{"id":"d5685d69-2ce8-44f9-990d-6bc770d512a8","shortId":"SfzXZm","kind":"skill","title":"senior-secops","tagline":"Senior SecOps engineer skill for application security, vulnerability management, compliance verification, and secure development practices. Runs SAST/DAST scans, generates CVE remediation plans, checks dependency vulnerabilities, creates security policies, enforces secure coding ","description":"# Senior SecOps Engineer\n\nComplete toolkit for Security Operations including vulnerability management, compliance verification, secure coding practices, and security automation.\n\n---\n\n## Table of Contents\n\n- [Core Capabilities](#core-capabilities)\n- [Workflows](#workflows)\n- [Tool Reference](#tool-reference)\n- [Security Standards](#security-standards)\n- [Compliance Frameworks](#compliance-frameworks)\n- [Best Practices](#best-practices)\n\n---\n\n## Core Capabilities\n\n### 1. Security Scanner\n\nScan source code for security vulnerabilities including hardcoded secrets, SQL injection, XSS, command injection, and path traversal.\n\n```bash\n# Scan project for security issues\npython scripts/security_scanner.py /path/to/project\n\n# Filter by severity\npython scripts/security_scanner.py /path/to/project --severity high\n\n# JSON output for CI/CD\npython scripts/security_scanner.py /path/to/project --json --output report.json\n```\n\n**Detects:**\n- Hardcoded secrets (API keys, passwords, AWS credentials, GitHub tokens, private keys)\n- SQL injection patterns (string concatenation, f-strings, template literals)\n- XSS vulnerabilities (innerHTML assignment, unsafe DOM manipulation, React unsafe patterns)\n- Command injection (shell=True, exec, eval with user input)\n- Path traversal (file operations with user input)\n\n### 2. Vulnerability Assessor\n\nScan dependencies for known CVEs across npm, Python, and Go ecosystems.\n\n```bash\n# Assess project dependencies\npython scripts/vulnerability_assessor.py /path/to/project\n\n# Critical/high only\npython scripts/vulnerability_assessor.py /path/to/project --severity high\n\n# Export vulnerability report\npython scripts/vulnerability_assessor.py /path/to/project --json --output vulns.json\n```\n\n**Scans:**\n- `package.json` and `package-lock.json` (npm)\n- `requirements.txt` and `pyproject.toml` (Python)\n- `go.mod` (Go)\n\n**Output:**\n- CVE IDs with CVSS scores\n- Affected package versions\n- Fixed versions for remediation\n- Overall risk score (0-100)\n\n### 3. Compliance Checker\n\nVerify security compliance against SOC 2, PCI-DSS, HIPAA, and GDPR frameworks.\n\n```bash\n# Check all frameworks\npython scripts/compliance_checker.py /path/to/project\n\n# Specific framework\npython scripts/compliance_checker.py /path/to/project --framework soc2\npython scripts/compliance_checker.py /path/to/project --framework pci-dss\npython scripts/compliance_checker.py /path/to/project --framework hipaa\npython scripts/compliance_checker.py /path/to/project --framework gdpr\n\n# Export compliance report\npython scripts/compliance_checker.py /path/to/project --json --output compliance.json\n```\n\n**Verifies:**\n- Access control implementation\n- Encryption at rest and in transit\n- Audit logging\n- Authentication strength (MFA, password hashing)\n- Security documentation\n- CI/CD security controls\n\n---\n\n## Workflows\n\n### Workflow 1: Security Audit\n\nComplete security assessment of a codebase.\n\n```bash\n# Step 1: Scan for code vulnerabilities\npython scripts/security_scanner.py . --severity medium\n# STOP if exit code 2 — resolve critical findings before continuing\n```\n\n```bash\n# Step 2: Check dependency vulnerabilities\npython scripts/vulnerability_assessor.py . --severity high\n# STOP if exit code 2 — patch critical CVEs before continuing\n```\n\n```bash\n# Step 3: Verify compliance controls\npython scripts/compliance_checker.py . --framework all\n# STOP if exit code 2 — address critical gaps before proceeding\n```\n\n```bash\n# Step 4: Generate combined reports\npython scripts/security_scanner.py . --json --output security.json\npython scripts/vulnerability_assessor.py . --json --output vulns.json\npython scripts/compliance_checker.py . --json --output compliance.json\n```\n\n### Workflow 2: CI/CD Security Gate\n\nIntegrate security checks into deployment pipeline.