Skip to content

Diffuzmetall/security-hardening-skill

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.github
.github
 
 
references
references
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
README.md
README.md
 
 
SKILL.md
SKILL.md
 
 

Repository files navigation

security-hardening

Security hardening skill for AI agents that audit and improve VPS, WordPress, and Next.js security without jumping straight into risky changes.

The skill is built around one rule: do not lock yourself out of the server. It works in audit-first mode, gives findings in priority order, and produces a final 0-10 security score with an explanation in Russian by default.

What This Repository Contains

  • SKILL.md: the main skill instructions
  • references/vps.md: deep VPS and Linux hardening reference
  • references/wordpress.md: WordPress-specific hardening guidance
  • references/nextjs.md: Next.js and Node.js security guidance
  • references/general-web.md: general web security guidance

Core Behavior

  • Default language is Russian unless the user clearly prefers another language
  • Default mode is analysis first, changes second
  • Every risky change must follow pre-check -> change -> verify -> rollback
  • VPS hardening includes anti-lockout workflow and break-glass recovery guidance
  • Final audit includes a 0-10 score plus a short explanation of why that score was given

What The Skill Evaluates

For a VPS, the skill looks at areas such as:

  • SSH posture
  • Firewall and exposed services
  • Recovery path and console access
  • Fail2ban / CrowdSec / monitoring
  • Patch management and reboot policy
  • Docker exposure
  • Sysctl / CIS-style hardening
  • Backups, snapshots, and rollback readiness

Output Format

The expected audit result is:

  1. Итоговая оценка: X/10
  2. Краткий вывод
  3. Критичные проблемы
  4. Что уже хорошо
  5. Следующие шаги по приоритету

Repository Use

This repository is published primarily as a reference distribution of the skill.

  • You can read it, fork it, and adapt it for your own workflows
  • You should review all commands before applying them to a real server
  • You should not assume every hardening recommendation is safe for every workload

Installation

Copy the skill into your agent skills directory, for example:

mkdir -p ~/.agents/skills/security-hardening
cp SKILL.md ~/.agents/skills/security-hardening/
cp -r references ~/.agents/skills/security-hardening/

Then re-index your local skills if your environment requires it.

Safety Notes

  • This skill is not a substitute for testing
  • Never apply SSH, firewall, or sysctl changes in bulk
  • Always keep a second session and a provider recovery path available
  • Always verify effective state, not just config files

About Contributions

This repository is published as a read-mostly reference. Outside contributions are generally not accepted directly. Please do not open drive-by pull requests. If you believe there is a serious mistake, open a tightly scoped issue with concrete evidence and reproduction details.

About

Audit-first security hardening skill for VPS, WordPress, and Next.js

Topics

wordpress security nextjs vps hardening

Resources

Readme

Contributing

Contributing
Activity

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors