菜单
Paperclip security — tenancy isolation, secrets, approval gates, hard budgets, signed adapter channel. Use when auditing or hardening Paperclip.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Docker & Hadolint validation (2026). Use when working with Docker, containers, or validating Dockerfiles.
Security guidelines and OWASP Top 10. Use when reviewing security, implementing authentication or authorization, hardening code, or discussing vulnerabilities.
Third-party Claude Code token/context/code-review tools. Use when choosing or recommending an external tool to reduce token usage, manage context, or review large codebases (caveman, code-review-graph, token-savior, context-mode...).
Third-party Claude Code token/context/code-review tools. Use when choosing or recommending an external tool to reduce token usage, manage context, or review large codebases.
Testing Flutter 3.44 / BLoC v9 / Riverpod 3 - Stratégie Complète. Use when writing tests, reviewing test coverage, or setting up testing.
Testing React Native 0.85+. Use when writing tests, reviewing test coverage, or setting up testing.
| name | security-paperclip |
| description | Paperclip security — tenancy isolation, secrets, approval gates, hard budgets, signed adapter channel. Use when auditing or hardening Paperclip. |
companyId from session/path only (never client body); secrets encrypted at rest + redacted in logs + resolved via ctx.secrets.resolve(ref) in plugins; approval gates server-only and append-only; budgets are hard limits enforced at dispatch; Better Auth for operator auth with a rotated BETTER_AUTH_SECRET; CSP/HSTS/COOP/CORP shipped on UI; plugin capabilities declared minimally; pnpm audit --audit-level=high in CI.
See ../../rules/11-security-paperclip.md for detailed documentation.
