Secure v2.0.0
Secure v2 establishes one canonical installable skill with a stable operating
contract and reproducible evidence.
Highlights
- one
secureskill with concise discovery metadata and progressive disclosure; - explicit review, diff-review, audit, threat-model, fix, and verify modes;
- local read-only scanners with versioned JSON, redaction, limits, and path safety;
- a preserved 21-case Node.js baseline plus vulnerable/safe pairs for TypeScript,
Python, Go, Rust, and Java; - public matched runs, held-out fix verification, activation trials, transcripts,
and scoring rules; - a responsive technical site that links the public evidence and states the
evaluation and authorization limits directly; - deterministic local validation, clean-install checks, and a release distribution
workflow.
Evaluation snapshot
Using gpt-5.6-sol at medium reasoning on the versioned v2 suite, Secure recorded
100% seeded detection, 0% safe-control false positives, and 5/5 held-out fixes.
Three metadata activation trials recorded 100% positive activation and 0% false
activation. The no-Secure comparison also detected all seeded findings, used
fewer tokens, and completed 4/5 held-out fixes.
These results describe this small fixture suite only. They do not prove complete
application security or generalize to every model, repository, or deployment.