SECUpdates
について
SECUpdatesは、tldrsecやno.securityなどのソースからセキュリティニュースを集約し、侵害事例、研究、脆弱性に関する簡潔でランク付けされた最新情報を提供します。最新のセキュリティニュース、アップデート、または侵害情報が必要な場合にご利用ください。ユーザーカスタマイズをサポートし、実行前にローカル通知を送信します。
クイックインストール
Claude Code
推奨/plugin add https://github.com/majiayu000/claude-skill-registrygit clone https://github.com/majiayu000/claude-skill-registry.git ~/.claude/skills/SECUpdatesこのコマンドをClaude Codeにコピー&ペーストしてスキルをインストールします
ドキュメント
Customization
Before executing, check for user customizations at:
~/.claude/skills/CORE/USER/SKILLCUSTOMIZATIONS/SECUpdates/
If this directory exists, load and apply any PREFERENCES.md, configurations, or resources found there. These override default behavior. If the directory does not exist, proceed with skill defaults.
Voice Notification (REQUIRED)
Send this notification BEFORE doing anything else:
curl -s -X POST http://localhost:8888/notify \
-H "Content-Type: application/json" \
-d '{"message": "Checking security updates from sources"}' \
> /dev/null 2>&1 &
SECUpdates Skill
Purpose: Aggregate security news from multiple sources into crisp, ranked updates across three categories.
Sources
| Source | URL | Type |
|---|---|---|
| tl;dr sec | https://tldrsec.com | Newsletter/RSS - comprehensive security roundup |
| No Security | https://no.security | Caleb Sima's security insights |
| Krebs on Security | https://krebsonsecurity.com | Investigative security journalism |
| The Hacker News | https://thehackernews.com | Security news and analysis |
| Schneier on Security | https://schneier.com | Bruce Schneier's security blog |
| Risky Business | https://risky.biz | Security podcast/news |
Custom sources: Add to USER/SKILLCUSTOMIZATIONS/SECUpdates/sources.json
Output Format
Maximum 32 items total across all categories, ranked by importance within each.
# Security Updates
**Generated:** [timestamp]
**Sources Checked:** [list]
**Period:** Since [last check date]
---
## 🔴 Security News (Breaches & Incidents)
*Hacks, breaches, exploits in the wild, incidents*
1. **[Headline]** - [1-2 sentence summary]. [Source]
2. **[Headline]** - [1-2 sentence summary]. [Source]
...
---
## 🔬 Security Research
*New vulnerabilities, CVEs, techniques, papers*
1. **[Title]** - [1-2 sentence summary]. [Source]
2. **[Title]** - [1-2 sentence summary]. [Source]
...
---
## 💡 Security Ideas
*Opinions, strategies, industry trends, career*
1. **[Title]** - [1-2 sentence summary]. [Source]
2. **[Title]** - [1-2 sentence summary]. [Source]
...
---
## 📊 Summary
| Category | Count | Top Item |
|----------|-------|----------|
| News | X | [headline] |
| Research | X | [title] |
| Ideas | X | [title] |
**Total:** X/32 items | **Next check:** Run `/secupdates` anytime
Category Definitions
🔴 Security News (Breaches & Incidents)
- Data breaches and leaks
- Active exploits and attacks
- Ransomware incidents
- State-sponsored attacks
- Major vulnerability exploitations
- Company security incidents
🔬 Security Research
- New CVEs and vulnerabilities
- Security research papers
- New attack techniques
- Tool releases
- Vulnerability disclosures
- Bug bounty findings
💡 Security Ideas
- Industry trends and analysis
- Security strategy and opinions
- Career and hiring trends
- Regulatory and compliance news
- Security culture and practices
- Predictions and forecasts
Ranking Criteria
Within each category, rank items by:
- Impact - How many people/systems affected?
- Recency - How new is this?
- Actionability - Can reader do something about it?
- Novelty - Is this genuinely new information?
