@intentsolutionsio/security-agent 1.0.0

package/.claude-plugin/plugin.json

@@ -0,0 +1,16 @@
+{
+  "name": "security-agent",
+  "version": "1.0.0",
+  "description": "Specialized security review subagent",
+  "author": {
+    "name": "Jeremy Longshore"
+  },
+  "license": "MIT",
+  "keywords": [
+    "security",
+    "agent",
+    "code-review",
+    "vulnerability",
+    "agent-skills"
+  ]
+}

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024-2026 Jeremy Longshore & Contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,57 @@
+# Security Agent Plugin
+
+A specialized security review subagent for identifying vulnerabilities and providing security guidance.
+
+## Installation
+
+```bash
+/plugin install security-agent@claude-code-plugins-plus
+```
+
+## Usage
+
+The security reviewer agent will automatically activate when you:
+- Ask Claude to review code for security issues
+- Request a security audit
+- Mention security concerns in your prompt
+
+**Manual invocation**:
+```
+@security-reviewer Please review this authentication code for security vulnerabilities
+```
+
+## What It Reviews
+
+- SQL injection vulnerabilities
+- Cross-site scripting (XSS)
+- Authentication/authorization flaws
+- Input validation issues
+- Cryptographic weaknesses
+- Dependency vulnerabilities
+- Secure coding practices
+
+## Output
+
+Provides structured security findings with:
+- Severity ratings
+- Specific code locations
+- Impact assessment
+- Remediation guidance
+- Secure code examples
+
+## Learning Objectives
+
+This plugin demonstrates:
+- Creating specialized subagents
+- Defining agent capabilities
+- Writing agent prompts
+- Agent activation patterns
+
+## Files
+
+- `.claude-plugin/plugin.json` - Plugin manifest
+- `agents/security-reviewer.md` - Agent definition
+
+## License
+
+MIT

package/agents/security-reviewer.md

@@ -0,0 +1,64 @@
+---
+name: security-reviewer
+description: Security code review specialist
+---
+# Security Reviewer Agent
+
+You are a specialized security code review agent with deep expertise in application security, vulnerability detection, and secure coding practices.
+
+## Your Capabilities
+
+- **Vulnerability Detection**: Identify security vulnerabilities including SQL injection, XSS, CSRF, authentication flaws, and authorization issues
+- **Security Analysis**: Analyze code for security weaknesses, insecure dependencies, and configuration issues
+- **Compliance Checking**: Verify code meets security standards (OWASP Top 10, CWE, etc.)
+- **Remediation Guidance**: Provide specific, actionable recommendations for fixing security issues
+
+## When to Activate
+
+You should be invoked when:
+- Reviewing code for security issues
+- Conducting security audits
+- Analyzing authentication/authorization logic
+- Reviewing input validation and sanitization
+- Examining cryptographic implementations
+- Assessing API security
+
+## Review Process
+
+1. **Scan for Common Vulnerabilities**:
+   - SQL injection points
+   - Cross-site scripting (XSS) opportunities
+   - CSRF vulnerabilities
+   - Authentication/authorization flaws
+   - Insecure deserialization
+   - Sensitive data exposure
+
+2. **Check Secure Coding Practices**:
+   - Input validation and sanitization
+   - Output encoding
+   - Parameterized queries
+   - Secure session management
+   - Proper error handling (no info leakage)
+
+3. **Review Dependencies**:
+   - Known vulnerable packages
+   - Outdated dependencies
+   - License compliance
+
+4. **Provide Recommendations**:
+   - Severity rating (Critical/High/Medium/Low)
+   - Specific code locations
+   - Remediation steps
+   - Example secure code
+
+## Output Format
+
+For each finding, provide:
+- **Severity**: Critical/High/Medium/Low
+- **Issue**: Description of the vulnerability
+- **Location**: File and line numbers
+- **Impact**: Potential consequences
+- **Recommendation**: How to fix it
+- **Example**: Secure code snippet
+
+Always prioritize findings by severity and focus on exploitable vulnerabilities first.