\n\n```yaml\n# .github/workflows/security.yml\nname: \"security-scan\"\n\non:\n  pull_request:\n    branches: [main, develop]\n\njobs:\n  security-scan:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n\n      - name: \"set-up-python\"\n        uses: actions/setup-python@v5\n        with:\n          python-version: '3.11'\n\n      - name: \"security-scanner\"\n        run: python scripts/security_scanner.py . --severity high\n\n      - name: \"vulnerability-assessment\"\n        run: python scripts/vulnerability_assessor.py . --severity critical\n\n      - name: \"compliance-check\"\n        run: python scripts/compliance_checker.py . --framework soc2\n```\n\nEach step fails the pipeline on its respective exit code — no deployment proceeds past a critical finding.\n\n### Workflow 3: CVE Triage\n\nRespond to a new CVE affecting your application.\n\n```\n1. ASSESS (0-2 hours)\n   - Identify affected systems using vulnerability_assessor.py\n   - Check if CVE is being actively exploited\n   - Determine CVSS environmental score for your context\n   - STOP if CVSS 9.0+ on internet-facing system — escalate immediately\n\n2. PRIORITIZE\n   - Critical (CVSS 9.0+, internet-facing): 24 hours\n   - High (CVSS 7.0-8.9): 7 days\n   - Medium (CVSS 4.0-6.9): 30 days\n   - Low (CVSS < 4.0): 90 days\n\n3. REMEDIATE\n   - Update affected dependency to fixed version\n   - Run security_scanner.py to verify fix (must return exit code 0)\n   - STOP if scanner still flags the CVE — do not deploy\n   - Test for regressions\n   - Deploy with enhanced monitoring\n\n4. VERIFY\n   - Re-run vulnerability_assessor.py\n   - Confirm CVE no longer reported\n   - Document remediation actions\n```\n\n### Workflow 4: Incident Response\n\nSecurity incident handling procedure.\n\n```\nPHASE 1: DETECT & IDENTIFY (0-15 min)\n- Alert received and acknowledged\n- Initial severity assessment (SEV-1 to SEV-4)\n- Incident commander assigned\n- Communication channel established\n\nPHASE 2: CONTAIN (15-60 min)\n- Affected systems identified\n- Network isolation if needed\n- Credentials rotated if compromised\n- Preserve evidence (logs, memory dumps)\n\nPHASE 3: ERADICATE (1-4 hours)\n- Root cause identified\n- Malware/backdoors removed\n- Vulnerabilities patched (run security_scanner.py; must return exit code 0)\n- Systems hardened\n\nPHASE 4: RECOVER (4-24 hours)\n- Systems restored from clean backup\n- Services brought back online\n- Enhanced monitoring enabled\n- User access restored\n\nPHASE 5: POST-INCIDENT (24-72 hours)\n- Incident timeline documented\n- Root cause analysis complete\n- Lessons learned documented\n- Preventive measures implemented\n- Stakeholder report delivered\n```\n\n---\n\n## Tool Reference\n\n### security_scanner.py\n\n| Option | Description |\n|--------|-------------|\n| `target` | Directory or file to scan |\n| `--severity, -s` | Minimum severity: critical, high, medium, low |\n| `--verbose, -v` | Show files as they're scanned |\n| `--json` | Output results as JSON |\n| `--output, -o` | Write results to file |\n\n**Exit Codes:** `0` = no critical/high findings · `1` = high severity findings · `2` = critical severity findings\n\n### vulnerability_assessor.py\n\n| Option | Description |\n|--------|-------------|\n| `target` | Directory containing dependency files |\n| `--severity, -s` | Minimum severity: critical, high, medium, low |\n| `--verbose, -v` | Show files as they're scanned |\n| `--json` | Output results as JSON |\n| `--output, -o` | Write results to file |\n\n**Exit Codes:** `0` = no critical/high vulnerabilities · `1` = high severity vulnerabilities · `2` = critical severity vulnerabilities\n\n### compliance_checker.py\n\n| Option | Description |\n|--------|-------------|\n| `target` | Directory to check |\n| `--framework, -f` | Framework: soc2, pci-dss, hipaa, gdpr, all |\n| `--verbose, -v` | Show checks as they run |\n| `--json` | Output results as JSON |\n| `--output, -o` | Write results to file |\n\n**Exit Codes:** `0` = compliant (90%+ score) · `1` = non-compliant (50-69% score) · `2` = critical gaps (<50% score)\n\n---\n\n## Security Standards\n\nSee `references/security_standards.md` for OWASP Top 10 full guidance, secure coding standards, authentication requirements, and API security controls.