State Tracking
State file: State/last-check.json
{
"last_check_timestamp": "2026-01-22T12:00:00.000Z",
"sources": {
"tldrsec": {
"last_hash": "abc123",
"last_checked": "2026-01-22T12:00:00.000Z",
"last_title": "tl;dr sec #XXX"
},
"nosecurity": {
"last_hash": "def456",
"last_checked": "2026-01-22T12:00:00.000Z"
}
}
}
On each run:
- Load last-check.json
- Fetch each source
- Compare content hash to detect new items
- Only include items newer than last check
- Update state file after successful run
Process Flow
Step 1: Check State
# Read last check timestamp
cat ~/.claude/skills/SECUpdates/State/last-check.json
Step 2: Fetch Sources (Parallel)
Launch parallel agents to fetch each source:
| Agent | Source | Method |
|---|---|---|
| Agent 1 | tldrsec.com | WebFetch latest newsletter |
| Agent 2 | no.security | WebFetch recent posts |
| Agent 3 | krebsonsecurity.com | WebFetch recent articles |
| Agent 4 | thehackernews.com | WebFetch headlines |
| Agent 5 | schneier.com | WebFetch recent posts |
Step 3: Parse & Categorize
For each item found:
- Determine category (News/Research/Ideas)
- Extract headline and 1-2 sentence summary
- Note source
- Assess importance score
Step 4: Rank & Limit
- Sort each category by importance
- Take top items until 32 total
- Distribute reasonably (aim for ~10-12 per category if available)
Step 5: Output & Update State
- Generate formatted output
- Write updated state to last-check.json
Workflow Routing
| Workflow | Trigger | File |
|---|---|---|
| Update | "security updates", "sec updates", "/secupdates", "what's new in security" | Workflows/Update.md |
Default: Run the Update workflow.
Key Principles
- Crisp - 1-2 sentences per item, no fluff
- Ranked - Most important first within each category
- Categorized - Clear separation of News/Research/Ideas
- Deduplicated - Same story from multiple sources = one entry
- Limited - Max 32 items total, quality over quantity
- Stateful - Track what's been seen, only show new items
Example Output
# Security Updates
**Generated:** 2026-01-22 12:09 PST
**Sources Checked:** tldrsec, no.security, Krebs, THN, Schneier
**Period:** Since 2026-01-20
---
## 🔴 Security News (Breaches & Incidents)
1. **Microsoft Azure Breach Exposes 2M Customer Records** - Misconfigured storage blob allowed unauthorized access to customer data including emails and phone numbers. [Krebs]
2. **LockBit 4.0 Ransomware Hits Healthcare Chain** - 15 hospitals affected, patient data encrypted, $10M ransom demanded. [THN]
3. **Ivanti VPN Zero-Day Actively Exploited** - CVE-2026-XXXX being used by Chinese APT groups against government targets. [tldrsec]
---
## 🔬 Security Research
1. **New Spectre Variant Bypasses All Mitigations** - Researchers demonstrate "Spectre-NG" affecting Intel and AMD processors, no patch available. [tldrsec]
2. **OAuth Token Theft via Browser Extension** - Novel technique allows stealing tokens from any site using malicious extension. [no.security]
3. **SSRF in AWS IMDSv2** - Bypass discovered in metadata service protections. [tldrsec]
---
## 💡 Security Ideas
1. **The Death of Perimeter Security** - Caleb Sima argues zero-trust is no longer optional after recent breaches. [no.security]
2. **CISO Burnout at All-Time High** - Survey shows 70% considering leaving the field within 2 years. [tldrsec]
3. **AI-Generated Phishing Now Indistinguishable** - Schneier on the implications of LLM-powered social engineering. [Schneier]
---
## 📊 Summary
| Category | Count | Top Item |
|----------|-------|----------|
| News | 3 | Microsoft Azure Breach |
| Research | 3 | New Spectre Variant |
| Ideas | 3 | Death of Perimeter Security |
**Total:** 9/32 items | **Next check:** Run `/secupdates` anytime
Anti-Patterns
| ❌ Bad | ✅ Good |
|---|---|
| Long paragraph summaries | 1-2 crisp sentences |
| "Read more at..." | Summary + source attribution |
| Unranked list dumps | Importance-ordered items |
| 50+ items | Max 32, quality curated |
| Mixing categories | Clear News/Research/Ideas separation |
| Old news mixed with new | Only items since last check |
GitHub リポジトリ
関連スキル
algorithmic-art
メタThis Claude Skill creates original algorithmic art using p5.js with seeded randomness and interactive parameters. It generates .md files for algorithmic philosophies, plus .html and .js files for interactive generative art implementations. Use it when developers need to create flow fields, particle systems, or other computational art while avoiding copyright issues.
subagent-driven-development
開発This skill executes implementation plans by dispatching a fresh subagent for each independent task, with code review between tasks. It enables fast iteration while maintaining quality gates through this review process. Use it when working on mostly independent tasks within the same session to ensure continuous progress with built-in quality checks.
executing-plans
デザインUse the executing-plans skill when you have a complete implementation plan to execute in controlled batches with review checkpoints. It loads and critically reviews the plan, then executes tasks in small batches (default 3 tasks) while reporting progress between each batch for architect review. This ensures systematic implementation with built-in quality control checkpoints.
cost-optimization
その他This Claude Skill helps developers optimize cloud costs through resource rightsizing, tagging strategies, and spending analysis. It provides a framework for reducing cloud expenses and implementing cost governance across AWS, Azure, and GCP. Use it when you need to analyze infrastructure costs, right-size resources, or meet budget constraints.