firefrost-gaming/antigravity-skills-reference
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
f005b39f3fa462e3f8a2fd2f73ad4e390faa14bf
antigravity-skills-reference/skills/skill-sentinel/references/security_patterns.md
ProgramadorBrasil 61ec71c5c7 feat: add 52 specialized AI agent skills (#217) 
New skills covering 10 categories:

**Security & Audit**: 007 (STRIDE/PASTA/OWASP), cred-omega (secrets management)
**AI Personas**: Karpathy, Hinton, Sutskever, LeCun (4 sub-skills), Altman, Musk, Gates, Jobs, Buffett
**Multi-agent Orchestration**: agent-orchestrator, task-intelligence, multi-advisor
**Code Analysis**: matematico-tao (Terence Tao-inspired mathematical code analysis)
**Social & Messaging**: Instagram Graph API, Telegram Bot, WhatsApp Cloud API, social-orchestrator
**Image Generation**: AI Studio (Gemini), Stability AI, ComfyUI Gateway, image-studio router
**Brazilian Domain**: 6 auction specialist modules, 2 legal advisors, auctioneers data scraper
**Product & Growth**: design, invention, monetization, analytics, growth engine
**DevOps & LLM Ops**: Docker/CI-CD/AWS, RAG/embeddings/fine-tuning
**Skill Governance**: installer, sentinel auditor, context management

Each skill includes:
- Standardized YAML frontmatter (name, description, risk, source, tags, tools)
- Structured sections (Overview, When to Use, How it Works, Best Practices)
- Python scripts and reference documentation where applicable
- Cross-platform compatibility (Claude Code, Antigravity, Cursor, Gemini CLI, Codex CLI)

Co-authored-by: ProgramadorBrasil <214873561+ProgramadorBrasil@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-07 10:04:07 +01:00

1.7 KiB
Raw Blame History

Padroes de Seguranca

Padroes Bons (Referencia)

Queries parametrizadas (como instagram/scripts/db.py)

# BOM: usar ? como placeholder
conn.execute("SELECT * FROM posts WHERE id = ?", [post_id])
conn.execute(
    "INSERT INTO accounts (ig_user_id, username) VALUES (?, ?)",
    [ig_user_id, username]
)

Variaveis de ambiente para secrets

# BOM: secrets em env vars
import os
API_KEY = os.environ.get("API_KEY")
APP_SECRET = os.getenv("APP_SECRET")

Token refresh com validacao

# BOM: verificar expiracao antes de usar
if token_expires_at and datetime.now() >= token_expires_at:
    token = refresh_token(refresh_token_value)

Rate limiting com threshold

# BOM: padrão GovernanceManager
if requests_used >= LIMIT * 0.9:
    warnings.append("Proximo do limite")
if requests_used >= LIMIT:
    raise RateLimitExceeded(...)

Padroes Ruins (Detectados pelo Sentinel)

Secrets hardcoded

# RUIM: secret direto no codigo
API_KEY = "sk-abc123def456"
PASSWORD = "minha_senha_123"

SQL injection via f-string

# RUIM: interpolacao em SQL
cursor.execute(f"SELECT * FROM users WHERE name = '{name}'")
cursor.execute("SELECT * FROM users WHERE name = '%s'" % name)

URL HTTP insegura

# RUIM: HTTP sem TLS
API_URL = "http://api.external.com/data"

Token em log

# RUIM: logando credencial
print(f"Token: {access_token}")
logging.info(f"Usando key: {api_key}")

Bare except

# RUIM: engolindo todos os erros
try:
    do_something()
except:
    pass

Excecoes Conhecidas

Alguns valores parecem secrets mas sao publicos:

  • 546c25a59c58ad7 - Imgur anonymous upload client ID (publico)
  • Chaves de teste/exemplo em documentacao
Reference in New Issue View Git Blame Copy Permalink