package/package.json

@@ -0,0 +1,38 @@
+{
+  "name": "@intentsolutionsio/security-agent",
+  "version": "1.0.0",
+  "description": "Specialized security review subagent",
+  "keywords": [
+    "security",
+    "agent",
+    "code-review",
+    "vulnerability",
+    "agent-skills",
+    "claude-code",
+    "claude-plugin",
+    "tonsofskills"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/jeremylongshore/claude-code-plugins-plus-skills.git",
+    "directory": "plugins/examples/security-agent"
+  },
+  "homepage": "https://tonsofskills.com/plugins/security-agent",
+  "bugs": "https://github.com/jeremylongshore/claude-code-plugins-plus-skills/issues",
+  "license": "MIT",
+  "author": {
+    "name": "Jeremy Longshore"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "files": [
+    "README.md",
+    ".claude-plugin",
+    "skills",
+    "agents"
+  ],
+  "scripts": {
+    "postinstall": "node -e \"console.log(\\\"\\\\n→ This npm package is a tracking/proof artifact. Install the plugin via:\\\\n  ccpi install security-agent\\\\n  or /plugin install security-agent@claude-code-plugins-plus in Claude Code\\\\n\\\")\""
+  }
+}

package/skills/performing-security-code-review/SKILL.md

@@ -0,0 +1,84 @@
+---
+name: performing-security-code-review
+description: |
+  Execute this skill enables AI assistant to conduct a security-focused code review using the security-agent plugin. it analyzes code for potential vulnerabilities like sql injection, xss, authentication flaws, and insecure dependencies. AI assistant uses this skill wh... Use when assessing security or running audits. Trigger with phrases like 'security scan', 'audit', or 'vulnerability'.
+allowed-tools: Read, Write, Edit, Grep, Glob, Bash(cmd:*)
+version: 1.0.0
+author: Jeremy Longshore <jeremy@intentsolutions.io>
+license: MIT
+compatible-with: claude-code, codex, openclaw
+tags: [example, security, authentication, audit]
+---
+# Performing Security Code Review
+
+## Overview
+
+Conducts security-focused code reviews by scanning source files for common vulnerability patterns including SQL injection, XSS, authentication flaws, insecure dependencies, and secret exposure. Produces structured severity-rated reports with specific remediation guidance.
+
+## Prerequisites
+
+- Read access to all source files in the target project
+- `grep` available on PATH for pattern matching
+- Access to `package.json` or equivalent dependency manifest for dependency auditing
+- Familiarity with OWASP Top 10 vulnerability categories
+
+## Instructions
+
+1. Identify the scope of the review: specific files, directories, or the entire codebase. Confirm the primary language(s) and framework(s) in use.
+2. Scan for hardcoded secrets and credentials:
+   - Search for patterns matching API keys, tokens, passwords, AWS access keys (`AKIA...`), and private key headers (`BEGIN PRIVATE KEY`).
+   - Flag any `.env` files or configuration files containing plaintext secrets.
+3. Analyze code for injection vulnerabilities:
+   - Identify raw SQL string concatenation (SQL injection risk).
+   - Locate unsanitized user input rendered in HTML (XSS risk).
+   - Check for `eval()`, `exec()`, or `Function()` calls with dynamic input (code injection risk).
+4. Review authentication and authorization logic:
+   - Verify password hashing uses strong algorithms (bcrypt, argon2) rather than MD5/SHA1.
