MR
Mayur Rathi
@mayurrathi
⭐ 40.7k GitHub stars

Security Scanning Security Hardening

Security Scanning Security Hardening is an code AI skill with a core value of Coordinate multi-layer security scanning and hardening across application, infrastructure, and compliance controls. It helps developers solve real-world problems in the code domain, boosting efficiency, automating repetitive tasks, and optimizing workflows.

Coordinate multi-layer security scanning and hardening across application, infrastructure, and compliance controls.

Last verified on: 2026-07-07

Quick Facts

Category code
Works With Claude
Source sickn33/antigravity-awesome-skills
Stars ⭐ 40.7k
Last Verified 2026-07-07
Risk Level Low
mkdir -p ./skills/security-scanning-security-hardening && curl -sfL https://raw.githubusercontent.com/sickn33/antigravity-awesome-skills/main/skills/security-scanning-security-hardening/SKILL.md -o ./skills/security-scanning-security-hardening/SKILL.md

Run in terminal / PowerShell. Requires curl (Unix) or PowerShell 5+ (Windows).

Skill Content

Implement comprehensive security hardening with defense-in-depth strategy through coordinated multi-agent orchestration:


[Extended thinking: This workflow implements a defense-in-depth security strategy across all application layers. It coordinates specialized security agents to perform comprehensive assessments, implement layered security controls, and establish continuous security monitoring. The approach follows modern DevSecOps principles with shift-left security, automated scanning, and compliance validation. Each phase builds upon previous findings to create a resilient security posture that addresses both current vulnerabilities and future threats.]


Use this skill when


- Running a coordinated security hardening program

- Establishing defense-in-depth controls across app, infra, and CI/CD

- Prioritizing remediation from scans and threat modeling


Do not use this skill when


- You only need a quick scan without remediation work

- You lack authorization for security testing or changes

- The environment cannot tolerate invasive security controls


Instructions


1. Execute Phase 1 to establish a security baseline.

2. Apply Phase 2 remediations for high-risk issues.

3. Implement Phase 3 controls and validate defenses.

4. Complete Phase 4 validation and compliance checks.


Safety


- Avoid intrusive testing in production without approval.

- Ensure rollback plans exist before hardening changes.


Phase 1: Comprehensive Security Assessment


1. Initial Vulnerability Scanning

- Use Task tool with subagent_type="security-auditor"

- Prompt: "Perform comprehensive security assessment on: $ARGUMENTS. Execute SAST analysis with Semgrep/SonarQube, DAST scanning with OWASP ZAP, dependency audit with Snyk/Trivy, secrets detection with GitLeaks/TruffleHog. Generate SBOM for supply chain analysis. Identify OWASP Top 10 vulnerabilities, CWE weaknesses, and CVE exposures."

- Output: Detailed vulnerability report with CVSS scores, exploitability analysis, attack surface mapping, secrets exposure report, SBOM inventory

- Context: Initial baseline for all remediation efforts


2. Threat Modeling and Risk Analysis

- Use Task tool with subagent_type="security-auditor"

- Prompt: "Conduct threat modeling using STRIDE methodology for: $ARGUMENTS. Analyze attack vectors, create attack trees, assess business impact of identified vulnerabilities. Map threats to MITRE ATT&CK framework. Prioritize risks based on likelihood and impact."

- Output: Threat model diagrams, risk matrix with prioritized vulnerabilities, attack scenario documentation, business impact analysis

- Context: Uses vulnerability scan results to inform threat priorities


3. Architecture Security Review

- Use Task tool with subagent_type="backend-api-security::backend-architect"

- Prompt: "Review architecture for security weaknesses in: $ARGUMENTS. Evaluate service boundaries, data flow security, authentication/authorization architecture, encryption implementation, network segmentation. Design zero-trust architecture patterns. Reference threat model and vulnerability findings."

- Output: Security architecture assessment, zero-trust design recommendations, service mesh security requirements, data classification matrix

- Context: Incorporates threat model to address architectural vulnerabilities


Phase 2: Vulnerability Remediation


4. Critical Vulnerability Fixes

- Use Task tool with subagent_type="security-auditor"

- Prompt: "Coordinate immediate remediation of critical vulnerabilities (CVSS 7+) in: $ARGUMENTS. Fix SQL injections with parameterized queries, XSS with output encoding, authentication bypasses with secure session management, insecure deserialization with input validation. Apply security patches for CVEs."

- Output: Patched code with vulnerability fixes, security patch documentation, regression test requirements

- Context: Addresses high-priority items from vulnerability assessment


5. Backend Security Hardening

- Use Task tool with subagent

🎯 Best For

  • Security auditors
  • DevSecOps teams
  • Compliance officers
  • Claude users
  • Software engineers

💡 Use Cases

  • Auditing dependencies for known CVEs
  • Scanning API endpoints for auth gaps
  • Code quality improvement
  • Best practice enforcement

📖 How to Use This Skill

  1. 1

    Install the Skill

    Copy the install command from the Terminal tab and run it. The SKILL.md file downloads to your local skills directory.

  2. 2

    Load into Your AI Assistant

    Open Claude and reference the skill. Paste the SKILL.md content or use the system prompt tab.

  3. 3

    Apply Security Scanning Security Hardening to Your Work

    Open your project in the AI assistant and ask it to apply the skill. Start with a small module to verify the output quality.

  4. 4

    Review and Refine

    Review AI suggestions before committing. Run tests, check for regressions, and iterate on the skill output.

❓ Frequently Asked Questions

Can this replace a dedicated SAST tool?

AI-based security review is complementary to SAST tools. Use it as a first-pass filter, not a replacement.

Is Security Scanning Security Hardening compatible with Cursor and VS Code?

Yes — this skill works with any AI coding assistant including Cursor, VS Code with Copilot, and JetBrains IDEs.

Do I need specific dependencies for Security Scanning Security Hardening?

Check the install command and Works With section. Most code skills only require the AI assistant and your codebase.

How do I install Security Scanning Security Hardening?

Copy the install command from the Terminal tab and run it. The skill downloads to ./skills/security-scanning-security-hardening/SKILL.md, ready to use.

Can I customize this skill for my team?

Absolutely. Edit the SKILL.md file to add team-specific instructions, examples, or workflows.

⚠️ Common Mistakes to Avoid

Only scanning surface-level issues

Deep security review requires understanding your app architecture, not just regex patterns.

Skipping validation

Always test AI-generated code changes, even for simple refactors.

Missing dependency updates

Check if the skill requires updated dependencies or new packages.

🔗 Related Skills