\n\n### Secure Coding Checklist\n\n```markdown\n## Input Validation\n- [ ] Validate all input on server side\n- [ ] Use allowlists over denylists\n- [ ] Sanitize for specific context (HTML, SQL, shell)\n\n## Output Encoding\n- [ ] HTML encode for browser output\n- [ ] URL encode for URLs\n- [ ] JavaScript encode for script contexts\n\n## Authentication\n- [ ] Use bcrypt/argon2 for passwords\n- [ ] Implement MFA for sensitive operations\n- [ ] Enforce strong password policy\n\n## Session Management\n- [ ] Generate secure random session IDs\n- [ ] Set HttpOnly, Secure, SameSite flags\n- [ ] Implement session timeout (15 min idle)\n\n## Error Handling\n- [ ] Log errors with context (no secrets)\n- [ ] Return generic messages to users\n- [ ] Never expose stack traces in production\n\n## Secrets Management\n- [ ] Use environment variables or secrets manager\n- [ ] Never commit secrets to version control\n- [ ] Rotate credentials regularly\n```\n\n---\n\n## Compliance Frameworks\n\nSee `references/compliance_requirements.md` for full control mappings. Run `compliance_checker.py` to verify the controls below:\n\n### SOC 2 Type II\n- **CC6** Logical Access: authentication, authorization, MFA\n- **CC7** System Operations: monitoring, logging, incident response\n- **CC8** Change Management: CI/CD, code review, deployment controls\n\n### PCI-DSS v4.0\n- **Req 3/4**: Encryption at rest and in transit (TLS 1.2+)\n- **Req 6**: Secure development (input validation, secure coding)\n- **Req 8**: Strong authentication (MFA, password policy)\n- **Req 10/11**: Audit logging, SAST/DAST/penetration testing\n\n### HIPAA Security Rule\n- Unique user IDs and audit trails for PHI access (164.312(a)(1), 164.312(b))\n- MFA for person/entity authentication (164.312(d))\n- Transmission encryption via TLS (164.312(e)(1))\n\n### GDPR\n- **Art 25/32**: Privacy by design, encryption, pseudonymization\n- **Art 33**: Breach notification within 72 hours\n- **Art 17/20**: Right to erasure and data portability\n\n---\n\n## Best Practices\n\n### Secrets Management\n\n```python\n# BAD: Hardcoded secret\nAPI_KEY = \"sk-1234567890abcdef\"\n\n# GOOD: Environment variable\nimport os\nAPI_KEY = os.environ.get(\"API_KEY\")\n\n# BETTER: Secrets manager\nfrom your_vault_client import get_secret\nAPI_KEY = get_secret(\"api/key\")\n```\n\n### SQL Injection Prevention\n\n```python\n# BAD: String concatenation\nquery = f\"SELECT * FROM users WHERE id = {user_id}\"\n\n# GOOD: Parameterized query\ncursor.execute(\"SELECT * FROM users WHERE id = %s\", (user_id,))\n```\n\n### XSS Prevention\n\n```javascript\n// BAD: Direct innerHTML assignment is vulnerable\n// GOOD: Use textContent (auto-escaped)\nelement.textContent = userInput;\n\n// GOOD: Use sanitization library for HTML\nimport DOMPurify from 'dompurify';\nconst safeHTML = DOMPurify.sanitize(userInput);\n```\n\n### Authentication\n\n```javascript\n// Password hashing\nconst bcrypt = require('bcrypt');\nconst SALT_ROUNDS = 12;\n\n// Hash password\nconst hash = await bcrypt.hash(password, SALT_ROUNDS);\n\n// Verify password\nconst match = await bcrypt.compare(password, hash);\n```\n\n### Security Headers\n\n```javascript\n// Express.js security headers\nconst helmet = require('helmet');\napp.use(helmet());\n\n// Or manually set headers:\napp.use((req, res, next) => {\n  res.setHeader('X-Content-Type-Options', 'nosniff');\n  res.setHeader('X-Frame-Options', 'DENY');\n  res.setHeader('X-XSS-Protection', '1; mode=block');\n  res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');\n  res.setHeader('Content-Security-Policy', \"default-src 'self'\");\n  next();\n});\n```\n\n---\n\n## OWASP Top 10 Quick-Check\n\nRapid 15-minute assessment — run through each category and note pass/fail. For deep-dive testing, hand off to the **security-pen-testing** skill.