一键在 Manus 中运行任何 Skill

security-baseline

星标1

分支0

更新时间2026年6月11日 17:35

Audit and implement security best practices for GitHub repositories. USE THIS SKILL when user says "security audit", "check security", "add gitleaks", "secret scanning", "dependency audit", or needs security hardening.

安装

用 Codex 或 Claude 帮你安装复制这段 Prompt，粘贴到 Codex、Claude 或其他助手里，让它检查 Skill 页面并帮你完成安装。

在 Manus 中运行

来源

zircote

zircote/.github

打开 GitHub 仓库查看创作者相关仓库

下载

在 Manus 中运行

Security Baseline Skill

Purpose

Audit and implement security best practices for GitHub repositories, including secret scanning, dependency audits, and security hardening.

Triggers

"audit repository security"
"add secret scanning"
"check for vulnerabilities"
"security hardening"
"add pre-commit hooks"
"configure dependabot"

Usage

Run a security audit on any repository to identify gaps, then use the provided checklists and commands to implement security controls systematically.

Security Audit Checklist

GitHub Actions Security

Repository Security

Secret Management

Dependency Security

Dependabot enabled
Lock files committed
No critical CVEs
Regular audits scheduled

SHA Pinning Validation

# Check for unpinned actions
grep -rn "uses:.*@v[0-9]" .github/workflows/
grep -rn "uses:.*@main" .github/workflows/

# Validate all workflows
./scripts/validate-sha-pinning.sh .github/workflows/

Safe Permission Patterns

# Minimal (default)
permissions:
  contents: read

# For PR comments
permissions:
  contents: read
  pull-requests: write

# For releases
permissions:
  contents: write
  packages: write

OIDC Authentication

# AWS
permissions:
  id-token: write
  contents: read

steps:
  - uses: aws-actions/configure-aws-credentials@e7f100cf4c008499ea8adda475de1042d6975c7b # v6.2.0
    with:
      role-to-assume: arn:aws:iam::123456789:role/github-actions
      aws-region: us-east-1

Secret Scanning Setup

Gitleaks Configuration

# gitleaks.toml
[allowlist]
paths = [
  '''\.example$''',
  '''test/fixtures''',
]

Pre-commit Hook

# .pre-commit-config.yaml
repos:
  - repo: https://github.com/gitleaks/gitleaks
    rev: v8.18.0
    hooks:
      - id: gitleaks

Dependency Audit Commands

# Python
uv pip audit

# Node.js
pnpm audit

# Go
go list -json -m all | nancy sleuth

# Rust
cargo deny check advisories

Required Security Files

File	Purpose
`SECURITY.md`	Vulnerability reporting
`dependabot.yml`	Automated updates
`.pre-commit-config.yaml`	Pre-commit hooks
`gitleaks.toml`	Secret patterns
`CODEOWNERS`	Review requirements

Vulnerability Response

Severity	Response Time
Critical	Immediate
High	24 hours
Medium	1 week
Low	Next release

Quick Security Commands

# Run gitleaks
gitleaks detect --source . --verbose

# Check git history
gitleaks detect --source . --log-opts="--all"

# Find workflows without permissions
for f in .github/workflows/*.yml; do
  grep -q "^permissions:" "$f" || echo "Missing: $f"
done

同仓库更多 Skills

同仓库

gh-attested

zircote/.github

Assess, plan, and implement complete attested quality-gate coverage for a public open-source repo using GitHub-native + free-for-OSS tooling — SAST, SCA, secrets, container/IaC/license, SBOM, VEX, provenance, posture, peer review, load, DAST — each gate's verdict turned into a signed, digest-bound attestation. USE THIS SKILL when user says "assess quality gates", "attested quality gates", "attest CI gates", "add CodeQL/OSV-Scanner/Trivy/Scorecard", "SAST/SCA/DAST attestation", "free-for-OSS security gates", or "wire attested quality gates".

2026-06-161

attested-delivery

zircote/.github

Constitute and materialize the attested release architecture — signed, SLSA-attested, fail-closed-verified releases — in any organization or repository. USE THIS SKILL when user says "onboard to attested delivery", "set up release signing", "SLSA provenance", "attest releases", "constitute the attested architecture", "pin check", or "verify release attestations".

2026-06-121

template-creation

zircote/.github

Create new project templates or customize existing ones with CI/CD, tooling, and AI integration. USE THIS SKILL when user says "create template", "new template for", "customize template", "add template", or wants to build a new language/framework template.

2026-06-121

ai-tuning

zircote/.github

Optimize AI assistant configurations for maximum effectiveness. USE THIS SKILL when user says "improve CLAUDE.md", "better copilot instructions", "tune AI", "optimize prompts", "MCP configuration", or wants to enhance AI assistant behavior.

2026-06-111

content-pipeline

zircote/.github

Create and manage content for blogs, social media, video, and newsletters. USE THIS SKILL when user says "create blog post", "write social post", "content calendar", "repurpose content", "video script", or needs content creation help.

2026-06-111

ecosystem-migration

zircote/.github

Migrate existing repositories to use Personal GitHub Ecosystem templates and patterns. USE THIS SKILL when user says "migrate to ecosystem", "adopt templates", "convert workflow", "upgrade CI", or wants to transition existing projects.

2026-06-111

name	security-baseline
description	Audit and implement security best practices for GitHub repositories. USE THIS SKILL when user says "security audit", "check security", "add gitleaks", "secret scanning", "dependency audit", or needs security hardening.
allowed-tools	["Bash","Read","Write","Edit","Glob","Grep"]

name	security-baseline
description	Audit and implement security best practices for GitHub repositories. USE THIS SKILL when user says "security audit", "check security", "add gitleaks", "secret scanning", "dependency audit", or needs security hardening.
allowed-tools	["Bash","Read","Write","Edit","Glob","Grep"]