security-suitelisted

Composable security suite for binary and prompt-surface assurance, static analysis, dynamic tracing, repo-native redteam scans, contract capture, baseline drift, and policy gating. Triggers: "binary security", "reverse engineer binary", "black-box binary test", "behavioral trace", "baseline diff", "prompt redteam", "security suite".
boshu2/agentops · ★ 369 · AI & Automation · score 80

Install: claude install-skill boshu2/agentops

# Security Suite > **Purpose:** Provide composable, repeatable security/internal-testing primitives for authorized binaries and repo-managed prompt surfaces. This skill separates concerns into primitives so security workflows stay testable and reusable. ## Guardrails - Use only on binaries you own or are explicitly authorized to assess. - Do not use this workflow to bypass legal restrictions or extract third-party proprietary content without authorization. - Prefer behavioral assurance and policy gating over ad-hoc one-off reverse-engineering. ## Primitive Model 1. `collect-static` — file metadata, runtime heuristics, linked libraries, embedded archive signatures. 2. `collect-dynamic` — sandboxed execution trace (processes, file changes, network endpoints). 3. `collect-contract` — machine-readable behavior contract from help-surface probing. 4. `compare-baseline` — current vs baseline contract drift (added/removed commands, runtime change). 5. `enforce-policy` — allowlist/denylist gates and severity-based verdict. 6. `collect-redteam` — offline repo-surface attack-pack scan for prompt-injection, tool-misuse, secret-exfiltration, and unsafe-shell regressions. 7. `run` — thin binary orchestrator that composes primitives and writes suite summary. ## Quick Start Single run (default dynamic command is `--help`): ```bash python3 skills/security-suite/scripts/security_suite.py run \ --binary "$(command -v ao)" \ --out-dir .tmp/security-suite/ao-current ``` Baseline reg