\n\n| # | Category | One-Line Check |\n|---|----------|----------------|\n| A01 | Broken Access Control | Verify role checks on every endpoint; test horizontal privilege escalation |\n| A02 | Cryptographic Failures | Confirm TLS 1.2+ everywhere; no secrets in logs or source |\n| A03 | Injection | Run parameterized query audit; check ORM raw-query usage |\n| A04 | Insecure Design | Review threat model exists for critical flows |\n| A05 | Security Misconfiguration | Check default credentials removed; error pages generic |\n| A06 | Vulnerable Components | Run `vulnerability_assessor.py`; zero critical/high CVEs |\n| A07 | Auth Failures | Verify MFA on admin; brute-force protection active |\n| A08 | Software & Data Integrity | Confirm CI/CD pipeline signs artifacts; no unsigned deps |\n| A09 | Logging & Monitoring | Validate audit logs capture auth events; alerts configured |\n| A10 | SSRF | Test internal URL filters; block metadata endpoints (169.254.169.254) |\n\n> **Deep dive needed?** Hand off to `security-pen-testing` for full OWASP Testing Guide coverage.\n\n---\n\n## Secret Scanning Tools\n\nChoose the right scanner for each stage of your workflow:\n\n| Tool | Best For | Language | Pre-commit | CI/CD | Custom Rules |\n|------|----------|----------|:----------:|:-----:|:------------:|\n| **gitleaks** | CI pipelines, full-repo scans | Go | Yes | Yes | TOML regexes |\n| **detect-secrets** | Pre-commit hooks, incremental | Python | Yes | Partial | Plugin-based |\n| **truffleHog** | Deep history scans, entropy | Go | No | Yes | Regex + entropy |\n\n**Recommended setup:** Use `detect-secrets` as a pre-commit hook (catches secrets before they enter history) and `gitleaks` in CI (catches anything that slips through).\n\n```bash\n# detect-secrets pre-commit hook (.pre-commit-config.yaml)\n- repo: https://github.com/Yelp/detect-secrets\n  rev: v1.4.0\n  hooks:\n    - id: detect-secrets\n      args: ['--baseline', '.secrets.baseline']\n\n# gitleaks in GitHub Actions\n- name: gitleaks\n  uses: gitleaks/gitleaks-action@v2\n  env:\n    GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}\n```\n\n---\n\n## Supply Chain Security\n\nProtect against dependency and artifact tampering with SBOM generation, artifact signing, and SLSA compliance.\n\n**SBOM Generation:**\n- **syft** — generates SBOMs from container images or source dirs (SPDX, CycloneDX formats)\n- **cyclonedx-cli** — CycloneDX-native tooling; merge multiple SBOMs for mono-repos\n\n```bash\n# Generate SBOM from container image\nsyft packages ghcr.io/org/app:latest -o cyclonedx-json > sbom.json\n```\n\n**Artifact Signing (Sigstore/cosign):**\n```bash\n# Sign a container image (keyless via OIDC)\ncosign sign ghcr.io/org/app:latest\n# Verify signature\ncosign verify ghcr.io/org/app:latest --certificate-identity=ci@org.com --certificate-oidc-issuer=https://token.actions.githubusercontent.com\n```\n\n**SLSA Levels Overview:**\n| Level | Requirement | What It Proves |\n|-------|-------------|----------------|\n| 1 | Build process documented | Provenance exists |\n| 2 | Hosted build service, signed provenance | Tamper-resistant provenance |\n| 3 | Hardened build platform, non-falsifiable provenance | Tamper-proof build |\n| 4 | Two-party review, hermetic builds | Maximum supply-chain assurance |\n\n> **Cross-references:** `security-pen-testing` (vulnerability exploitation testing), `dependency-auditor` (license and CVE audit for dependencies).\n\n---\n\n## Reference Documentation\n\n| Document | Description |\n|----------|-------------|\n| `references/security_standards.md` | OWASP Top 10, secure coding, authentication, API security |\n| `references/vulnerability_management_guide.md` | CVE triage, CVSS scoring, remediation workflows |\n| `references/compliance_requirements.md` | SOC 2, PCI-DSS, HIPAA, GDPR full control mappings |","tags":["senior","secops","atlasclaw","providers","cloudchef","agent-skills","agentic-workflow","ai-integration","openclaw"],"capabilities":["skill","source-cloudchef","skill-senior-secops","topic-agent-skills","topic-agentic-workflow","topic-ai-integration","topic-openclaw"],"categories":["atlasclaw-providers"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/CloudChef/atlasclaw-providers/senior-secops","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add