菜单
Applies NIST/CWE security hardening to Python and Rust code. Use when auditing code for vulnerabilities or proposing concrete security remediations.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Detects AI-generated writing patterns in prose. Use when reviewing docs for slop, vague language, or identity leaks before publishing.
Audits Rust code for unsafe blocks, ownership issues, and Cargo dependency risks. Use when reviewing Rust code or before merging Rust changes.
Recommends context compression strategies for bloated or quota-heavy sessions. Use when context feels sluggish or quota burns faster than expected.
Guide minimal code via a decision ladder with full safety, edge, and negative-case coverage. Use when adding code, choosing a dependency, or auditing a diff.
Optimizes context window via MECW principles and memory tiering. Use when context exceeds 30% or before long multi-step tasks.
Generates or remediates documentation with human-quality writing. Use when creating new docs, rewriting AI-generated content, or applying style profiles.
| name | harden |
| description | Applies NIST/CWE security hardening to Python and Rust code. Use when auditing code for vulnerabilities or proposing concrete security remediations. |
| globs | **/*.{py,rs,toml,yaml,yml,sh} |
| alwaysApply | false |
| category | security |
| tags | ["security","hardening","nist","supply-chain","python","rust","cwe"] |
| tools | [] |
| provides | {"governance":["hardening-report","remediation-proposal"],"security":["vuln-detection","hardening-posture"]} |
| usage_patterns | ["security-hardening","quarterly-posture-audit","pre-release-security-gate"] |
| complexity | advanced |
| model_hint | deep |
| estimated_tokens | 1100 |
| progressive_loading | true |
| dependencies | ["pensive:safety-critical-patterns","pensive:rust-review","pensive:bug-review","pensive:tiered-audit","pensive:blast-radius","leyline:supply-chain-advisory","leyline:authentication-patterns","leyline:content-sanitization","abstract:hook-authoring","imbue:proof-of-work","imbue:review-core","imbue:structured-output"] |
| modules | ["modules/nist-controls.md","modules/python-checks.md","modules/rust-checks.md","modules/cross-cutting.md","modules/frontier-checks.md","modules/proposal-shape.md"] |
Active security hardening: scan the existing repository for vulnerabilities and forward-facing threats, then propose concrete remediations the user can approve, defer, or file.
This skill is the engine behind /harden. It complements the
Claude Code built-in /security-review (which scans the pending
diff) by sweeping the whole repository against citation-backed
checks rather than line-level review of in-flight code.
/security-review.attune:war-room
with a security-focused panel.pensive:bug-review.harden:discovery: inventory languages, build files, hooks,
CI workflowsharden:scan-python: run python-checks.md detectors when
Python is presentharden:scan-rust: run rust-checks.md detectors when Rust
is presentharden:scan-cross-cutting: run cross-cutting.md detectors
(deps, secrets, SBOM, CI)harden:scan-frontier: run frontier-checks.md (PQC, LLM
supply chain, sandboxing)harden:nist-mapping: map findings to NIST SSDF practicesharden:proposals: for each finding above the threshold,
draft a concrete remediation per modules/proposal-shape.mdharden:approval-gate: present proposals to the user for
apply / file / defer / rejectharden:apply-and-validate: apply approved proposals as
discrete commits, re-run gates, capture evidenceharden:findings-verified: citations confirmed by
citation_verifier.pyharden:report: write reviews/harden-<date>.md and
optionally post to DiscussionsLoad modules based on what the discovery step finds.
| Detected | Load |
|---|---|
Python files (*.py, pyproject.toml) | modules/python-checks.md |
Rust files (*.rs, Cargo.toml) | modules/rust-checks.md |
| Any | modules/nist-controls.md (citation backbone) |
| Any | modules/cross-cutting.md (deps, secrets, CI) |
LLM SDK use (anthropic, openai), MCP server, post-quantum surface | modules/frontier-checks.md |
| Any with proposals enabled | modules/proposal-shape.md |
The module hub keeps the SKILL.md itself under the
estimated_tokens: 1100 budget. Detail lives in the modules.
Inventory the repo without modifying anything:
# Languages and build files
find . -type f \( -name '*.py' -o -name '*.rs' -o -name '*.sh' \) \
| head -200 > /tmp/harden-langs.txt
# Build manifests
ls pyproject.toml Cargo.toml package.json go.mod 2>/dev/null
# CI workflows and pre-commit
ls .github/workflows/ .pre-commit-config.yaml 2>/dev/null
# Hooks and Dockerfiles
find . -path ./node_modules -prune -o -type f \
\( -name 'hooks.json' -o -name 'Dockerfile*' \) -print
Dispatch /discovery-prefilter if the repo has > 5000 source files
to bound the scan.
