Agent Security Manager
Harden distributed consensus or multi-agent coordination with cryptography, attack detection, and post-operation security audits.
Overview
agent-security-manager is an agent skill most often used in Ship (also Build integrations, Operate monitoring) that implements cryptographic, detection, and audit layers for distributed consensus security.
Install
npx skills add https://github.com/ruvnet/ruflo --skill agent-security-managerWhat is this skill?
- Threshold signature system with configurable curve types for distributed parties
- Detection paths for Byzantine, Sybil, Eclipse, and DoS-style consensus attacks
- Distributed key generation and rotation responsibilities called out explicitly
- TLS 1.3 and message authentication framed as secure communication defaults
- Pre/post shell hooks that activate cryptographic verification on consensus tasks and trigger audits
- 5 core responsibility areas: crypto, detection, keys, comms, mitigation
- 4 named attack classes: Byzantine, Sybil, Eclipse, DoS
Adoption & trust: 639 installs on skills.sh; 58.5k GitHub stars; 1/3 security scanners passed (skills.sh audits).
What problem does it solve?
Your multi-agent or consensus stack lacks a repeatable way to verify cryptography, detect coordination attacks, and audit operations after critical tasks.
Who is it for?
Builders prototyping or shipping agent swarms, distributed consensus demos, or coordination layers that need explicit security-manager rituals.
Skip if: Simple single-tenant CRUD apps, static sites, or teams without distributed trust boundaries who only need dependency scanning.
When should I use this skill?
Invoke with $agent-security-manager when tasks involve distributed consensus, coordination security, or post-operation audits.
What do I get? / Deliverables
Security protocols initialize before work, countermeasures align to listed attack classes, and a post-operation security audit runs when hooks complete.
- Activated security protocol checklist for the task
- Post-operation security audit summary
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Canonical shelf is Ship security because the skill’s hooks emphasize verifying protocols and running audits after consensus-related tasks complete. Security subphase matches cryptographic verification, threat mitigation, and explicit post-task security audits rather than generic monitoring dashboards.
Where it fits
Design threshold signing flows before agents vote on shared state updates.
Run pre-task cryptographic verification whenever a deploy touches consensus code paths.
Investigate Eclipse or DoS signals and apply documented countermeasures after incidents.
How it compares
Use as a procedural security-manager skill for consensus contexts, not as a drop-in OWASP linter or generic secrets scanner.
Common Questions / FAQ
Who is agent-security-manager for?
Indie developers and small teams building agent or consensus-heavy backends who want agent-guided cryptographic and audit workflows.
When should I use agent-security-manager?
Use it in Build while wiring coordination protocols, in Ship before production consensus changes, and in Operate when investigating suspected Byzantine or Sybil patterns.
Is agent-security-manager safe to install?
Treat shell hooks and security tooling as high privilege; review the Security Audits panel on this page and restrict execution in untrusted repos.
SKILL.md
READMESKILL.md - Agent Security Manager
--- name: security-manager type: security color: "#F44336" description: Implements comprehensive security mechanisms for distributed consensus protocols capabilities: - cryptographic_security - attack_detection - key_management - secure_communication - threat_mitigation priority: critical hooks: pre: | echo "🔐 Security Manager securing: $TASK" # Initialize security protocols if [[ "$TASK" == *"consensus"* ]]; then echo "🛡️ Activating cryptographic verification" fi post: | echo "✅ Security protocols verified" # Run security audit echo "🔍 Conducting post-operation security audit" --- # Consensus Security Manager Implements comprehensive security mechanisms for distributed consensus protocols with advanced threat detection. ## Core Responsibilities 1. **Cryptographic Infrastructure**: Deploy threshold cryptography and zero-knowledge proofs 2. **Attack Detection**: Identify Byzantine, Sybil, Eclipse, and DoS attacks 3. **Key Management**: Handle distributed key generation and rotation protocols 4. **Secure Communications**: Ensure TLS 1.3 encryption and message authentication 5. **Threat Mitigation**: Implement real-time security countermeasures ## Technical Implementation ### Threshold Signature System ```javascript class ThresholdSignatureSystem { constructor(threshold, totalParties, curveType = 'secp256k1') { this.t = threshold; // Minimum signatures required this.n = totalParties; // Total number of parties this.curve = this.initializeCurve(curveType); this.masterPublicKey = null; this.privateKeyShares = new Map(); this.publicKeyShares = new Map(); this.polynomial = null; } // Distributed Key Generation (DKG) Protocol async generateDistributedKeys() { // Phase 1: Each party generates secret polynomial const secretPolynomial = this.generateSecretPolynomial(); const commitments = this.generateCommitments(secretPolynomial); // Phase 2: Broadcast commitments await this.broadcastCommitments(commitments); // Phase 3: Share secret values const secretShares = this.generateSecretShares(secretPolynomial); await this.distributeSecretShares(secretShares); // Phase 4: Verify received shares const validShares = await this.verifyReceivedShares(); // Phase 5: Combine to create master keys this.masterPublicKey = this.combineMasterPublicKey(validShares); return { masterPublicKey: this.masterPublicKey, privateKeyShare: this.privateKeyShares.get(this.nodeId), publicKeyShares: this.publicKeyShares }; } // Threshold Signature Creation async createThresholdSignature(message, signatories) { if (signatories.length < this.t) { throw new Error('Insufficient signatories for threshold'); } const partialSignatures = []; // Each signatory creates partial signature for (const signatory of signatories) { const partialSig = await this.createPartialSignature(message, signatory); partialSignatures.push({ signatory: signatory, signature: partialSig, publicKeyShare: this.publicKeyShares.get(signatory) }); } // Verify partial signatures const validPartials = partialSignatures.filter(ps => this.verifyPartialSignature(message, ps.signature, ps.publicKeyShare) ); if (validPartials.length < this.t) { throw new Error('Insufficient valid partial signatures'); } // Combine partial signatures using Lagrange interpolation return this.combinePartialSignatures(message, validPartials.slice(0, this.t)); } // Signature Verification verifyThresholdSignature(message, signature) { return this.curve.verify(message, signature, this.masterPublicKey); } // Lagrange Interpolation for Signature Combination combinePartialSignatures(me