Security.
Security hardening. Threat modeling. Encryption recipes. Dependency audits. OWASP compliance. The pre-ship gate.
CWE Top 25, STRIDE, Electron Hardening.
Security is checklist work AND threat modeling work. This skill covers both: STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) for systematic threat enumeration, CWE Top 25 for known vulnerability classes, Electron-specific hardening (contextIsolation, nodeIntegration, CSP), encryption envelope patterns, and dependency audit automation.
Four recipes.
STRIDE threat modeling
For each component: enumerate Spoofing, Tampering, Repudiation, Info Disclosure, DoS, Elevation. Score each (likelihood times impact). Mitigate the top quartile.
CWE Top 25 catalog
The 25 most common vulnerability classes (CWE-79 XSS, CWE-89 SQLi, CWE-352 CSRF, etc.). Each has a recognition pattern + the standard mitigation.
Electron hardening
contextIsolation: true ALWAYS. nodeIntegration: false ALWAYS. CSP locked down. Preload bridge typed + validated. safeStorage for credentials.
Encryption envelope
PBKDF2 to Store Key, encrypt DEK, encrypt data with DEK. Rotate DEK on password change. AES-256-GCM (authenticated). The Orion pattern.
It composes.
Skills compose into workflows. Security is rarely the only skill you will use — it pairs naturally with these others in the library.
One command.
Installs only stryx-security (skip the other 19) into ~/.claude/skills/stryx-security/.
Free for all use.
Stryx Labs License v1.0. Use Security in personal, commercial, internal, and production work. No attribution required.