Security Bluebook Builder
Create or refine a concise, normative security policy ("Blue Book") for sensitive applications. Use when users need a threat model, data classification rules, auth/session policy, logging and audit requirements, retention/deletion expectations, incid
Free to install — no account needed
Copy the command below and paste into your agent.
Instant access • No coding needed • No account needed
What you get in 5 minutes
- Full skill code ready to install
- Works with 4 AI agents
- Lifetime updates included
Description
--- name: security-bluebook-builder description: Create or refine a concise, normative security policy ("Blue Book") for sensitive applications. Use when users need a threat model, data classification rules, auth/session policy, logging and audit requirements, retention/deletion expectations, incident response, or security gates for apps handling PII/PHI/financial data. --- # Security Bluebook Builder ## Overview Build a minimal but real security policy for sensitive apps. The output is a single, coherent Blue Book document using MUST/SHOULD/CAN language, with explicit assumptions, scope, and security gates. ## Workflow ### 1) Gather inputs (ask only if missing) Collect just enough context to fill the template. If the user has not provided details, ask up to 6 short questions: - What data classes are handled (PII, PHI, financial, tokens, content)? - What are the trust boundaries (client/server/third parties)? - How do users authenticate (OAuth, email/password, SSO, device sessions)? - What storage is used (DB, object storage, logs, analytics)? - What connectors or third parties are used? - Retention and deletion expectations (default + user-initiated)? If the user cannot answer, proceed with safe defaults and mark TODOs. ### 2) Draft the Blue Book Load `references/bluebook_template.md` and fill it with the provided details. Keep it concise, deterministic, and enforceable. ### 3) Enforce guardrails - Do not include secrets, tokens, or internal credentials. - If something is unknown, write "TODO" plus a clear assumption. - Fail closed: if a capability is required but unavailable, call it out explicitly. - Keep scope minimal; do not add features or tools beyond what the user asked for. ### 4) Quality checks Confirm the Blue Book includes: - Threat model (assumptions + out-of-scope) - Data classification + handling rules - Trust boundaries + controls - Auth/session policy - Token handling policy - Logging/audit policy - Retention/deletion - Incident response mini-runbook - Security gates + go/no-go checklist ## Resources - `references/bluebook_template.md`
Security Status
Scanned
Passed automated security checks
Related AI Tools
More Make Money tools you might like
Marketing Skills Division
Free"42 marketing agent skills and plugins for Claude Code, Codex, Gemini CLI, Cursor, OpenClaw, and 6 more coding agents. 7 pods: content, SEO, CRO, channels, growth, intelligence, sales. Foundation context + orchestration router. 27 Python tools (stdli
Insert instructions below
FreeReplace with description of the skill and when Claude should use it.
Engineering Team Skills
Free"23 engineering agent skills and plugins for Claude Code, Codex, Gemini CLI, Cursor, OpenClaw, and 6 more tools. Architecture, frontend, backend, QA, DevOps, security, AI/ML, data engineering, Playwright, Stripe, AWS, MS365. 30+ Python tools (stdlib-
Business & Growth Skills
Free"4 business growth agent skills and plugins for Claude Code, Codex, Gemini CLI, Cursor, OpenClaw. Customer success (health scoring, churn), sales engineer (RFP), revenue operations (pipeline, GTM), contract & proposal writer. Python tools (stdlib-onl
C-Level Advisory Ecosystem
Free"10 C-level advisory agent skills and plugins for Claude Code, Codex, Gemini CLI, Cursor, OpenClaw. CEO, CTO, COO, CPO, CMO, CFO, CRO, CISO, CHRO, Executive Mentor. Multi-role board meetings, strategy routing, structured recommendations. For founders
NotebookLM Automation
FreeComplete API for Google NotebookLM - full programmatic access including features not in the web UI. Create notebooks, add sources, generate all artifact types, download in multiple formats. Activates on explicit /notebooklm or intent like "create a p