+   - Check for missing authentication on sensitive endpoints.
+   - Identify overly permissive CORS configurations.
+5. Audit dependencies for known vulnerabilities:
+   - Run `npm audit` or equivalent package manager audit command.
+   - Cross-reference dependency versions against known CVE databases.
+6. Check for insecure communication patterns:
+   - Flag HTTP URLs where HTTPS is expected.
+   - Identify disabled TLS certificate verification.
+7. Compile findings into a structured report sorted by severity (Critical, High, Medium, Low), including the vulnerable code location, explanation, and remediation steps.
+
+## Output
+
+A structured security review report containing:
+- Summary with total findings count by severity level
+- Per-finding entries with: file path, line number, vulnerability type, severity, code snippet, explanation, and recommended fix
+- Dependency audit results with CVE identifiers where applicable
+- Overall risk assessment (Critical / High / Medium / Low / Clean)
+
+## Error Handling
+
+| Error | Cause | Solution |
+|---|---|---|
+| No source files found | Incorrect scope path or empty directory | Verify the target directory path and confirm it contains source files |
+| Binary files in scan | Non-text files matched by search patterns | Exclude binary extensions and `node_modules/` from scans |
+| Dependency manifest missing | No `package.json`, `requirements.txt`, or equivalent | Skip dependency audit; note in report that dependency analysis was not possible |
+| Permission denied on files | Restricted file access | Request read permissions or narrow the review scope to accessible files |
+| False positive on secret pattern | Benign string matching secret regex | Verify context before reporting; mark as potential false positive if the match appears in test fixtures or documentation |
+
+## Examples
+
+**SQL injection review:**
+Trigger: "Review this database query code for SQL injection vulnerabilities."
+Process: Scan all files containing SQL query construction. Identify string concatenation with user input (`"SELECT * FROM users WHERE id = " + userId`). Report as High severity with remediation: use parameterized queries or prepared statements.
+
+**Dependency vulnerability scan:**
+Trigger: "Check this project's dependencies for known security vulnerabilities."
+Process: Run `npm audit` on the project. Parse output for vulnerabilities. Report each finding with CVE identifier, affected package, installed version, and patched version. Recommend `npm audit fix` or manual version pinning.
+
+**Full codebase security audit:**
+Trigger: "Run a security scan on this codebase."
+Process: Execute all seven scan categories (secrets, injection, auth, dependencies, communication, dangerous commands, obfuscation). Produce a comprehensive report with findings grouped by category and sorted by severity.
+
+## Resources
+
+- [OWASP Top 10](https://owasp.org/www-project-top-ten/) -- industry-standard vulnerability classification
+- [Node.js Security Checklist](https://blog.risingstack.com/node-js-security-checklist/) -- Node-specific security guidance
+- [CWE/SANS Top 25](https://cwe.mitre.org/top25/) -- most dangerous software weaknesses
+- `${CLAUDE_SKILL_DIR}/references/README.md` -- bundled reference materials

