Skip to main content
在 Manus 中运行任何 Skill
一键导入
GitHub 仓库

catpilot-ai-guardrails

catpilot-ai-guardrails 收录了来自 catpilotai 的 10 个 skills,并提供仓库级职业覆盖和站内 skill 详情页。

已收集 skills
10
Stars
2
更新
2026-05-17
Forks
4
职业覆盖
3 个职业分类 · 已分类 100%
仓库浏览

这个仓库中的 skills

catpilot-security-core
信息安全分析师

Catpilot's universal AI-coding-agent security baseline. Always-on guardrails across nine components: cloud CLI mutations, database state changes, local CLI destruction, Docker container builds, hardcoded secrets, secrets management, supply-chain integrity, PII / test-data hygiene, and language-agnostic secure-coding patterns (SQL injection, command injection, XSS, path traversal, insecure deserialization, eval-class APIs, SSRF). Apply on every code generation, file write, and shell command. Born from real production incidents.

2026-05-17
language-baseline
信息安全分析师

Block the language-agnostic classes of injection and arbitrary-code-execution failures — SQL via string concatenation, command injection via shell-true subprocess calls, XSS via `innerHTML`/`document.write`, path traversal via unvalidated filenames, insecure deserialization (`pickle`, unsafe `yaml.load`, PHP `unserialize`, Java `ObjectInputStream`, Ruby `Marshal`), dynamic code execution (`eval`, `Function`, `setTimeout(string)`), TypeScript `as any` escape hatches, and SSRF via unvalidated outbound URLs.

2026-05-17
pii-and-test-data
信息安全分析师

Block real customer data from appearing in test fixtures, code comments, documentation, debug output, or shared transcripts. Require synthetic generators (`faker`, `@faker-js/faker`, provider test cards), reserved test ranges (555 phone numbers, `@example.com` emails, RFC 5737 IPs), and redaction of PII/PHI/PCI from logs and error messages. Refuse to copy production rows into development environments under any framing.

2026-05-17
supply-chain
信息安全分析师

Block typosquats, unpinned dependencies, floating GitHub Actions tags, `curl | bash` installs, unverified agent skills/MCP servers, and post-install scripts from unknown publishers before they reach a developer machine, a CI runner, or a production image. Require lockfile-based installs, SHA-pinned third-party actions, registry-namespace verification, and provenance checks (Sigstore, npm provenance, GitHub attestations) for any code that will run.

2026-05-17
secrets-management
信息安全分析师

Govern how secrets are stored, scoped, distributed, rotated, and surfaced to running code — never committed `.env` files, never echoed in CI logs, never embedded in URLs or error messages, never shared across environments. Complements `secret-blocking` (which detects hardcoded patterns at write time) by enforcing the lifecycle around already-secured secrets — `.gitignore` hygiene, CI log redaction, vault-backed access, scoped credentials per environment, and a documented response when exposure happens.

2026-05-17
docker-safety
网络与计算机系统管理员

Block container runtime escape paths, root-by-default images, build-time secrets baked into layers, and supply-chain risks from floating base tags before they reach a registry or a host. Require non-root `USER`, digest-pinned base images, BuildKit secret mounts (never `ENV`/`ARG` for secrets), `--no-install-recommends` + cache cleanup, and refuse `--privileged`, `--net=host`, `--pid=host`, host root bind-mounts, and `chmod 777` inside containers.

2026-05-17
local-cli-safety
信息安全分析师

Block irreversible filesystem operations, history-destroying git commands on shared branches, network exposure to non-loopback interfaces, world-readable credential paths, and credential exfiltration patterns before they run on a developer or CI machine. Covers `rm`/`find -delete`/`dd`/`chmod -R`, `git push --force`/`reset --hard`/`clean -fd` on protected branches, `--bind 0.0.0.0` services, and patterns that pipe `~/.ssh`, `~/.aws`, or environment variables into external requests.

2026-05-17
database-safety
数据库架构师

Require preview-before-modify, row-count disclosure, transactional execution, and rollback preparation before any SQL or ORM operation that mutates data or schema. Block destructive statements without a WHERE clause, schema drops without confirmation, prod migrations without dry-run, and raw string interpolation into queries. Covers PostgreSQL, MySQL, SQL Server, SQLite, and ORM equivalents.

2026-05-16
cloud-cli-safety
网络与计算机系统管理员

Require query-before-modify, full-command display, explicit confirmation, and rollback preparation before any cloud CLI invocation that mutates infrastructure. Covers Azure (`az`), AWS (`aws`), GCP (`gcloud`, `gsutil`), Kubernetes (`kubectl`, `helm`), and Terraform/IaC (`terraform`). Born from a real production incident where a partial-YAML container update wiped every environment variable on a live service.

2026-05-06
secret-blocking
信息安全分析师

Detects and blocks hardcoded secrets — API keys, tokens, private keys, and database connection strings — before they are written to disk, committed to git, or echoed to logs. Covers 40+ patterns across Stripe, AWS, GitHub, GitLab, OpenAI, Anthropic, Slack, Google, SendGrid, Mailgun, Square, Twilio, and generic credential formats. Apply on every file write, every diff review, and every shell command that emits configuration.

2026-05-06