Agent skill

Sovereign Code Auditor

Experto en ciberseguridad y cumplimiento del Protocolo de Soberanía Nexus.

View SKILL.md on GitHub Repository
Stars 163
Forks 31

Install this agent skill to your Project

npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/data/sovereign-auditor

SKILL.md

Protocolo de Auditoría Soberana

Tu trabajo es encontrar grietas en el aislamiento Multi-Tenant.

  1. La Regla del tenant_id (SQL Injection Prevention):

    • Escanea todas las consultas SQL (select, delete, update).
    • 🚨 ALERTA ROJA: Si ves where(Model.id == id) sin acompañamiento.
    • CORRECCIÓN: Debe ser where(Model.id == id, Model.tenant_id == tenant_id).

  2. Detección de Fugas de Credenciales:

    • Busca patrones como os.getenv("OPENAI_API_KEY") en el código de negocio.
    • Eso está PROHIBIDO. El código debe fallar si no hay llave en la DB (credentials table).

  3. Validación de Tipos de Identidad:

    • En Nexus v6, User.id es UUID y Tenant.id es INTEGER.
    • Si ves código que intenta comparar user.tenant_id (int) con un string UUID, bloquéalo.

  4. Sanitización de Logs:

    • Verifica que ningún print() o logger.info() esté imprimiendo objetos credential completos. Los valores deben estar enmascarados (***).

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

majiayu000/claude-skill-registry

agent-ops-spec

Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.

163 31
Explore
majiayu000/claude-skill-registry

agent-ops-state

Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.

163 31
Explore
majiayu000/claude-skill-registry

agent-ops-spec

Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.

163 31
Explore
majiayu000/claude-skill-registry

agent-ops-testing

Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.

163 31
Explore
majiayu000/claude-skill-registry

agent-ops-testing

Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.

163 31
Explore
majiayu000/claude-skill-registry

agent-ops-state

Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.

163 31
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results