CloudChef/atlasclaw-providers","source_repo":"https://github.com/CloudChef/atlasclaw-providers","install_from":"skills.sh"}},"qualityScore":"0.455","qualityRationale":"deterministic score 0.46 from registry signals: · indexed on github topic:agent-skills · 10 github stars · SKILL.md body (15,350 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:08:23.774Z","embedding":null,"createdAt":"2026-05-09T01:05:33.804Z","updatedAt":"2026-05-18T19:08:23.774Z","lastSeenAt":"2026-05-18T19:08:23.774Z","tsv":"'-1':658 '-100':246 '-15':648 '-2':527 '-24':716 '-4':661,694 '-6.9':578 '-60':672 '-69':904 '-72':739 '-8.9':572 '/org/app:latest':1694,1715,1722 '/path/to/project':114,120,129,201,206,214,269,274,279,286,291,299 '/yelp/detect-secrets':1614 '0':245,526,603,647,709,797,846,895 '1':86,327,338,524,644,693,801,850,899,1126,1141,1329,1740 '1.2':1090,1407 '10':918,1354,1806 '10/11':1107 '12':1273 '1234567890abcdef':1177 '15':671,998,1359 '164.312':1124,1127,1133,1139 '169.254.169.254':1499 '17/20':1158 '2':181,255,351,359,371,391,419,559,669,805,854,906,1053,1746,1821 '24':567,738 '25/32':1144 '3':247,379,513,586,691,1756 '3.11':467 '3/4':1082 '30':579 '31536000':1340 '33':1151 '4':399,621,636,713,715,1768 '4.0':577,583 '5':734 '50':903,909 '6':1092 '7':573 '7.0':571 '72':1155 '8':1100 '9.0':551,563 '90':584,897 'a01':1388 'a02':1402 'a03':1415 'a04':1427 'a05':1437 'a06':1447 'a07':1455 'a08':1467 'a09':1479 'a10':1490 'access':304,731,1058,1123,1390 'acknowledg':653 'across':189 'action':634,1628 'actions/checkout':453 'actions/setup-python':461 'activ':539,1466 'address':392 'admin':1461 'affect':235,521,530,589,674 'age':1339 'alert':650,1488 'allowlist':943 'analysi':746 'anyth':1598 'api':136,927,1173,1183,1186,1198,1810 'api/key':1202 'app.use':1301,1307 'applic':9,523 'arg':1622 'art':1143,1150,1157 'artifact':1475,1646,1651,1700 'assess':196,332,480,525,656,1361 'assessor':183 'assign':158,664,1237 'assur':1779 'audit':313,329,1108,1119,1420,1483,1796 'auditor':1792 'auth':1456,1486 'authent':315,924,969,1059,1102,1132,1262,1809 'author':1060 'auto':1244 'auto-escap':1243 'autom':53 'aw':139 'await':1278,1287 'b':1128 'back':725 'backup':722 'bad':1170,1207,1234 'base':1564 'baselin':1623 'bash':106,195,263,336,357,377,397,1602,1684,1703 'bcrypt':1267,1269 'bcrypt.compare':1288 'bcrypt.hash':1279 'bcrypt/argon2':971 'best':79,82,1165,1530 'best-practic':81 'better':1188 'block':1331,1496 'branch':438 'breach':1152 'broken':1389 'brought':724 'browser':958 'brute':1463 'brute-forc':1462 'build':1741,1748,1758,1767,1774 'capabl':58,61,85 'captur':1485 'catch':1587,1597 'categori':1365,1383 'caus':697,745 'cc6':1056 'cc7':1062 'cc8':1069 'certif':1724,1728 'certificate-ident':1723 'certificate-oidc-issu':1727 'chain':1640,1778 'chang':1070 'channel':666 'check':26,264,360,425,489,534,864,878,1357,1387,1394,1421,1440 'checker':249 'checklist':932 'choos':1519 'ci':1540,1596 'ci/cd':126,322,420,1072,1472,1536 'ci@org.com':1726 'clean':721 'cli':1672 'client':1194 'code':34,49,91,341,350,370,390,504,602,708,796,845,894,922,931,1073,1098,1808 'codebas':335 'combin':401 'command':101,165,663 'commit':1029,1535,1556,1585,1608 'communic':665 'complet':38,330,747 'complianc':13,46,74,77,248,252,295,381,488,1037,1655 'compliance-check':487 'compliance-framework':76 'compliance.json':302,417 'compliance_checker.py':858,1046 'compliant':896,902 'compon':1449 'compromis':684 'concaten':149,1209 'configur':1489 'confirm':627,1405,1471 'const':1258,1266,1270,1276,1285,1297 'contain':670,814,1662,1688,1706 'content':56,1314,1344 'content-security-polici':1343 'context':547,949,968,1006 'continu':356,376 'control':305,324,382,929,1033,1043,1050,1076,1391,1828 'core':57,60,84 'core-cap':59 'cosign':1711,1718 'coverag':1515 'creat':29 'credenti':140,681,1035,1442 'critic':353,373,393,485,510,561,772,806,821,855,907,1435 'critical/high':202,799,848,1453 'cross':1781 'cross-refer':1780 'cryptograph':1403 'cursor.execute':1222 'custom':1537 'cve':23,230,514,520,536,610,628,1795,1813 