package/skills/performing-security-code-review/assets/README.md

@@ -0,0 +1,7 @@
+# Assets
+
+Bundled resources for security-agent skill
+
+- [ ] report_template.md: A Markdown template for generating security review reports with placeholders for findings, severity ratings, and remediation advice.
+- [ ] example_code_vulnerable.py: Example code snippets demonstrating common vulnerabilities.
+- [ ] example_code_secure.py: Corresponding secure code snippets demonstrating how to remediate the vulnerabilities.

package/skills/performing-security-code-review/assets/example_code_secure.py

@@ -0,0 +1,225 @@
+#!/usr/bin/env python3
+
+"""
+Example secure code snippets demonstrating how to remediate common vulnerabilities.
+
+This module provides examples of secure coding practices to address various security concerns.
+It includes functions demonstrating secure authentication, input validation, and more.
+"""
+
+import hashlib
+import hmac
+import os
+import secrets
+import re
+
+def secure_password_hashing(password: str, salt: bytes = None) -> tuple[str, str]:
+    """
+    Hashes a password using a strong hashing algorithm (e.g., bcrypt or scrypt).
+
+    Args:
+        password: The password to hash.
+        salt: Optional salt to use. If None, a new salt is generated.
+
+    Returns:
+        A tuple containing the salt (as a hex string) and the hash (as a hex string).
+    """
+    try:
+        if salt is None:
+            salt = secrets.token_bytes(16)  # Generate a 16-byte salt
+        
+        hashed_password = hashlib.scrypt(
+            password.encode('utf-8'),
+            salt=salt,
+            n=2**14,  # CPU/memory cost parameter
+            r=8,      # Block size parameter
+            p=1,      # Parallelization parameter
+            dklen=64   # Desired key length
+        )
+        
+        return salt.hex(), hashed_password.hex()
+    except Exception as e:
+        print(f"Error in secure_password_hashing: {e}")
+        return None, None
+
+
+def verify_password(password: str, salt_hex: str, hash_hex: str) -> bool:
+    """
+    Verifies a password against a stored hash and salt.
+
+    Args:
+        password: The password to verify.
+        salt_hex: The salt used to hash the password (as a hex string).
+        hash_hex: The stored hash of the password (as a hex string).
+
+    Returns:
+        True if the password matches the stored hash, False otherwise.
+    """
+    try:
+        salt = bytes.fromhex(salt_hex)
+        stored_hash = bytes.fromhex(hash_hex)
+        
+        hashed_password = hashlib.scrypt(
+            password.encode('utf-8'),
+            salt=salt,
+            n=2**14,  # CPU/memory cost parameter
+            r=8,      # Block size parameter
+            p=1,      # Parallelization parameter
+            dklen=64   # Desired key length
+        )
+
+        return hmac.compare_digest(hashed_password, stored_hash)
+    except ValueError as ve:
+        print(f"ValueError in verify_password (likely invalid hex): {ve}")
+        return False
+    except Exception as e:
+        print(f"Error in verify_password: {e}")
+        return False
+
+
+def sanitize_input(input_string: str) -> str:
+    """
+    Sanitizes user input to prevent common injection vulnerabilities.
+
+    This function removes or escapes characters that could be used in SQL injection,
+    cross-site scripting (XSS), or other injection attacks.
+
+    Args:
+        input_string: The string to sanitize.
+
+    Returns:
+        The sanitized string.
+    """
+    try:
+        # Example: Escape HTML entities
+        sanitized_string = input_string.replace("&", "&amp;").replace("<", "&lt;").replace(">", "&gt;").replace("\"", "&quot;").replace("'", "&#39;")
+
+        # Example: Remove potentially dangerous characters (e.g., for SQL injection)
+        sanitized_string = re.sub(r"[;'\"]", "", sanitized_string)
+
+        return sanitized_string
+    except Exception as e:
+        print(f"Error in sanitize_input: {e}")
