V3 Security Overhaul
Complete security architecture overhaul for claude-flow v3. Addresses critical CVEs (CVE-1, CVE-2, CVE-3) and implements secure-by-default patterns. Use for security-first v3 implementation.
How do I install this agent skill?
npx skills add https://github.com/ruvnet/ruflo --skill v3-security-overhaulIs this agent skill safe to install?
- Gen Agent Trust Hubpass
This skill provides educational guidance and secure coding patterns for addressing common vulnerabilities, such as weak hashing, path traversal, and command injection. It references trusted packages and promotes security best practices.
- Socketpass
No alerts
- Snykpass
Risk: LOW · No issues
- Runlayerpass
1/1 file flagged
- ZeroLeakspass
1 finding · Score: 86/100
What does this agent skill do?
V3 Security Overhaul
What This Skill Does
Orchestrates comprehensive security overhaul for claude-flow v3, addressing critical vulnerabilities and establishing security-first development practices using specialized v3 security agents.
Quick Start
# Initialize V3 security domain (parallel)
Task("Security architecture", "Design v3 threat model and security boundaries", "v3-security-architect")
Task("CVE remediation", "Fix CVE-1, CVE-2, CVE-3 critical vulnerabilities", "security-auditor")
Task("Security testing", "Implement TDD London School security framework", "test-architect")
Critical Security Fixes
CVE-1: Vulnerable Dependencies
npm update @anthropic-ai$claude-code@^2.0.31
npm audit --audit-level high
CVE-2: Weak Password Hashing
// ❌ Old: SHA-256 with hardcoded salt
const hash = crypto.createHash('sha256').update(password + salt).digest('hex');
// ✅ New: bcrypt with 12 rounds
import bcrypt from 'bcrypt';
const hash = await bcrypt.hash(password, 12);
CVE-3: Hardcoded Credentials
// ✅ Generate secure random credentials
const apiKey = crypto.randomBytes(32).toString('hex');
Security Patterns
Input Validation (Zod)
import { z } from 'zod';
const TaskSchema = z.object({
taskId: z.string().uuid(),
content: z.string().max(10000),
agentType: z.enum(['security', 'core', 'integration'])
});
Path Sanitization
function securePath(userPath: string, allowedPrefix: string): string {
const resolved = path.resolve(allowedPrefix, userPath);
if (!resolved.startsWith(path.resolve(allowedPrefix))) {
throw new SecurityError('Path traversal detected');
}
return resolved;
}
Safe Command Execution
import { execFile } from 'child_process';
// ✅ Safe: No shell interpretation
const { stdout } = await execFile('git', [userInput], { shell: false });
Success Metrics
- Security Score: 90/100 (npm audit + custom scans)
- CVE Resolution: 100% of critical vulnerabilities fixed
- Test Coverage: >95% security-critical code
- Implementation: All secure patterns documented and tested
How can the creator link this skill?
Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.
<a href="https://skillzs.dev/skills/ruvnet/ruflo/v3-security-overhaul">View V3 Security Overhaul on skillZs</a>