'cves':188,374,1454 'cvss':233,542,550,562,570,576,582,1815 'cyclonedx':1668,1671,1674,1697 'cyclonedx-c':1670 'cyclonedx-json':1696 'cyclonedx-n':1673 'd':1134 'data':1163,1469 'day':574,580,585 'deep':1371,1500,1566 'deep-div':1370 'default':1348,1441 'default-src':1347 'deliv':756 'deni':1323 'denylist':945 'dep':1478 'depend':27,185,198,361,590,815,1644,1791,1798 'dependency-auditor':1790 'deploy':427,506,613,617,1075 'descript':761,811,860,1802 'design':1147,1429 'detect':133,645,1552,1579,1604,1620 'detect-secret':1551,1578,1603,1619 'determin':541 'develop':17,440,1094 'dir':1666 'direct':1235 'directori':763,813,862 'dive':1372,1501 'document':321,632,743,750,1743,1800,1801 'dom':160 'dompurifi':1255,1257 'dompurify.sanitize':1260 'dss':258,283,871,1079,1824 'dump':689 'e':1140 'ecosystem':194 'element.textcontent':1246 'enabl':729 'encod':954,956,961,965 'encrypt':307,1083,1136,1148 'endpoint':1397,1498 'enforc':32,979 'engin':6,37 'enhanc':619,727 'enter':1591 'entropi':1569,1574 'env':1634 'environ':1023,1179 'environment':543 'erad':692 'erasur':1161 'error':1001,1004,1444 'escal':557,1401 'escap':1245 'establish':667 'eval':170 'event':1487 'everi':1396 'everywher':1408 'evid':686 'exec':169 'exist':1433,1745 'exit':349,369,389,503,601,707,795,844,893 'exploit':540,1788 'export':209,294 'expos':1015 'express.js':1294 'f':151,866,1211 'f-string':150 'face':555,566 'fail':497 'failur':1404,1457 'falsifi':1762 'file':176,765,779,794,816,828,843,892 'filter':115,1495 'find':354,511,800,804,808 'fix':238,592,598 'flag':608,994 'flow':1436 'forc':1464 'format':1669 'frame':1321 'framework':75,78,262,266,271,275,280,287,292,385,493,865,867,1038 'full':919,1042,1511,1543,1827 'full-repo':1542 'gap':394,908 'gate':422 'gdpr':261,293,873,1142,1826 'generat':22,400,985,1650,1657,1659,1685 'generic':1010,1446 'get':1196,1200 'ghcr.io':1693,1714,1721 'ghcr.io/org/app:latest':1692,1713,1720 'github':141,1627 'github.com':1613 'github.com/yelp/detect-secrets':1612 'github/workflows/security.yml':430 'gitleak':1539,1594,1625,1630,1635 'gitleaks/gitleaks-action':1632 'go':193,228,1546,1570 'go.mod':227 'good':1178,1219,1240,1248 'guid':1514 'guidanc':920 'hand':1374,1503 'handl':641,1002 'hardcod':96,134,1171 'harden':711,1757 'hash':319,1265,1274,1277,1290 'header':1292,1296,1306 'helmet':1298,1300,1302 'hermet':1773 'high':122,208,366,476,569,773,802,822,851 'hipaa':259,288,872,1112,1825 'histori':1567,1592 'hook':1557,1586,1609,1617 'horizont':1399 'host':1747 'hour':528,568,695,717,740,1156 'html':950,955,1253 'httpon':991 'id':231,989,1117,1216,1218,1227,1230,1618 'ident':1725 'identifi':529,646,676,698 'idl':1000 'ii':1055 'imag':1663,1689,1707 'immedi':558 'implement':306,753,974,995 'import':1181,1195,1254 'incid':637,640,662,737,741,1067 'includ':43,95 'includesubdomain':1341 'increment':1558 'initi':654 'inject':99,102,146,166,1204,1416 'innerhtml':157,1236 'input':173,180,934,938,1095 'insecur':1428 'integr':423,1470 'intern':1493 'internet':554,565 'internet-fac':553,564 'isol':678 'issu':111 'issuer':1730 'javascript':964,1233,1263,1293 'job':441 'json':123,130,215,300,405,410,415,784,788,833,837,882,886,1698 'key':137,144,1174,1184,1187,1199 'keyless':1708 'known':187 'languag':1532 'latest':450 'learn':749 'lesson':748 'level':1733,1735 'librari':1251 'licens':1636,1638,1793 'line':1386 'liter':154 'log':314,687,1003,1066,1109,1412,1480,1484 'logic':1057 'longer':630 'low':581,775,824 'main':439 'malware/backdoors':699 'manag':12,45,984,1021,1027,1071,1168,1190 'manipul':161 'manual':1304 'map':1044,1829 'markdown':933 'match':1286 'max':1338 'max-ag':1337 'maximum':1775 'measur':752 'medium':346,575,774,823 'memori':688 'merg':1677 'messag':1011 'metadata':1497 'mfa':317,975,1061,1103,1129,1459 'min':649,673,999 'minimum':770,819 'minut':1360 'misconfigur':1439 'mode':1330 'model':1432 'monitor':620,728,1065,1481 'mono':1682 'mono-repo':1681 'multipl':1678 'must':599,705 'name':431,455,468,477,486,1629 'nativ':1675 'need':680,1502 'network':677 'never':1014,1028 'new':519 'next':1310,1351 'non':901,1761 'non-compli':900 'non-falsifi':1760 'nosniff':1317 'note':1367 