Customization

Before executing, check for user customizations at:

~/.claude/pai/user/skillcustomizations/secupdates/

If this directory exists, load and apply any PREFERENCES.md, configurations, or resources found there. These override default behavior. If the directory does not exist, proceed with skill defaults.

Voice Notification (REQUIRED)

Send this notification BEFORE doing anything else:

curl -s -X POST http://localhost:8888/notify \
  -H "Content-Type: application/json" \
  -d '{"message": "Checking security updates from sources"}' \
  > /dev/null 2>&1 &

SECUpdates Skill

Purpose: Aggregate security news from multiple sources into crisp, ranked updates across three categories.

Sources

Custom sources: Add to

user/skillcustomizations/secupdates/sources.json

Output Format

Maximum 32 items total across all categories, ranked by importance within each.

# Security Updates
**Generated:** [timestamp]
**Sources Checked:** [list]
**Period:** Since [last check date]

---

## 🔴 Security News (Breaches & Incidents)
*Hacks, breaches, exploits in the wild, incidents*

1. **[Headline]** - [1-2 sentence summary]. [Source]
2. **[Headline]** - [1-2 sentence summary]. [Source]
...

---

## 🔬 Security Research
*New vulnerabilities, CVEs, techniques, papers*

1. **[Title]** - [1-2 sentence summary]. [Source]
2. **[Title]** - [1-2 sentence summary]. [Source]
...

---

## 💡 Security Ideas
*Opinions, strategies, industry trends, career*

1. **[Title]** - [1-2 sentence summary]. [Source]
2. **[Title]** - [1-2 sentence summary]. [Source]
...

---

## 📊 Summary
| Category | Count | Top Item |
|----------|-------|----------|
| News | X | [headline] |
| Research | X | [title] |
| Ideas | X | [title] |

**Total:** x/32 items | **Next check:** Run `/secupdates` anytime

Category Definitions

🔴 Security News (Breaches & Incidents)

• Data breaches and leaks
• Active exploits and attacks
• Ransomware incidents
• State-sponsored attacks
• Major vulnerability exploitations
• Company security incidents

🔬 Security Research

• New CVEs and vulnerabilities
• Security research papers
• New attack techniques
• Tool releases
• Vulnerability disclosures
• Bug bounty findings

💡 Security Ideas

• Industry trends and analysis
• Security strategy and opinions
• Career and hiring trends
• Regulatory and compliance news
• Security culture and practices
• Predictions and forecasts

Ranking Criteria

Within each category, rank items by:

1. Impact - How many people/systems affected?
2. Recency - How new is this?
3. Actionability - Can reader do something about it?
4. Novelty - Is this genuinely new information?

State Tracking

State file:

state/last-check.json

{
  "last_check_timestamp": "2026-01-22T12:00:00.000Z",
  "sources": {
    "tldrsec": {
      "last_hash": "abc123",
      "last_checked": "2026-01-22T12:00:00.000Z",
      "last_title": "tl;dr sec #XXX"
    },
    "nosecurity": {
      "last_hash": "def456",
      "last_checked": "2026-01-22T12:00:00.000Z"
    }
  }
}

On each run:

1. Load last-check.json
2. Fetch each source
3. Compare content hash to detect new items
4. Only include items newer than last check
5. Update state file after successful run

Process Flow

Step 1: Check State

# Read last check timestamp
cat state/last-check.json

Step 2: Fetch Sources (Parallel)

Launch parallel agents to fetch each source:

Step 3: Parse & Categorize

For each item found:

1. Determine category (news/research/Ideas)
2. Extract headline and 1-2 sentence summary
3. Note source
4. Assess importance score

Step 4: Rank & Limit

1. Sort each category by importance
2. Take top items until 32 total
3. Distribute reasonably (aim for ~10-12 per category if available)

Step 5: Output & Update State

1. Generate formatted output
2. Write updated state to last-check.json

Workflow Routing

workflows/Update.md

Default: Run the Update workflow.

Key Principles

1. Crisp - 1-2 sentences per item, no fluff
2. Ranked - Most important first within each category
3. Categorized - Clear separation of news/research/Ideas
4. Deduplicated - Same story from multiple sources = one entry
5. Limited - Max 32 items total, quality over quantity
6. Stateful - Track what's been seen, only show new items

Example Output

# Security Updates
**Generated:** 2026-01-22 12:09 PST
**Sources Checked:** tldrsec, no.security, Krebs, THN, Schneier
**Period:** Since 2026-01-20

---

## 🔴 Security News (Breaches & Incidents)

1. **Microsoft Azure Breach Exposes 2M Customer Records** - Misconfigured storage blob allowed unauthorized access to customer data including emails and phone numbers. [Krebs]
2. **LockBit 4.0 Ransomware Hits Healthcare Chain** - 15 hospitals affected, patient data encrypted, $10M ransom demanded. [THN]
3. **Ivanti VPN Zero-Day Actively Exploited** - CVE-2026-XXXX being used by Chinese APT groups against government targets. [tldrsec]

---

## 🔬 Security Research

1. **New Spectre Variant Bypasses All Mitigations** - Researchers demonstrate "Spectre-NG" affecting Intel and AMD processors, no patch available. [tldrsec]
2. **OAuth Token Theft via Browser Extension** - Novel technique allows stealing tokens from any site using malicious extension. [no.security]
3. **SSRF in AWS IMDSv2** - Bypass discovered in metadata service protections. [tldrsec]

---

## 💡 Security Ideas

1. **The Death of Perimeter Security** - Caleb Sima argues zero-trust is no longer optional after recent breaches. [no.security]
2. **CISO Burnout at All-Time High** - Survey shows 70% considering leaving the field within 2 years. [tldrsec]
3. **AI-Generated Phishing Now Indistinguishable** - Schneier on the implications of LLM-powered social engineering. [Schneier]

---

## 📊 Summary
| Category | Count | Top Item |
|----------|-------|----------|
| News | 3 | Microsoft Azure Breach |
| Research | 3 | New Spectre Variant |
| Ideas | 3 | Death of Perimeter Security |

**Total:** 9/32 items | **Next check:** Run `/secupdates` anytime

Anti-Patterns