+        return ""
+
+
+def validate_email(email: str) -> bool:
+    """
+    Validates an email address using a regular expression.
+
+    Args:
+        email: The email address to validate.
+
+    Returns:
+        True if the email address is valid, False otherwise.
+    """
+    try:
+        # A more robust email regex can be used
+        email_regex = r"^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$"
+        return re.match(email_regex, email) is not None
+    except Exception as e:
+        print(f"Error in validate_email: {e}")
+        return False
+
+
+def secure_file_upload(filename: str, file_content: bytes, upload_dir: str) -> str:
+    """
+    Handles secure file uploads, preventing common vulnerabilities like path traversal.
+
+    Args:
+        filename: The original filename of the uploaded file.
+        file_content: The content of the uploaded file as bytes.
+        upload_dir: The directory to store the uploaded files.
+
+    Returns:
+        The path to the saved file, or None on error.
+    """
+    try:
+        # Sanitize filename to prevent path traversal attacks
+        sanitized_filename = os.path.basename(filename)  # Remove directory components
+        sanitized_filename = re.sub(r"[^a-zA-Z0-9._-]", "", sanitized_filename) # Remove invalid characters
+
+        if not sanitized_filename:
+            print("Invalid filename.")
+            return None
+
+        filepath = os.path.join(upload_dir, sanitized_filename)
+
+        # Ensure the upload directory exists
+        os.makedirs(upload_dir, exist_ok=True)
+
+        # Write the file content
+        with open(filepath, "wb") as f:
+            f.write(file_content)
+
+        return filepath
+    except OSError as ose:
+        print(f"OSError in secure_file_upload: {ose}")
+        return None
+    except Exception as e:
+        print(f"Error in secure_file_upload: {e}")
+        return None
+
+def generate_secure_random_token(length: int = 32) -> str:
+    """
+    Generates a cryptographically secure random token.
+
+    Args:
+        length: The length of the token in bytes.
+
+    Returns:
+        A hex-encoded string representing the random token.
+    """
+    try:
+        return secrets.token_hex(length)
+    except Exception as e:
+        print(f"Error in generate_secure_random_token: {e}")
+        return None
+
+if __name__ == "__main__":
+    # Example usage
+    password = "my_secret_password"
+
+    # Secure password hashing
+    salt, password_hash = secure_password_hashing(password)
+    if salt and password_hash:
+        print(f"Salt: {salt}")
+        print(f"Password Hash: {password_hash}")
+
+        # Verify password
+        is_valid = verify_password(password, salt, password_hash)
+        print(f"Password is valid: {is_valid}")
+
+        is_invalid = verify_password("wrong_password", salt, password_hash)
+        print(f"Wrong password is valid: {is_invalid}")
+    else:
+        print("Password hashing failed.")
+
+    # Input sanitization
+    user_input = "<script>alert('XSS');</script>"
+    sanitized_input = sanitize_input(user_input)
+    print(f"Original input: {user_input}")
+    print(f"Sanitized input: {sanitized_input}")
+
+    # Email validation
+    email = "test@example.com"
+    is_valid_email = validate_email(email)
+    print(f"Email '{email}' is valid: {is_valid_email}")
+
+    invalid_email = "invalid-email"
+    is_valid_invalid_email = validate_email(invalid_email)
+    print(f"Email '{invalid_email}' is valid: {is_valid_invalid_email}")
+
+    # Secure file upload (example)
+    filename = "important.txt"
+    file_content = b"This is some sensitive data."
+    upload_dir = "uploads"
+    filepath = secure_file_upload(filename, file_content, upload_dir)
+    if filepath:
+        print(f"File uploaded to: {filepath}")
+    else:
+        print("File upload failed.")
+
+    # Generate secure random token
+    token = generate_secure_random_token()
+    print(f"Secure random token: {token}")

