Agent Skills

Security skills that turn your AI coding agent into a security engineer. Install once, and your agent automatically scans code, audits dependencies, detects secrets, and applies security best practices as you work.

What Are Agent Skills

Agent Skills are instruction files that teach your AI coding agent how to detect and prevent security vulnerabilities automatically. They install directly into your project and work with Claude Code, Cursor, Windsurf, GitHub Copilot, Cline, Aider, and Codex.

Once installed, your AI assistant will:

  • Scan every code change for OWASP Top 10 vulnerabilities
  • Detect hardcoded secrets and API keys before they reach git
  • Audit dependencies for known CVEs before installation
  • Review architecture for threat modeling issues
  • Audit your AI environment for prompt injection risks

No manual intervention — security happens automatically as you code.

Open Source

The AI Security Toolkit is fully open source under the MIT license. View the source, contribute, or report issues on GitHub.

Quick Start

Install all 9 security skills into your project with a single command.

Bash
cd your-project
npx @bytehide/ai-security-toolkit

This copies all security skills, configuration files, and pre-commit hooks to your project. Works with every supported AI tool automatically.

Option 2: Shell script

Bash
curl -fsSL https://raw.githubusercontent.com/bytehide/ai-security-toolkit/main/scripts/install.sh | bash

Option 3: Manual

Bash
git clone https://github.com/bytehide/ai-security-toolkit.git
cp -r ai-security-toolkit/.claude your-project/       # Claude Code skills
cp ai-security-toolkit/CLAUDE.md your-project/         # Auto-orchestrator
cp ai-security-toolkit/.cursorrules your-project/      # Cursor
cp ai-security-toolkit/.windsurfrules your-project/    # Windsurf
cp ai-security-toolkit/AGENTS.md your-project/         # Any other AI tool

Enhanced Scanning with ByteHide MCP

Three of the nine skills (secure-code, secure-deps, secure-env) can use ByteHide MCP for real-time scanning with a SAST engine, live CVE databases, and AI environment auditing. Connect MCP optionally for deeper analysis — see Relationship with MCP below. ByteHide is free to use.

Available Skills

The toolkit includes 9 production-ready security skills covering the full OWASP Top 10 and beyond:

SkillWhat It DoesOWASP CoverageByteHide MCP
secure-codeScans code changes for vulnerabilities and secretsA01, A02, A03, A05, A08scan_code
secure-depsAudits dependencies for CVEs before installA06scan_dependencies, check_dependency
secure-envAudits AI configs for prompt injection and credential leaksUniqueaudit_ai_environment
secure-architectureSTRIDE threat modeling for new componentsA01, A04, A07, A08
secure-webXSS, CSRF, CSP, CORS, security headersA03, A05
secure-apiREST/GraphQL auth, rate limiting, input validationA01, A02, A04, A07
secure-cryptoCryptography validation, key management, TLSA02
secure-dataPII handling, GDPR/CCPA, encryption, audit loggingA02, A04
secure-deployContainers, IAM, secrets management, CI/CDA05, A06

OWASP Key: A01=Broken Access Control, A02=Cryptographic Failures, A03=Injection, A04=Insecure Design, A05=Security Misconfiguration, A06=Vulnerable Components, A07=Auth Failures, A08=Data Integrity Failures.

Skill Details

secure-code

Scans every code change for security vulnerabilities and hardcoded secrets in real time. Detects injection flaws (SQL, XSS, command injection), broken authentication patterns, sensitive data exposure, insecure deserialization, SSRF, and path traversal.

When it activates: Automatically after writing or modifying code files.

Example prompt: "Scan src/auth/login.ts for security issues"

MCP enhancement: When ByteHide MCP is connected, uses the scan_code tool for a full SAST analysis with CWE references, severity scoring, and fix recommendations. Findings sync to the Radar dashboard.

secure-deps

Audits project dependencies for known CVEs before installation and periodically during development. Checks individual packages and entire manifest files against live vulnerability databases.

When it activates: Before installing new packages or when reviewing dependency files.

Example prompt: "Is express@4.17.1 safe to install?" or "Audit my package.json for vulnerable dependencies"

MCP enhancement: When ByteHide MCP is connected, uses check_dependency and scan_dependencies for real-time CVE lookups with severity, affected versions, and upgrade recommendations.

secure-env

Audits your AI development environment for prompt injection attacks, risky MCP server configurations, credential exposure, and overpermissioning. This is unique to the AI Security Toolkit — no other security tool does this.

When it activates: When working with AI configuration files or cloning third-party repositories.

