skillZs
LIVE SKILL TAGS
>>> LIVE SKILLS INDEX <<<
* OPEN SOURCE *
NO LOGIN, NO TRACKING
REAL INSTALL DATA
← back to all skills
ruvnet/ruflo0 installs

V3 Security Overhaul

Complete security architecture overhaul for claude-flow v3. Addresses critical CVEs (CVE-1, CVE-2, CVE-3) and implements secure-by-default patterns. Use for security-first v3 implementation.

How do I install this agent skill?

npx skills add https://github.com/ruvnet/ruflo --skill v3-security-overhaul
view source ↗

Is this agent skill safe to install?

  • Gen Agent Trust Hubpass

    This skill provides educational guidance and secure coding patterns for addressing common vulnerabilities, such as weak hashing, path traversal, and command injection. It references trusted packages and promotes security best practices.

  • Socketpass

    No alerts

  • Snykpass

    Risk: LOW · No issues

  • Runlayerpass

    1/1 file flagged

  • ZeroLeakspass

    1 finding · Score: 86/100

What does this agent skill do?

V3 Security Overhaul

What This Skill Does

Orchestrates comprehensive security overhaul for claude-flow v3, addressing critical vulnerabilities and establishing security-first development practices using specialized v3 security agents.

Quick Start

# Initialize V3 security domain (parallel)
Task("Security architecture", "Design v3 threat model and security boundaries", "v3-security-architect")
Task("CVE remediation", "Fix CVE-1, CVE-2, CVE-3 critical vulnerabilities", "security-auditor")
Task("Security testing", "Implement TDD London School security framework", "test-architect")

Critical Security Fixes

CVE-1: Vulnerable Dependencies

npm update @anthropic-ai$claude-code@^2.0.31
npm audit --audit-level high

CVE-2: Weak Password Hashing

// ❌ Old: SHA-256 with hardcoded salt
const hash = crypto.createHash('sha256').update(password + salt).digest('hex');

// ✅ New: bcrypt with 12 rounds
import bcrypt from 'bcrypt';
const hash = await bcrypt.hash(password, 12);

CVE-3: Hardcoded Credentials

// ✅ Generate secure random credentials
const apiKey = crypto.randomBytes(32).toString('hex');

Security Patterns

Input Validation (Zod)

import { z } from 'zod';

const TaskSchema = z.object({
  taskId: z.string().uuid(),
  content: z.string().max(10000),
  agentType: z.enum(['security', 'core', 'integration'])
});

Path Sanitization

function securePath(userPath: string, allowedPrefix: string): string {
  const resolved = path.resolve(allowedPrefix, userPath);
  if (!resolved.startsWith(path.resolve(allowedPrefix))) {
    throw new SecurityError('Path traversal detected');
  }
  return resolved;
}

Safe Command Execution

import { execFile } from 'child_process';

// ✅ Safe: No shell interpretation
const { stdout } = await execFile('git', [userInput], { shell: false });

Success Metrics

  • Security Score: 90/100 (npm audit + custom scans)
  • CVE Resolution: 100% of critical vulnerabilities fixed
  • Test Coverage: >95% security-critical code
  • Implementation: All secure patterns documented and tested

Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.

<a href="https://skillzs.dev/skills/ruvnet/ruflo/v3-security-overhaul">View V3 Security Overhaul on skillZs</a>