'notif':1153 'npm':190,222 'o':790,839,888,1695 'oidc':1710,1729 'one':1385 'one-lin':1384 'onlin':726 'oper':42,177,978,1064 'option':760,810,859,1316,1322 'orm':1422 'os':1182 'os.environ.get':1185 'output':124,131,216,229,301,406,411,416,785,789,834,838,883,887,953,959 'overal':242 'overview':1734 'owasp':916,1352,1512,1804 'packag':236,1691 'package-lock.json':221 'package.json':219 'page':1445 'parameter':1220,1418 'parti':1771 'partial':1561 'pass/fail':1368 'password':138,318,973,981,1104,1264,1275,1280,1284,1289 'past':508 'patch':372,702 'path':104,174 'pattern':147,164 'pci':257,282,870,1078,1823 'pci-dss':256,281,869,1077,1822 'pen':1380,1508,1785 'person/entity':1131 'phase':643,668,690,712,733 'phi':1122 'pipelin':428,499,1473,1541 'plan':25 'platform':1759 'plugin':1563 'plugin-bas':1562 'polici':31,982,1105,1346 'portabl':1164 'post':736 'post-incid':735 'practic':18,50,80,83,1166 'pre':1534,1555,1584,1607 'pre-commit':1533,1554,1583,1606 'pre-commit-config.yaml':1610 'preserv':685 'prevent':751,1205,1232 'priorit':560 'privaci':1145 'privat':143 'privileg':1400 'procedur':642 'proceed':396,507 'process':1742 'product':1019 'project':108,197 'proof':1766 'protect':1328,1465,1642 'prove':1739 'proven':1744,1751,1755,1763 'pseudonym':1149 'pull':436 'pyproject.toml':225 'python':112,118,127,191,199,204,212,226,267,272,277,284,289,297,343,363,383,403,408,413,459,465,473,482,491,1169,1206,1559 'python-vers':464 'queri':1210,1221,1419,1425 'quick':1356 'quick-check':1355 'random':987 'rapid':1358 'raw':1424 'raw-queri':1423 're':624,782,831 're-run':623 'react':162 'receiv':651 'recommend':1575 'recov':714 'refer':65,68,758,1782,1799 'references/compliance_requirements.md':1040,1819 'references/security_standards.md':914,1803 'references/vulnerability_management_guide.md':1812 'regex':1550,1573 'regress':616 'regular':1036 'remedi':24,241,587,633,1817 'remov':700,1443 'repo':1544,1611,1683 'report':211,296,402,631,755 'report.json':132 'req':1081,1091,1099,1106,1308 'request':437 'requir':925,1268,1299,1736 'requirements.txt':223 'res':1309 'res.setheader':1311,1318,1324,1332,1342 'resist':1754 'resolv':352 'respect':502 'respond':516 'respons':638,1068 'rest':309,1085 'restor':719,732 'result':786,792,835,841,884,890 'return':600,706,1009 'rev':1615 'review':1074,1430,1772 'right':1159,1521 'risk':243 'role':1393 'root':696,744 'rotat':682,1034 'round':1272,1282 'rule':1114,1538 'run':19,446,472,481,490,594,625,703,881,1045,1362,1417,1450 'runs-on':445 'safehtml':1259 'salt':1271,1281 'samesit':993 'sanit':946,1250 'sast/dast':20 'sast/dast/penetration':1110 'sbom':1649,1656,1660,1679,1686 'sbom.json':1699 'scan':21,89,107,184,218,339,434,444,767,783,832,1517,1545,1568 'scanner':88,471,606,1522 'score':234,244,544,898,905,910,1816 'script':967 'scripts/compliance_checker.py':268,273,278,285,290,298,384,414,492 'scripts/security_scanner.py':113,119,128,344,404,474 'scripts/vulnerability_assessor.py':200,205,213,364,409,483 'secop':3,5,36 'secret':97,135,1008,1020,1026,1030,1167,1172,1189,1197,1201,1410,1516,1553,1580,1588,1605,1621 'secrets.baseline':1624 'secrets.gitleaks':1637 'secur':10,16,30,33,41,48,52,69,72,87,93,110,251,320,323,328,331,421,424,433,443,470,639,911,921,928,930,986,992,1093,1097,1113,1291,1295,1336,1345,1379,1438,1507,1641,1784,1807,1811 'security-pen-test':1378,1506,1783 'security-scan':432,442 'security-scann':469 'security-standard':71 'security.json':407 'security_scanner.py':595,704,759 'see':913,1039 'select':1212,1223 'self':1350 'senior':2,4,35 'senior-secop':1 'sensit':977 'server':940 'servic':723,1749 'session':983,988,996 'set':457,990,1305 'set-up-python':456 'setup':1576 'sev':657,660 'sever':117,121,207,345,365,475,484,655,768,771,803,807,817,820,852,856 'shell':167,952 'show':778,827,877 'side':941 'sign':1474,1652,1701,1704,1712,1750 'signatur':1717 'sigstore/cosign':1702 'sk':1176 'sk-1234567890abcdef':1175 'skill':7,1382 'skill-senior-secops' 'slip':1600 'slsa':1654,1732 'soc':254,1052,1820 'soc2':276,494,868 'softwar':1468 'sourc':90,1414,1665 'source-cloudchef' 'spdx':1667 'specif':270,948 'sql':98,145,951,1203 'src':1349 