// Use before shipping to production. Performs OWASP Top 10 audit and STRIDE threat modeling against the codebase. Supports --quick, --standard, --thorough modes. Also use when the user asks to check security, audit code, or review for vulnerabilities. Triggers on /security.
Use when working near production, sensitive systems, or destructive operations. Activates on-demand safety hooks that block dangerous commands. Supports modes — careful (warn), freeze (guided, keeps writes within scope), unfreeze (remove restrictions). Triggers on /guard, /careful, /freeze, /unfreeze.
Orchestrate parallel agent sessions through a sprint. Coordinates task claiming, dependency resolution, and artifact handoff between independent agents. Triggers on /conductor, /sprint, /parallel.
Add a feature to an existing project with a full sprint. Skips /think diagnostic, goes straight to planning. Use when the user knows what they want and the project already exists. Triggers on /feature.
Use to verify that code works correctly — browser-based testing with Playwright, native app testing with computer use, CLI testing, API testing, or root-cause debugging. Supports --quick, --standard, --thorough modes. Triggers on /qa.
Use when starting non-trivial work (touching 3+ files, new features, refactors, bug investigations). Produces a scoped, actionable implementation plan before any code is written. Triggers on /nano.
Use after writing code to get a thorough code review. Runs two passes — structural correctness then adversarial edge-case hunting. Scales depth by diff size. Supports --quick, --standard, --thorough modes. Triggers on /review.
| name | security |
| description | Use before shipping to production. Performs OWASP Top 10 audit and STRIDE threat modeling against the codebase. Supports --quick, --standard, --thorough modes. Also use when the user asks to check security, audit code, or review for vulnerabilities. Triggers on /security. |
| concurrency | read |
| depends_on | ["build"] |
| summary | Security audit. OWASP A01-A10, STRIDE threat modeling, secrets scan, dependency audit. |
| estimated_tokens | 450 |
You think like an attacker but report like a defender. The real attack surface is rarely the code you wrote. It is the secrets in git history, the dependency you forgot to update, the CI pipeline that leaks tokens, and the AI endpoint without rate limiting. Start there, not at the application logic.
Defensive telemetry init. No-op if telemetry is disabled via NANOSTACK_NO_TELEMETRY=1, ~/.nanostack/.telemetry-disabled, or if the helpers are removed.
_P="$HOME/.claude/skills/nanostack/bin/lib/skill-preamble.sh"
[ -f "$_P" ] && . "$_P" security
unset _P
| Mode | Flag | Scope | Confidence gate |
|---|---|---|---|
| Quick | --quick | OWASP A01-A03 (top 3) + secrets scan + dependency check | 9/10 — only verified findings |
| Standard | (default) | Full OWASP A01-A10 + STRIDE per component + dependencies | 7/10 — report anything with evidence |
| Thorough | --thorough | Full OWASP + STRIDE + variant analysis + conflict detection + LLM security check | 3/10 — flag tentative findings marked as TENTATIVE |
Auto-suggest:
--quick--standard (default)--thoroughThorough-only features:
/review artifacts in .nanostack/review/ for contradictions.TENTATIVE: <description>.Resolve context — load plan, review artifacts, matched solutions, and config:
~/.claude/skills/nanostack/bin/resolve.sh security --diff
The output is JSON with upstream_artifacts (plan and review paths), solutions (matched by file overlap and security tags), conflict_precedents (path to precedents doc), diarizations (module briefs), and config (intensity, detected stack, conflict precedence).
From the plan artifact (if present):
planned_files[] → focus your audit on these files and their dependencies. Deeper analysis on fewer files is better than shallow analysis on everything.risks[] → treat each planned risk as a security hypothesis to verify. If the plan says "AWS SDK version compatibility" is a risk, check for insecure SDK usage patterns.From config: use detected_stack to scope which checks to run (skip Python checks in a Go project). Use conflict_precedence for cross-skill conflicts.
Then check if security/config.json exists. If not, ask the user to classify the project:
What type of project is this?
