Diablo_Rain/Diablo_ClaudeMD_Ricing_example
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
50fa79407d
Diablo_ClaudeMD_Ricing_example/skills/audit/SKILL.md
diablo 50fa79407d
Some checks are pending
CI — CoM Config Validation / Validate JSON Configs (push) Waiting to run
Details
CI — CoM Config Validation / Validate YAML Configs (push) Waiting to run
Details
CI — CoM Config Validation / Lint Shell Scripts (push) Waiting to run
Details
CI — CoM Config Validation / Secret Detection (push) Waiting to run
Details
CI — CoM Config Validation / Lint Markdown (push) Waiting to run
Details
CI — CoM Config Validation / Validate CODEOWNERS (push) Waiting to run
Details
CoM Claude Command Center — sanitized public configuration 
Public, sanitized mirror of an AI orchestration command center: agents, skills,
MCP servers, slash-command workflows. All infrastructure identifiers, hostnames,
mesh IPs/subnets, repo paths, maintainer identity, and hardware fleet specifics
scrubbed to <placeholders>; session debug logs and host-specific memory removed.
No live credentials. Verified clean by automated leak sweep. See SANITIZATION.md.

churchofmalware.org . authorized research only
2026-06-10 02:02:03 -04:00

76 lines
3.1 KiB
Markdown
Raw Blame History

---
name: audit
description: Three-pass security audit pipeline. Aegis (SAST) → Specter (DAST) → Apex (synthesis). Use for security auditing any crate, directory, or the full workspace.
argument-hint: [scope: workspace|crate-name|red-team]
allowed-tools: Bash, Read, Grep, Glob, Agent
---
# /audit — CoM Multi-Pass Security Audit
You are executing the CoM three-pass security audit pipeline. This is a Pod A coordinated operation.
---
## PASS 1: Static Analysis (Aegis — The Sage)
Run the SAST pipeline against the target scope:
1. `cargo clippy --workspace --all-targets -- -D warnings` — lint analysis
2. `cargo deny check` — dependency policy compliance (deny.toml)
3. `cargo audit` — CVE scanning against RUSTSEC advisory database (if installed)
4. Inventory all `unsafe` blocks — document each with file, line, and justification status
5. Secret scan — verify no API keys, tokens, or credentials in staged/modified files
6. Review `red-team/synos-redteam/docs/ATTACK_SURFACE_MAP.md` for current attack surface
Produce a **SAST Findings Report** with P0/P1/P2 classifications.
---
## PASS 2: Dynamic Analysis (Specter — The Outlaw)
Conduct DAST review of the same scope:
1. Map all entry points, interfaces, and trust boundaries in the target
2. Apply STRIDE threat model (Spoofing, Tampering, Repudiation, Information Disclosure, DoS, Elevation of Privilege)
3. Review sandbox isolation: namespace boundaries, cgroup limits, seccomp filters
4. Analyze privilege escalation paths from any compromised component
5. Check input validation logic for injection vectors (command, path traversal)
6. Cross-reference against the 17 attack vectors in `red-team/synos-redteam/src/sandbox.rs`
Produce a **DAST Findings Report** with attack vectors and remediation recommendations.
---
## PASS 3: Tech Lead Synthesis (Apex — The Magician)
Synthesize SAST + DAST findings into a final assessment:
1. Merge findings from Pass 1 and Pass 2, deduplicate
2. Classify combined severity:
- **P0 (Critical):** Exploitable vulnerabilities, credential exposure, sandbox escape paths
- **P1 (Important):** Unsafe code without justification, banned deps, failing deny check
- **P2 (Advisory):** Clippy warnings, code smell, maintainability concerns
3. Assess technical debt impact of findings
4. Produce final audit report with action items assigned to Cipher
**Output location:** `docs/internal/security-audits/audit-[date].md`
---
## EXECUTION CONSTRAINTS
- On hardware with <= <ram> RAM (oracle): run passes **sequentially** (not parallel)
- On hardware with >= <ram> RAM (<node>): Pass 1 and Pass 2 may run in parallel
- All three passes must complete before the audit is considered done
- P0 findings require immediate escalation to CADevO/Ty — do not wait for synthesis
- The audit report must include an **Unknowns** section (what wasn't covered)
## SCOPE
If $ARGUMENTS is provided, audit that specific crate or directory:
- `/audit synos-lab-sandbox` → audit only `crates/synos-lab-sandbox/`
- `/audit workspace` → audit the full workspace
- `/audit red-team` → audit `red-team/synos-redteam/`
Default (no arguments): audit the full workspace.
Reference in New Issue View Git Blame Copy Permalink