Skip to content

PrismorSec/security-playbook

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
behavioral-security
behavioral-security
 
 
code-security
code-security
 
 
llm-security
llm-security
 
 
static-analysis
static-analysis
 
 
README.md
README.md
 
 
security.md
security.md
 
 

Repository files navigation

security-playbook

A security skill pack for AI coding agents. Drop it into any project to give your agent secure coding instincts — behavioral guardrails, OWASP-aligned rules for code and LLM apps, infrastructure hardening, and static analysis guidance.

Built by Prismor. For live threat intelligence and runtime enforcement, see prismor.

Quick start

Add this to your project's CLAUDE.md:

At the start of every session, read `https://raw.githubusercontent.com/PrismorSec/security-playbook/main/security.md` and follow its instructions.

That's it. Your agent will load behavioral guardrails, OWASP secure coding rules, and LLM security guidance automatically.

For Cursor/Windsurf, add the same line to .cursorrules or .windsurfrules.

What's inside

Skill What it does
behavioral-security/ Guardrails the agent enforces on itself — blocks destructive commands, protects secrets, resists prompt injection
code-security/ OWASP Top 10 secure coding rules across Python, JS, Go, Java, C/C++, plus Docker, K8s, Terraform
llm-security/ OWASP Top 10 for LLM Applications 2025 — prompt injection, excessive agency, data poisoning, RAG security
static-analysis/ How to run scans, write custom Semgrep rules, and enforce patterns in CI
semgrep/ Ready-to-use Semgrep rule configurations

The single entry point is security.md — point your agent there and it will load what it needs.

Integration

Claude / Claude Code

Add to your project's CLAUDE.md:

At the start of every session, read the raw `security.md` from the security-playbook repo and follow its instructions:
https://raw.githubusercontent.com/PrismorSec/security-playbook/main/security.md

Or if you've cloned the repo locally:

At the start of every session, read `<path-to-security-playbook>/security.md` and follow its instructions.

Cursor / Windsurf

Add to .cursorrules or .windsurfrules:

Before writing or reviewing code, read the security playbook:
https://raw.githubusercontent.com/PrismorSec/security-playbook/main/security.md

AGENTS.md (for multi-agent systems)

## Security

All agents must read and follow the Security Playbook before writing or reviewing code:
https://raw.githubusercontent.com/PrismorSec/security-playbook/main/security.md

Key skills:
- [Behavioral Guardrails](https://raw.githubusercontent.com/PrismorSec/security-playbook/main/behavioral-security/SKILL.md)
- [Code Security](https://raw.githubusercontent.com/PrismorSec/security-playbook/main/code-security/SKILL.md)
- [LLM Security](https://raw.githubusercontent.com/PrismorSec/security-playbook/main/llm-security/SKILL.md)
- [Static Analysis](https://raw.githubusercontent.com/PrismorSec/security-playbook/main/static-analysis/SKILL.md)

OpenClaw / MCP skill servers

Each skill directory includes a skill.json compatible with the OpenClaw skill format. Point your skill server at this repo root.

Skill details

Behavioral Security

Guardrails the agent enforces on itself during any session:

  • Deny-list: Blocks rm -rf /, fork bombs, blind curl | bash, privilege escalation
  • Secret protection: Never reads or transmits ~/.ssh/*, ~/.aws/credentials, .env files, etc.
  • Human-in-the-loop: Requires confirmation before global installs, DB drops, cloud deployments, or mass file overwrites
  • Anti-prompt injection: Treats "Ignore previous instructions" and similar patterns as attacks, not instructions

Code Security

OWASP Top 10 rules with vulnerable/secure code examples across languages:

Critical: SQL Injection, Command Injection, XSS, Path Traversal, Hardcoded Secrets, XXE, Insecure Deserialization, Code Injection, Memory Safety

High: Insecure Crypto, SSRF, Insecure Transport, JWT Issues, CSRF, Prototype Pollution, Unsafe Functions

Infrastructure: AWS/Azure/GCP Terraform, Kubernetes manifests, Dockerfiles, GitHub Actions workflows

LLM Security

OWASP Top 10 for LLM Applications 2025:

# Vulnerability Severity
LLM01 Prompt Injection CRITICAL
LLM02 Sensitive Information Disclosure CRITICAL
LLM03 Supply Chain CRITICAL
LLM04 Data and Model Poisoning CRITICAL
LLM05 Improper Output Handling CRITICAL
LLM06 Excessive Agency HIGH
LLM07 System Prompt Leakage HIGH
LLM08 Vector and Embedding Weaknesses HIGH
LLM09 Misinformation MEDIUM
LLM10 Unbounded Consumption HIGH

Static Analysis

Guidance for running Semgrep (and similar) scans and writing custom detection rules:

  • Pattern matching vs. taint/dataflow mode — when to use each
  • Custom rule authoring with positive and negative test cases
  • SARIF/JSON output for CI integration
  • How static analysis complements the playbook's code-security rules

Runtime enforcement

The playbook provides agent-readable guidance. For runtime hook enforcement, session telemetry, and advisory correlation, see Prismor Warden:

python3 warden/cli.py install-hooks --agent all --mode enforce
python3 warden/cli.py sessions

Contributing

  • New rules go in the appropriate skill directory with a Markdown file under rules/
  • Update the skill's SKILL.md table to reference the new rule
  • Semgrep rules go in semgrep/
  • Do not add runtime code here — this repo is agent-readable documentation and configuration only

References

About

Security skill pack for AI coding agents — behavioral guardrails, OWASP code/LLM rules, static analysis guidance

Resources

Readme

Security policy

Security policy
Activity
Custom properties

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors