gathering-security

📁 autumnsgrove/groveengine 📅 8 days ago

总安装量

周安装量

#47844

全站排名

安装命令

npx skills add https://github.com/autumnsgrove/groveengine --skill gathering-security

Agent 安装分布

replit 1

opencode 1

codex 1

claude-code 1

gemini-cli 1

Skill 文档

Gathering Security ð²ð·ï¸ð¦

The drum echoes in the shadows. The Spider weaves intricate webs of authentication, each strand placed with precision. The Raccoon rummages through every corner, finding what doesn’t belong, cleaning what could harm. Together they secure the forestâdoors locked tight, secrets safe, paths protected.

When to Summon

Implementing authentication systems
Adding OAuth or session management
Security auditing before launch
After security incidents
Preparing for production deployment
When auth and security audit must work together

The Gathering

SUMMON â ORGANIZE â EXECUTE â VALIDATE â COMPLETE
   â         â²          â²          â²          â
Receive  Dispatch   Animals    Verify   Security
Request  Animals    Work       Check    Hardened

Animals Mobilized

ð·ï¸ Spider â Weave authentication webs with patient precision
ð¦ Raccoon â Rummage for security risks and cleanup

Phase 1: SUMMON

The drum sounds. The shadows shift…

Receive and parse the request:

Clarify the Security Work:

Adding new auth provider? (OAuth, SSO)
Securing routes and APIs?
General security audit?
Post-incident cleanup?

Scope Check:

“I’ll mobilize a security gathering for: [security work]

This will involve:

ð·ï¸ Spider weaving authentication

OAuth/PKCE flow

Session management

Route protection

Token handling

ð¦ Raccoon auditing security

Secret scanning

Vulnerability check

Input validation review

Access control verification

Proceed with the gathering?”

Phase 2: ORGANIZE

The animals take their positions in the shadows…

Dispatch in sequence:

Dispatch Order:

Spider âââ Raccoon
   â          â
   â          â
Weave      Audit
Auth       Security

Dependencies:

Spider must complete before Raccoon (needs auth to audit)
May iterate: Raccoon findings â Spider fixes â Raccoon re-audit

Iteration Cycle (When Vulnerabilities Found):

âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â                   SECURITY ITERATION                     â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ¤
â                                                          â
â   ð·ï¸ Spider weaves auth    ââââââº    ð¦ Raccoon audits  â
â         â²                                   â            â
â         â                                   â¼            â
â         â                          Vulnerabilities?      â
â         â                             /        \         â
â         â                          Yes          No       â
â         â                           â            â       â
â         ââââââ Spider fixes âââââââââ            â       â
â                                                  â¼       â
â                                            â Secure     â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ

Iteration Rules:

Raccoon finds vulnerability â Spider patches â Raccoon re-audits that specific fix
Maximum 3 iterations per issue (if more needed, architectural review required)
Each iteration focuses only on newly found/fixed items
Document all iterations in final report

Phase 3: EXECUTE

The web is woven. The audit begins…

Execute each phase:

ð·ï¸ SPIDER â WEAVE

"Spinning the authentication threads..."

Phase: SPIN
- Choose auth pattern (OAuth 2.0 + PKCE, JWT, Session)
- Set up infrastructure (client registration, secrets)

Phase: CONNECT
- Implement OAuth flow (login/callback)
- Session/token management
- User info fetching

Phase: SECURE
- Route protection middleware
- CSRF protection
- Rate limiting
- Security headers

Phase: TEST
- Auth flow end-to-end
- Error handling
- Edge cases

Phase: BIND
- Documentation
- Environment variables
- Monitoring

Output:
- Working authentication system
- Protected routes
- Session management

ð¦ RACCOON â AUDIT

"Rummaging through every corner..."

Phase: RUMMAGE
- Search for secrets in code
- Check git history
- Scan dependencies for vulnerabilities

Phase: INSPECT
- Validate auth implementation
- Check input validation
- Review access controls
- Examine error messages

Phase: SANITIZE
- Remove any secrets found
- Rotate exposed credentials
- Patch vulnerabilities

Phase: PURGE
- Clean git history if needed
- Remove dead code
- Clear old tokens

Phase: VERIFY
- Re-scan for secrets
- Verify fixes
- Install pre-commit hooks

Output:
- Security audit report
- Issues fixed
- Preventive measures in place

Phase 4: VALIDATE

The web holds. The audit confirms…

Validation Checklist:

Spider: Auth flow works end-to-end
Spider: Routes properly protected
Spider: Sessions expire correctly
Spider: CSRF protection active
Raccoon: No secrets in codebase
Raccoon: Dependencies up to date
Raccoon: Input validation present
Raccoon: No sensitive data in logs
Raccoon: Pre-commit hooks installed

Security Test Cases:

Authentication:
â¡ Login redirects to provider
â¡ Callback exchanges code for tokens
â¡ Sessions created correctly
â¡ Logout clears sessions
â¡ Expired tokens rejected

Authorization:
â¡ Protected routes require auth
â¡ Admin routes check roles
â¡ API endpoints verify tokens
â¡ Users can't access others' data

Input Validation:
â¡ SQL injection prevented
â¡ XSS prevented
â¡ File uploads sanitized
â¡ Rate limiting active

Phase 5: COMPLETE

The gathering ends. The forest is secure…

Completion Report:

## ð² GATHERING SECURITY COMPLETE

### Security Work: [Description]

### Animals Mobilized
ð·ï¸ Spider â ð¦ Raccoon

### Authentication Implemented
- **Provider:** [OAuth 2.0 / GitHub / Google / etc.]
- **Flow:** [PKCE / Authorization Code]
- **Session Type:** [Token / Session Cookie]
- **Routes Protected:** [count]

### Security Measures
- CSRF protection: â
- Rate limiting: â [limits]
- Security headers: â
- Input validation: â
- Secret scanning: â Clean

### Vulnerabilities Addressed
- [List any found and fixed]

### Preventive Measures
- Pre-commit hooks installed
- Dependency scanning enabled
- Security headers configured
- Monitoring alerts set

### Files Created/Modified
- Auth routes: [files]
- Middleware: [files]
- Configuration: [files]

### Time Elapsed
[Duration]

*The forest sleeps securely.* ð²

Example Gathering

User: “/gathering-security Add GitHub OAuth and security audit”

Gathering execution:

ð² SUMMON â “Mobilizing for: GitHub OAuth + security audit. New auth provider needed.”
ð² ORGANIZE â “Spider implements â Raccoon audits”
ð² EXECUTE â
- ð·ï¸ Spider: “OAuth client registered, PKCE flow implemented, sessions working, routes protected”
- ð¦ Raccoon: “No secrets found, dependencies clean, input validated, rate limiting added”
ð² VALIDATE â “Auth works, audit clean, all security checks pass”
ð² COMPLETE â “GitHub OAuth live, security hardened”

Woven tight and audited cleanâthe forest is safe. ð²

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台