Example prompt: "Audit my AI environment for security risks"

What it scans: .claude.md, .cursorrules, .mcp.json, .env, .vscode/settings.json, AGENTS.md, and other AI config files.

MCP enhancement: When ByteHide MCP is connected, uses audit_ai_environment for structured analysis with a security score (0–100), attack chain detection, and per-file findings. All analysis runs 100% locally — no config files are sent to ByteHide servers.

secure-architecture

Performs STRIDE threat modeling on new endpoints, services, and data flows. Identifies spoofing, tampering, repudiation, information disclosure, denial of service, and privilege escalation risks.

When it activates: When creating new APIs, authentication flows, or components that handle sensitive data.

Example prompt: "Do a threat model on the new payment endpoint"

secure-web

Hardens web applications against XSS, CSRF, and clickjacking. Configures Content Security Policy (CSP), CORS, HSTS, cookie security flags, and all critical HTTP security headers.

When it activates: When building frontends, configuring web servers, or implementing browser-based authentication.

Example prompt: "Review the security headers for this Express app"

secure-api

Hardens REST and GraphQL APIs with proper authentication, authorization, rate limiting, input validation, and response filtering. Detects BOLA/IDOR, mass assignment, and over-fetching vulnerabilities.

When it activates: When building API endpoints, authentication flows, or middleware.

Example prompt: "Review this API endpoint for security issues"

secure-crypto

Validates cryptographic implementations, checking for weak algorithms, improper key management, and NIST compliance. Covers encryption, hashing, digital signatures, TLS configuration, and random number generation.

When it activates: When implementing encryption, hashing, signatures, or TLS configuration.

Example prompt: "Is this encryption implementation secure?"

secure-data

Ensures proper handling of personally identifiable information (PII), GDPR/CCPA compliance, data classification, encryption at rest, and audit logging.

When it activates: When storing user data, building user profiles, or processing personal information.

Example prompt: "Check if this user data handling is GDPR compliant"

secure-deploy

Hardens deployment configurations including Docker containers, Kubernetes manifests, cloud IAM policies, secrets management, and CI/CD pipelines.

When it activates: When writing Dockerfiles, configuring cloud services, managing secrets, or setting up build pipelines.

Example prompt: "Review this Dockerfile for security best practices"

Supported AI Tools

The toolkit provides native configuration files for every major AI coding assistant:

ToolConfig FileAuto-loaded
Claude Code.claude/skills/ + CLAUDE.mdYes
Cursor.cursorrulesYes
Windsurf.windsurfrulesYes
GitHub Copilot.github/copilot-instructions.mdYes
Cline.clinerulesYes
AiderCONVENTIONS.mdVia --read flag
Codex / OtherAGENTS.mdVaries

For Claude Code, skills are installed as structured Markdown files under .claude/skills/ with a root CLAUDE.md orchestrator that auto-loads security behavior. For other tools, the same security rules are compiled into each tool's native configuration format.

Relationship with MCP

The Agent Skills and ByteHide MCP are complementary — skills define what to do, and MCP provides the engine to do it.

Without MCP

All 9 skills work standalone. Your AI agent follows secure coding patterns, warns about vulnerabilities, and applies security best practices based on the rules defined in each skill. This is rule-based guidance — effective for architecture reviews, web hardening, crypto validation, and more.

With MCP (free)

Three skills gain access to real scanning engines:

SkillMCP ToolWhat It Adds
secure-codescan_codeFull SAST analysis with CWE mapping and severity scoring
secure-depsscan_dependencies, check_dependencyLive CVE database lookups with upgrade recommendations
secure-envaudit_ai_environmentStructured security scoring and attack chain detection

When MCP is connected, findings from these skills are automatically synced to your Radar dashboard where you can track them, filter by severity, and generate AI-powered autofixes.

To connect MCP, see the Setup & Connection guide.

Pre-commit Hooks

The toolkit includes pre-commit hooks for automatic secret detection on every commit:

Bash
# Install pre-commit (if you don't have it)
pip install pre-commit

# Activate hooks in your project
pre-commit install

Included hooks: Gitleaks (secret scanner), detect-secrets, private key detection, Dockerfile linting with Hadolint, and .env file protection.

Next Steps

MCP Overview

Learn how ByteHide MCP adds real-time scanning to your AI coding agent.

MCP Setup

Connect ByteHide MCP to Claude, Cursor, VS Code, and other clients.

GitHub Repository

View source, contribute, or report issues on GitHub.

Radar MCP Tools

Detailed reference for scan_code, check_dependency, and scan_dependencies.

Previous
ByteHide AI
Next
Overview