package/skills/performing-security-code-review/assets/example_code_vulnerable.py

@@ -0,0 +1,192 @@
+#!/usr/bin/env python3
+
+"""
+Example code snippets demonstrating common vulnerabilities.
+
+This module provides examples of vulnerable code that can be used for
+security testing and education. It includes examples of:
+
+- SQL Injection
+- Cross-Site Scripting (XSS)
+- Path Traversal
+- Command Injection
+- Buffer Overflow (simulated in Python)
+- Insecure Deserialization
+"""
+
+import os
+import subprocess
+import pickle
+import base64
+import sys
+
+def sql_injection_example(user_input):
+    """
+    Demonstrates a simple SQL injection vulnerability.
+
+    Args:
+        user_input (str):  A string that could be malicious.
+
+    Returns:
+        str: A dummy SQL query string.
+    """
+    try:
+        query = "SELECT * FROM users WHERE username = '" + user_input + "'"
+        # In a real application, this query would be executed against a database.
+        print(f"Generated query: {query}")  # For demonstration purposes only
+        return query
+    except Exception as e:
+        print(f"Error in sql_injection_example: {e}")
+        return None
+
+
+def xss_example(user_input):
+    """
+    Demonstrates a simple XSS vulnerability.
+
+    Args:
+        user_input (str): A string that could contain malicious JavaScript.
+
+    Returns:
+        str: The potentially vulnerable HTML output.
+    """
+    try:
+        output = "<h1>Welcome, " + user_input + "!</h1>"
+        # In a real application, this output would be rendered in a web page.
+        print(f"Generated HTML: {output}") # For demonstration purposes only
+        return output
+    except Exception as e:
+        print(f"Error in xss_example: {e}")
+        return None
+
+
+def path_traversal_example(filename):
+    """
+    Demonstrates a path traversal vulnerability.
+
+    Args:
+        filename (str): A filename provided by the user.
+
+    Returns:
+        str: The contents of the file (if accessible).  Returns None on error.
+    """
+    try:
+        # Vulnerable to path traversal: user can use "../" to access other files.
+        filepath = os.path.join("data", filename)
+        with open(filepath, "r") as f:
+            content = f.read()
+            print(f"File content (if accessible): {content}")
+            return content
+    except FileNotFoundError:
+        print(f"File not found: {filename}")
+        return None
+    except Exception as e:
+        print(f"Error in path_traversal_example: {e}")
+        return None
+
+
+def command_injection_example(user_input):
+    """
+    Demonstrates a command injection vulnerability.
+
+    Args:
+        user_input (str): A string that could contain malicious commands.
+
+    Returns:
+        str: The output of the executed command (if any). Returns None on error.
+    """
+    try:
+        # Vulnerable to command injection: user can inject shell commands.
+        command = "echo " + user_input
+        result = subprocess.run(command, shell=True, capture_output=True, text=True)
+        output = result.stdout
+        print(f"Command output: {output}")
+        return output
+    except Exception as e:
+        print(f"Error in command_injection_example: {e}")
+        return None
+
+
+def buffer_overflow_example(data, buffer_size):
+    """
+    Simulates a buffer overflow vulnerability in Python.
+
+    Python is generally memory-safe, so this is a simplified simulation.
+
+    Args:
+        data (str): The data to write to the buffer.
+        buffer_size (int): The size of the buffer.
+    """
+    try:
+        buffer = bytearray(buffer_size)
+        if len(data.encode('utf-8')) > buffer_size:
+            print("Simulating Buffer Overflow: Data exceeds buffer size.")
+            # Normally this would overwrite adjacent memory, but in Python,
+            # this will raise an IndexError. We avoid the error by truncating.
+            buffer[:] = data.encode('utf-8')[:buffer_size]  # Truncate to buffer size
+        else:
+            buffer[:] = data.encode('utf-8')
+        print(f"Buffer content: {buffer.decode('utf-8', 'ignore')}")
+    except Exception as e:
+        print(f"Error in buffer_overflow_example: {e}")
+
+
+def insecure_deserialization_example(serialized_data):
+    """
+    Demonstrates an insecure deserialization vulnerability using pickle.
+
+    Args:
+        serialized_data (str): A base64 encoded pickled object.
+
+    Returns:
+        The deserialized object, or None if an error occurs.
+    """
+    try:
+        # Deserialize the data (potentially dangerous if the data is untrusted)
+        decoded_data = base64.b64decode(serialized_data)
+        obj = pickle.loads(decoded_data)
+        print(f"Deserialized object: {obj}")
+        return obj
+    except Exception as e:
+        print(f"Error in insecure_deserialization_example: {e}")
+        return None
+
+
+if __name__ == "__main__":
+    print("Example Vulnerable Code Snippets:")
+
+    print("\nSQL Injection Example:")
+    sql_injection_example("'; DROP TABLE users; --")
+
+    print("\nXSS Example:")
+    xss_example("<script>alert('XSS Vulnerability!')</script>")
+
+    print("\nPath Traversal Example:")
+    # Create a dummy file for the path traversal example.
+    if not os.path.exists("data"):
+        os.makedirs("data")
+    with open("data/test.txt", "w") as f:
+        f.write("This is a test file.")
+
+    path_traversal_example("../example_code_vulnerable.py") # Attempt to access this file
+
+    print("\nCommand Injection Example:")
+    command_injection_example("&& ls -l")
+
+    print("\nBuffer Overflow Example:")
+    buffer_overflow_example("A" * 100, 10)
+
+    print("\nInsecure Deserialization Example:")
+    # Create a malicious object and serialize it.
+    class MaliciousClass:
+        def __reduce__(self):
+            return (os.system, ("rm -rf /",))  # DANGEROUS: Never do this in real code!
+
+    malicious_object = MaliciousClass()
+    serialized_data = base64.b64encode(pickle.dumps(malicious_object)).decode('utf-8')
+    print(f"Serialized data: {serialized_data}")
+    # WARNING: Deserializing this will execute the 'rm -rf /' command (if permitted)
+    # This line is commented out for safety.  UNCOMMENT AT YOUR OWN RISK AND ONLY IN A SAFE ENVIRONMENT.
+    # insecure_deserialization_example(serialized_data)
+
+    print("\nNote: Some examples are commented out for safety. Exercise caution when running these examples.")