1. Public-facing (users/customers on the internet)
2. Internal (employees/team only, no public access)
3. Compliance-driven (fintech, health, regulated)
4. Library/SDK (consumed by other developers)
Store the answer:
// security/config.json
{
"project_type": "public_facing",
"conflict_precedence": "security > review > qa",
"configured_at": "2026-03-25"
}
This determines:
--thorough on first audit. internal/library → --standard.If config already exists, read it and skip setup.
Check these rules during your audit. Each one represents a proven security pattern from past sprints.
Auto-detect everything. Do NOT ask the user.
package.json → Node.js (check for next, express, fastify, hono)requirements.txt / pyproject.toml → Python (flask, django, fastapi)go.mod → Go (gin, echo, chi)Dockerfile, docker-compose.yml, .github/workflows/Report one-line: Detected: Next.js 14 + Prisma + Stripe, Docker, GitHub Actions
CORE (always run): secrets, injection, auth, config, dependencies, data-exposure.
CONDITIONAL (only if detected): AI/LLM endpoints, payment webhook verification, Docker misconfig, CI/CD pipeline security, file upload handling.
For extended check patterns, reference the OWASP checklist at security/references/owasp-checklist.md.
Read security/references/owasp-checklist.md for the OWASP A01-A10 framework.
Search for hardcoded credentials using regex patterns:
| Pattern | What |
|---|---|
AKIA[0-9A-Z]{16} | AWS access key |
sk_live_[a-zA-Z0-9]{24,} | Stripe live key |
sk-proj-[a-zA-Z0-9\-_]{20,} | OpenAI project key |
sk-ant-[a-zA-Z0-9\-_]{80,} | Anthropic key |
ghp_[a-zA-Z0-9]{36} | GitHub PAT |
-----BEGIN (RSA|EC|OPENSSH) PRIVATE KEY | Private key in code |
(postgres|mysql|mongodb\+srv):\/\/[^:\s]+:[^@\s]+@ | DB connection string with password |
Context rules: In *.test.*, *.example, README*, or values containing xxx, TODO, placeholder → downgrade to INFO.
Git history check (mandatory):
git log --all --oneline -- '.env' '.env.local' '*.pem' '*.key' 2>/dev/null | head -10
If results: secrets may be in history even if currently gitignored. CRITICAL — credentials must be rotated.
IMPORTANT: Credential redaction. When reporting secrets, NEVER show the full value. First 4 chars + **** (e.g., sk-pr****).
.github/workflows/ exists)| Check | What to look for |
|---|---|
| Unpinned actions | uses: action@main instead of uses: action@sha256 |
pull_request_target | Runs with write access on fork PRs — code injection vector |
| Secrets in logs | echo ${{ secrets.* }} or debug mode exposing secrets |
Overpermissioned GITHUB_TOKEN | permissions: write-all when only contents: read needed |
| Check | What to look for |
|---|---|
| API keys in client bundle | NEXT_PUBLIC_OPENAI, NEXT_PUBLIC_ANTHROPIC |
| Prompt injection | User input interpolated into system prompts (prompt + req.body) |
| Missing rate limiting | AI endpoints without rate limiter — attacker runs up your bill |
| Unsanitized LLM output | LLM response rendered as HTML without escaping |
False positives (skip): .env.example, sk_test_ keys, UUIDs, React/Angular output (XSS-safe by default, only flag escape hatches like dangerouslySetInnerHTML), eval() in build configs, 0.0.0.0 in Docker, SQL in migrations.
False negatives (don't miss): Auth on route but not on query (IDOR), secrets in git history, rate limiting on login but not password reset, SSRF via URL params to 169.254.169.254, dangerouslySetInnerHTML without DOMPurify.
Spoofing (impersonation?), Tampering (data integrity?), Repudiation (audit trail?), Info Disclosure (leaks?), DoS (overwhelm?), Elevation (privilege escalation?).
Report findings progressively. Don't wait until the end. As each phase completes, output its findings immediately so the user sees work happening.
Open with a summary line:
Security: CRITICAL (0) HIGH (1) MEDIUM (2) LOW (1) = 4 findings. Score: B
Scoring: A = 0 critical, 0 high, ≤3 medium. B = 0 critical, 1-2 high. C = 3+ high. D = 1-2 critical. F = 3+ critical.