For each detected language, load the matching module and run its
detector list. Each detector outputs findings with the schema
defined in modules/proposal-shape.md. The citation column is
mandatory: a finding without a NIST/CWE reference is downgraded
to "advisory" and not eligible for active proposal.
Group findings by SSDF practice (PW.4, PW.8, RV.1, etc.) and CWE
ID. The mapping table lives in modules/nist-controls.md. The
report's executive summary references SSDF practice coverage so
the audit is comparable across runs.
For each finding above the configured severity threshold, draft a
concrete remediation per modules/proposal-shape.md:
pensive:blast-radiusPresent proposals one at a time via AskUserQuestion. Default
options: apply, file as issue, defer to backlog,
reject. Auto-apply is opt-in via the --auto-apply flag and
respects a per-finding severity threshold.
Apply each approved proposal as a discrete commit:
git add <touched files>
git commit -m "harden: <finding-id> <one-line summary>"
After each apply, re-run the project gates:
make test --quiet && make lint && make type-check
If a gate fails, revert the commit (git revert HEAD --no-edit)
and downgrade the finding to "needs human design."
Write reviews/harden-<date>.md with:
If running inside a PR context, post the executive summary as a
comment via abstract:post_review_insights.
| Severity | Definition | Default disposition |
|---|---|---|
| CRITICAL | Active exploit path, RCE, credential leak | apply or file immediately |
| HIGH | Plausible exploit, missing defense-in-depth on attack surface | propose for apply |
| MEDIUM | Best-practice gap, hardening opportunity | propose for apply with --auto-apply medium |
| LOW | Style/documentation gap with security flavor | file as issue |
| ADVISORY | Pattern detected without exploit narrative | report only |
# Hardening Report — <date>
## Executive Summary
- Codebase: <repo> @ <sha>
- Languages scanned: Python (X files), Rust (Y files)
- NIST SSDF practices covered: PW.4, PW.7, PW.8, RV.1, RV.2
- CWE Top 25 hits: <count> across <distinct CWEs>
- Disposition: <N> applied, <N> filed, <N> deferred, <N> rejected
## Findings
| ID | Severity | Citation | File:Line | Disposition |
|----|----------|----------|-----------|-------------|
| H1 | CRITICAL | CWE-502, NIST SSDF PW.7 | `src/x.py:45` | applied (commit abc123) |
| H2 | HIGH | CWE-89, NIST SSDF PW.4 | `src/y.py:120` | filed (#456) |
## Per-finding detail
### H1 — Unsafe deserialization
**Citation:** CWE-502 (Deserialization of Untrusted Data),
NIST SSDF PW.7 (Review and analyze human-readable code).
**Detection signal:**
- File: `src/x.py:45`
- Anchor: `data = pickle.loads(user_supplied_input)`
- Pattern: <module>.loads(user_supplied_input)
- Reachability: untrusted, comes from request body
**Proposal:** ...
**Blast radius:** ...
**Reversal plan:** ...
--auto-apply,
CRITICAL findings always prompt.--report-only until the user has reviewed at least one
report and explicitly opts into proposals.The skill composes (rather than re-implements):
pensive:rust-review: full Rust audit when Rust is presentpensive:bug-review: bug-hunting backbonepensive:safety-critical-patterns: NASA Power-of-10 adaptedpensive:tiered-audit: three-tier discipline (--tier 1/2/3)pensive:blast-radius: change-impact assessment for proposalsleyline:supply-chain-advisory: dependency postureleyline:authentication-patterns: auth/credential reviewleyline:content-sanitization: input handlingabstract:hook-authoring: hook-event securityimbue:proof-of-work: evidence discipline for findingsharden:findings-verified)Every finding must cite a real location and a verbatim anchor. Write
findings to .review/findings.json and confirm each citation resolves:
python plugins/imbue/scripts/citation_verifier.py \
--findings .review/findings.json --repo-root .
Drop or label UNVERIFIED any finding the verifier fails (exit 1); only
verified findings enter the report. See Skill(imbue:review-core) Step 5
and Skill(imbue:structured-output) for the schema.
--auto-apply flag covering its severity).reviews/harden-<date>.md exists and lists every finding
with a disposition (applied / filed / deferred / rejected /
advisory).Location + verbatim Anchor
confirmed by citation_verifier.py (exit 0), or unverified
findings were dropped or labeled UNVERIFIED.