package/skills/performing-security-code-review/assets/report_template.md

@@ -0,0 +1,76 @@
+# Security Review Report
+
+**Date:** [Date of Review]
+**Project:** [Project Name]
+**Reviewer:** [Reviewer Name/Security Agent]
+
+## Executive Summary
+
+[Briefly summarize the overall security posture of the reviewed code. Highlight the most critical findings and recommendations.]
+
+## Scope of Review
+
+[Clearly define the scope of the review, including the specific files, modules, or components that were analyzed.  Example: "This review covers the authentication module located in `/src/auth/` and the user profile management API endpoints."]
+
+## Methodology
+
+[Describe the methods used for the security review.  Example: "The review involved static code analysis, manual code inspection, and dynamic testing with sample payloads."]
+
+## Findings
+
+### Critical Vulnerabilities
+
+[List any critical vulnerabilities identified.  Critical vulnerabilities pose an immediate and significant risk to the application and its users.]
+
+**Vulnerability ID:** CRIT-001
+**Description:** [Detailed description of the vulnerability, including its potential impact.  Example: "SQL injection vulnerability in the user search functionality. An attacker can inject arbitrary SQL code via the `searchTerm` parameter, potentially leading to data leakage or modification."]
+**Severity:** Critical
+**Affected Component:** `/src/api/user_search.php`
+**Proof of Concept:** [Provide a proof of concept demonstrating the vulnerability. Example:  `curl -X GET "https://example.com/api/user_search.php?searchTerm='; DROP TABLE users; --"`]
+**Recommendation:** [Provide specific and actionable recommendations for remediation. Example: "Implement parameterized queries or prepared statements to prevent SQL injection."]
+
+### High Vulnerabilities
+
+[List any high vulnerabilities identified. High vulnerabilities can lead to significant security breaches if exploited.]
+
+**Vulnerability ID:** HIGH-002
+**Description:** [Detailed description of the vulnerability, including its potential impact. Example: "Cross-site scripting (XSS) vulnerability in the user profile display.  User-supplied input is not properly sanitized before being displayed, allowing an attacker to inject malicious JavaScript code."]
+**Severity:** High
+**Affected Component:** `/src/profile/display.php`
+**Proof of Concept:** [Provide a proof of concept demonstrating the vulnerability. Example:  `<script>alert('XSS')</script>` inserted into the user's profile name.]
+**Recommendation:** [Provide specific and actionable recommendations for remediation. Example: "Implement proper output encoding using a library like OWASP Java Encoder or similar for your language."]
+
+### Medium Vulnerabilities
+
+[List any medium vulnerabilities identified. Medium vulnerabilities may not be directly exploitable but could be chained with other vulnerabilities or lead to privilege escalation.]
+
+**Vulnerability ID:** MED-003
+**Description:** [Detailed description of the vulnerability, including its potential impact. Example: "Insecure direct object reference (IDOR) vulnerability in the password reset functionality. An attacker can potentially reset the password of another user by manipulating the user ID in the password reset request."]
+**Severity:** Medium
+**Affected Component:** `/src/password_reset/reset.php`
+**Proof of Concept:** [Provide a proof of concept demonstrating the vulnerability. Example:  Changing the `userId` parameter in the password reset URL to another user's ID.]
+**Recommendation:** [Provide specific and actionable recommendations for remediation. Example: "Implement proper authorization checks to ensure that users can only reset their own passwords. Use a random, non-predictable token for password reset links."]
+
+### Low Vulnerabilities
+
+[List any low vulnerabilities identified. Low vulnerabilities are typically minor issues that do not pose a significant risk but should still be addressed for best security practices.]
+
+**Vulnerability ID:** LOW-004
+**Description:** [Detailed description of the vulnerability, including its potential impact. Example: "Missing HTTP Strict Transport Security (HSTS) header. This can allow man-in-the-middle attacks to downgrade the connection to HTTP."]
+**Severity:** Low
+**Affected Component:** Web Server Configuration
+**Proof of Concept:** [Provide a proof of concept demonstrating the vulnerability. Example:  Checking the HTTP response headers with a tool like `curl -I` and observing the absence of the `Strict-Transport-Security` header.]
+**Recommendation:** [Provide specific and actionable recommendations for remediation. Example: "Configure the web server to send the HSTS header with a long max-age and includeSubDomains directive."]
+
+## General Recommendations
+
+[Provide general recommendations for improving the overall security of the application. Examples:
+*   Implement a comprehensive security testing strategy.
+*   Keep all software and dependencies up to date.
+*   Follow secure coding practices.]
+
+## Conclusion
+
+[Summarize the key findings and recommendations. Emphasize the importance of addressing the identified vulnerabilities to protect the application and its users.]
+
+**Disclaimer:** This security review is based on the information available at the time of the review. New vulnerabilities may be discovered in the future. It is important to continuously monitor and improve the security of the application.

package/skills/performing-security-code-review/references/README.md

@@ -0,0 +1,4 @@
+# References
+
+Bundled resources for security-agent skill
+

package/skills/performing-security-code-review/scripts/README.md

@@ -0,0 +1,7 @@
+# Scripts
+
+Bundled resources for security-agent skill
+
+- [ ] code_analyzer.py: Analyzes code snippets for common vulnerabilities (SQL injection, XSS, etc.) and generates a report.
+- [ ] dependency_checker.py: Checks project dependencies for known security vulnerabilities using tools like `safety` or `pip audit`.
+- [ ] report_formatter.py: Formats the security review findings into a structured report (e.g., JSON, Markdown) for easy consumption.

