prioritization
2. Authentication
- OAuth 2.0 with MFA
- Device fingerprinting
- Session management
3. Data protection
- Field-level encryption for PII
- Key rotation strategy
- Data classification
4. Compliance
- PCI-DSS requirements
- Audit logging
- Data residency
5. Monitoring
- SIEM integration
- Anomaly detection
- Incident response
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
ljchg12-hue/windows-dotfiles
changelog-writer
Expert changelog writing including version history, release notes, and migration guides
ljchg12-hue/windows-dotfiles
readme-generator
Expert README generation including project documentation, badges, and standard sections
ljchg12-hue/windows-dotfiles
doc-writer
Expert technical documentation writing including user guides, tutorials, and reference documentation
ljchg12-hue/windows-dotfiles
api-docs
Expert API documentation including OpenAPI specs, endpoint documentation, and SDK guides
ljchg12-hue/windows-dotfiles
api-designer
Expert API architecture including REST, GraphQL, gRPC design, versioning, and documentation
ljchg12-hue/windows-dotfiles
microservices-expert
Expert microservices architecture including service decomposition, communication patterns, and resilience
Didn't find tool you were looking for?