Q
Quick Security Operator
Boost productivity using this harden, application, security, configuration. Includes structured workflows, validation checks, and reusable patterns for security.
CommandClipticssecurityv1.0.0MIT
0 views0 copies
Quick Security Operator
Execute targeted security operations including vulnerability patching, security configuration hardening, incident response procedures, and compliance verification in a single command.
When to Use This Command
Run this command when...
- You need to quickly patch a known vulnerability or apply a security fix across your project
- You want to harden security configurations for your web server, database, or application framework
- You are responding to a security incident and need structured incident response procedures
- You need to verify compliance with security standards like SOC 2, HIPAA, or PCI-DSS
- You want to apply security best practices to deployment configurations, environment variables, and access controls
Quick Start
# .claude/commands/quick-security-operator.yaml name: Quick Security Operator description: Execute targeted security operations and hardening inputs: - name: operation description: "patch, harden, respond, or verify" - name: target description: "What to operate on" default: ""
# Harden application security configuration claude "quick-security-operator harden --target express" # Patch known vulnerabilities claude "quick-security-operator patch --target critical" # Run incident response procedure claude "quick-security-operator respond --target unauthorized-access"
Output:
[detect] Framework: Express.js 4.18
[harden] Applying security hardening...
Added helmet middleware (security headers)
Configured CORS with explicit origins
Enabled rate limiting (100 req/15min)
Set secure cookie attributes
Disabled X-Powered-By header
[verify] 5/5 hardening rules applied
Done. Express security hardened. Review changes before committing.
Core Concepts
| Concept | Description |
|---|---|
| Security Operations | Four modes: patch (fix vulnerabilities), harden (improve config), respond (incident handling), verify (compliance) |
| Framework Detection | Auto-detects the application framework to apply appropriate security configurations |
| Hardening Rules | Pre-defined security rules for common frameworks: Express, Django, Spring Boot, Rails |
| Incident Response | Structured procedures for containment, investigation, remediation, and post-incident review |
| Compliance Verification | Checks configurations against SOC 2, HIPAA, PCI-DSS, and GDPR requirements |
Security Operations:
βββββββββββ βββββββββββ βββββββββββ βββββββββββ
β Patch β β Harden β β Respond β β Verify β
β β β β β β β β
β Fix CVE β β Config β βIncident β βCompliantβ
β Update β β Headers β β Contain β β SOC 2 β
β Deps β β CORS β β Review β β HIPAA β
βββββββββββ βββββββββββ βββββββββββ βββββββββββ
β β β β
βββββββββββββββ΄βββββββββββββ΄ββββββββββββββ
β
ββββββββΌβββββββ
β Report β
βββββββββββββββ
Configuration
| Parameter | Type | Default | Description |
|---|---|---|---|
operation | string | required | Mode: patch, harden, respond, or verify |
target | string | auto-detected | Framework, severity level, incident type, or compliance standard |
dry_run | boolean | false | Show what would be changed without applying modifications |
scope | string | "application" | Scope: application, infrastructure, database, or all |
report | string | "" | Output path for the operations report |
Best Practices
- Use dry run before applying changes -- Security hardening modifies configuration files. Preview changes with
--dry-runto verify they match your application's requirements. - Harden at project setup -- Apply hardening rules when creating a new project rather than retrofitting later. Early hardening prevents security debt accumulation.
- Document incident responses -- When using the respond operation, save the generated report. Post-incident documentation is required for most compliance frameworks.
- Verify after every infrastructure change -- Run compliance verification after modifying deployment configs, adding services, or changing cloud permissions.
- Patch critical vulnerabilities within 24 hours -- Use the patch operation to apply fixes for critical CVEs immediately. High-severity patches should follow within one week.
Common Issues
- Framework not recognized -- The auto-detection relies on package manifests and file patterns. Specify the framework explicitly with
--target <framework>if detection fails. - Hardening breaks existing functionality -- Strict security headers or CORS policies may break legitimate features. Test thoroughly after hardening and adjust rules as needed.
- Incident response requires context -- The respond operation generates procedures based on incident type. Provide as much detail as possible about the incident for accurate guidance.
Community
Reviews
No reviews yet. Be the first to review this template!
Similar Templates
$
Git Commit Message Generator
Generates well-structured conventional commit messages by analyzing staged changes. Follows Conventional Commits spec with scope detection.
Command
60
View β$
React Component Scaffolder
Scaffolds a complete React component with TypeScript types, Tailwind styles, Storybook stories, and unit tests. Follows project conventions automatically.
Command
00
View β$
CI/CD Pipeline Generator
Generates GitHub Actions workflows for CI/CD including linting, testing, building, and deploying. Detects project stack automatically.
Command
00
View β