Use security/templates/security-report.md for the full structure. Every finding must include:
Always close with What's solid: 2-3 specific things the codebase does well on security. Not filler. If the auth is well implemented, say so and say why.
Severity: Critical (RCE, unauth admin, hardcoded creds), High (stored XSS, IDOR, privilege escalation), Medium (CSRF, info disclosure, missing rate limit), Low (headers, verbose errors, outdated non-vulnerable deps).
Always check for conflicts with prior /review findings. The resolver output from Setup includes upstream_artifacts.review (if a review artifact exists) and conflict_precedents (path to the precedents doc). When a conflict is detected, mark inline:
### SEC-005: Excessive error detail
**Conflicts with:** REV-003 → RESOLUTION: structured errors (code + generic msg to user, details to logs)
In --quick mode, apply default precedence (security > review) without documenting.
In --standard mode, document conflicts inline.
In --thorough mode, document conflicts AND flag as BLOCKING until user confirms.
After completing the audit and conflict detection, save the artifact. Run this command now — do not skip it. The save is validated against the per-phase schema (see reference/artifact-schema.md); a security artifact requires summary (object), findings (array), and context_checkpoint.
SEC_JSON=$(jq -n \
--arg mode "$SEC_MODE" \
--argjson summary '{"total_findings":0,"critical":0,"high":0,"medium":0,"low":0}' \
--argjson findings '[]' \
--argjson conflicts '[]' \
--arg checkpoint_summary "Security audit found N findings across OWASP categories." \
'{
phase: "security",
mode: $mode,
summary: $summary,
findings: $findings,
conflicts: $conflicts,
context_checkpoint: {
summary: $checkpoint_summary,
key_files: [],
decisions_made: [],
open_questions: []
}
}')
~/.claude/skills/nanostack/bin/save-artifact.sh security "$SEC_JSON"
| Aspect | Quick | Standard | Thorough |
|---|---|---|---|
| OWASP scope | A01-A03 only | Full A01-A10 | Full + variant analysis |
| STRIDE | Skip | Per component | Per component + attack trees |
| Dependencies | npm audit only | Full scan | Full + license check |
| Conflict detection | Auto-resolve | Document inline | BLOCKING until resolved |
| Tentative findings | Skip | Skip | Report as TENTATIVE |
| Confidence gate | 9/10 | 7/10 | 3/10 |
Read profile, run_mode, autopilot, and plan_approval per reference/session-state-contract.md. When run_mode == report_only, do not apply fixes; only report findings.
After the security audit is complete and the artifact is saved:
If autopilot == true and no critical/high findings: Proceed to next pending skill. Show: Autopilot: security grade X (0 critical, 0 high). Running /qa...
If autopilot and critical or high findings: Stop and ask the user to review. Show the findings and wait. After resolution, continue autopilot.
Otherwise: Read the next action from session state:
~/.claude/skills/nanostack/bin/next-step.sh --json
Use .user_message for the prose and .next_phase for the phase name. The legacy positional form (next-step.sh security) is still supported.
When profile == "guided", the user-facing output follows the four-block skeleton in reference/plain-language-contract.md (Result / How to try / What was checked / What remains). Whether it is safe to try goes inside Result; do not add a separate block.
After the user-facing message above, print one summary line as the very last thing — useful for autopilot logs and quick scanning:
[security] OK: grade <A-F>, <N critical, M high>. Next: <first pending skill or "/ship">.
Use WARN instead of OK if any critical or high findings exist.
When the model or user fixes security findings, do NOT re-run the full audit. Instead:
Re-running the full OWASP scan after fixing a missing Content-Type header wastes time and tokens. Target the verification.
Before returning control:
_F="$HOME/.claude/skills/nanostack/bin/lib/skill-finalize.sh"
[ -f "$_F" ] && . "$_F" security success
unset _F
Pass abort or error instead of success if the audit did not complete normally.
npm audit, pip audit, go vuln check.git log -p --all -S 'password\|secret\|key\|token'--thorough. One finding = search for the pattern elsewhere.