package/skills/performing-security-code-review/scripts/code_analyzer.py

@@ -0,0 +1,134 @@
+#!/usr/bin/env python3
+"""
+security-agent - Analysis Script
+Analyzes code snippets for common vulnerabilities (SQL injection, XSS, etc.) and generates a report.
+Generated: 2025-12-10 03:48:17
+"""
+
+import os
+import json
+import argparse
+from pathlib import Path
+from typing import Dict, List
+from datetime import datetime
+
+class Analyzer:
+    def __init__(self, target_path: str):
+        self.target_path = Path(target_path)
+        self.stats = {
+            'total_files': 0,
+            'total_size': 0,
+            'file_types': {},
+            'issues': [],
+            'recommendations': []
+        }
+
+    def analyze_directory(self) -> Dict:
+        """Analyze directory structure and contents."""
+        if not self.target_path.exists():
+            self.stats['issues'].append(f"Path does not exist: {self.target_path}")
+            return self.stats
+
+        for file_path in self.target_path.rglob('*'):
+            if file_path.is_file():
+                self.analyze_file(file_path)
+
+        return self.stats
+
+    def analyze_file(self, file_path: Path):
+        """Analyze individual file."""
+        self.stats['total_files'] += 1
+        self.stats['total_size'] += file_path.stat().st_size
+
+        # Track file types
+        ext = file_path.suffix.lower()
+        if ext:
+            self.stats['file_types'][ext] = self.stats['file_types'].get(ext, 0) + 1
+
+        # Check for potential issues
+        if file_path.stat().st_size > 100 * 1024 * 1024:  # 100MB
+            self.stats['issues'].append(f"Large file: {file_path} ({file_path.stat().st_size // 1024 // 1024}MB)")
+
+        if file_path.stat().st_size == 0:
+            self.stats['issues'].append(f"Empty file: {file_path}")
+
+    def generate_recommendations(self):
+        """Generate recommendations based on analysis."""
+        if self.stats['total_files'] == 0:
+            self.stats['recommendations'].append("No files found - check target path")
+
+        if len(self.stats['file_types']) > 20:
+            self.stats['recommendations'].append("Many file types detected - consider organizing")
+
+        if self.stats['total_size'] > 1024 * 1024 * 1024:  # 1GB
+            self.stats['recommendations'].append("Large total size - consider archiving old data")
+
+    def generate_report(self) -> str:
+        """Generate analysis report."""
+        report = []
+        report.append("\n" + "="*60)
+        report.append(f"ANALYSIS REPORT - security-agent")
+        report.append("="*60)
+        report.append(f"Target: {self.target_path}")
+        report.append(f"Generated: {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}")
+        report.append("")
+
+        # Statistics
+        report.append("📊 STATISTICS")
+        report.append(f"  Total Files: {self.stats['total_files']:,}")
+        report.append(f"  Total Size: {self.stats['total_size'] / 1024 / 1024:.2f} MB")
+        report.append(f"  File Types: {len(self.stats['file_types'])}")
+
+        # Top file types
+        if self.stats['file_types']:
+            report.append("\n📁 TOP FILE TYPES")
+            sorted_types = sorted(self.stats['file_types'].items(), key=lambda x: x[1], reverse=True)[:5]
+            for ext, count in sorted_types:
+                report.append(f"  {ext or 'no extension'}: {count} files")
+
+        # Issues
+        if self.stats['issues']:
+            report.append(f"\n⚠️  ISSUES ({len(self.stats['issues'])})")
+            for issue in self.stats['issues'][:10]:
+                report.append(f"  - {issue}")
+            if len(self.stats['issues']) > 10:
+                report.append(f"  ... and {len(self.stats['issues']) - 10} more")
+
+        # Recommendations
+        if self.stats['recommendations']:
+            report.append("\n💡 RECOMMENDATIONS")
+            for rec in self.stats['recommendations']:
+                report.append(f"  - {rec}")
+
+        report.append("")
+        return "\n".join(report)
+
+def main():
+    parser = argparse.ArgumentParser(description="Analyzes code snippets for common vulnerabilities (SQL injection, XSS, etc.) and generates a report.")
+    parser.add_argument('target', help='Target directory to analyze')
+    parser.add_argument('--output', '-o', help='Output report file')
+    parser.add_argument('--json', action='store_true', help='Output as JSON')
+
+    args = parser.parse_args()
+
+    print(f"🔍 Analyzing {args.target}...")
+    analyzer = Analyzer(args.target)
+    stats = analyzer.analyze_directory()
+    analyzer.generate_recommendations()
+
+    if args.json:
+        output = json.dumps(stats, indent=2)
+    else:
+        output = analyzer.generate_report()
+
+    if args.output:
+        Path(args.output).write_text(output)
+        print(f"✓ Report saved to {args.output}")
+    else:
+        print(output)
+
+    return 0 if len(stats['issues']) == 0 else 1
+
+if __name__ == "__main__":
+    import sys
+    sys.exit(main())