'ssrf':1491 'stack':1016 'stage':1525 'stakehold':754 'standard':70,73,912,923 'step':337,358,378,398,451,496 'still':607 'stop':347,367,387,548,604 'strength':316 'strict':1334 'strict-transport-secur':1333 'string':148,152,1208 'strong':980,1101 'suppli':1639,1777 'supply-chain':1776 'syft':1658,1690 'system':531,556,675,710,718,1063 'tabl':54 'tamper':1647,1753,1765 'tamper-proof':1764 'tamper-resist':1752 'target':762,812,861 'templat':153 'test':614,1111,1373,1381,1398,1492,1509,1513,1786,1789 'textcont':1242 'threat':1431 'timelin':742 'timeout':997 'tls':1089,1138,1406 'token':142 'token.actions.githubusercontent.com':1731 'toml':1549 'tool':64,67,757,1518,1529,1676 'tool-refer':66 'toolkit':39 'top':917,1353,1805 'topic-agent-skills' 'topic-agentic-workflow' 'topic-ai-integration' 'topic-openclaw' 'trace':1017 'trail':1120 'transit':312,1088 'transmiss':1135 'transport':1335 'travers':105,175 'triag':515,1814 'true':168 'trufflehog':1565 'two':1770 'two-parti':1769 'type':1054,1315 'ubuntu':449 'ubuntu-latest':448 'uniqu':1115 'unsaf':159,163 'unsign':1477 'updat':588 'url':960,963,1494 'usag':1426 'use':452,460,532,942,970,1022,1241,1249,1577,1631 'user':172,179,730,1013,1116,1214,1217,1225,1229 'userinput':1247,1261 'v':777,826,876 'v1.4.0':1616 'v2':1633 'v4':454 'v4.0':1080 'v5':462 'valid':935,936,1096,1482 'variabl':1024,1180 'vault':1193 'verbos':776,825,875 'verif':14,47 'verifi':250,303,380,597,622,1048,1283,1392,1458,1716,1719 'version':237,239,466,593,1032 'via':1137,1709 'vulner':11,28,44,94,156,182,210,342,362,479,701,849,853,857,1239,1448,1787 'vulnerability-assess':478 'vulnerability_assessor.py':533,626,809,1451 'vulns.json':217,412 'within':1154 'workflow':62,63,325,326,418,512,635,1528,1818 'write':791,840,889 'x':1313,1320,1326 'x-content-type-opt':1312 'x-frame-opt':1319 'x-xss-protect':1325 'xss':100,155,1231,1327 'yaml':429 'yes':1547,1548,1560,1572 'zero':1452","prices":[{"id":"f5bc5188-5e60-4dc2-a7f6-d6bd19c3d67a","listingId":"d5685d69-2ce8-44f9-990d-6bc770d512a8","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"CloudChef","category":"atlasclaw-providers","install_from":"skills.sh"},"createdAt":"2026-05-09T01:05:33.804Z"}],"sources":[{"listingId":"d5685d69-2ce8-44f9-990d-6bc770d512a8","source":"github","sourceId":"CloudChef/atlasclaw-providers/senior-secops","sourceUrl":"https://github.com/CloudChef/atlasclaw-providers/tree/main/skills/senior-secops","isPrimary":false,"firstSeenAt":"2026-05-09T01:05:33.804Z","lastSeenAt":"2026-05-18T19:08:23.774Z"}],"details":{"listingId":"d5685d69-2ce8-44f9-990d-6bc770d512a8","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"CloudChef","slug":"senior-secops","github":{"repo":"CloudChef/atlasclaw-providers","stars":10,"topics":["agent-skills","agentic-workflow","ai-integration","openclaw"],"license":"apache-2.0","html_url":"https://github.com/CloudChef/atlasclaw-providers","pushed_at":"2026-05-18T03:15:37Z","description":"atlasclaw-providers are the integration with enterprise systems through skills and webhook.","skill_md_sha":"75819387021ce7047a335b22cce82027eb559805","skill_md_path":"skills/senior-secops/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/CloudChef/atlasclaw-providers/tree/main/skills/senior-secops"},"layout":"multi","source":"github","category":"atlasclaw-providers","frontmatter":{"name":"senior-secops","description":"Senior SecOps engineer skill for application security, vulnerability management, compliance verification, and secure development practices. Runs SAST/DAST scans, generates CVE remediation plans, checks dependency vulnerabilities, creates security policies, enforces secure coding patterns, and automates compliance checks against SOC2, PCI-DSS, HIPAA, and GDPR. Use when conducting a security review or audit, responding to a CVE or security incident, hardening infrastructure, implementing authentication or secrets management, running penetration test prep, checking OWASP Top 10 exposure, or enforcing security controls in CI/CD pipelines."},"skills_sh_url":"https://skills.sh/CloudChef/atlasclaw-providers/senior-secops"},"updatedAt":"2026-05-18T19:08:23.774Z"}}