Skip to content

Releases: usesecure/secure-skill

Release list

Secure v2.0.0

Choose a tag to compare

@danielcadev danielcadev released this 15 Jul 13:16

Secure v2.0.0

Secure v2 establishes one canonical installable skill with a stable operating
contract and reproducible evidence.

Highlights

  • one secure skill with concise discovery metadata and progressive disclosure;
  • explicit review, diff-review, audit, threat-model, fix, and verify modes;
  • local read-only scanners with versioned JSON, redaction, limits, and path safety;
  • a preserved 21-case Node.js baseline plus vulnerable/safe pairs for TypeScript,
    Python, Go, Rust, and Java;
  • public matched runs, held-out fix verification, activation trials, transcripts,
    and scoring rules;
  • a responsive technical site that links the public evidence and states the
    evaluation and authorization limits directly;
  • deterministic local validation, clean-install checks, and a release distribution
    workflow.

Evaluation snapshot

Using gpt-5.6-sol at medium reasoning on the versioned v2 suite, Secure recorded
100% seeded detection, 0% safe-control false positives, and 5/5 held-out fixes.
Three metadata activation trials recorded 100% positive activation and 0% false
activation. The no-Secure comparison also detected all seeded findings, used
fewer tokens, and completed 4/5 held-out fixes.

These results describe this small fixture suite only. They do not prove complete
application security or generalize to every model, repository, or deployment.