How do I install security-ownership-map?

Run `npx skills add https://github.com/tech-leads-club/agent-skills --skill security-ownership-map` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does security-ownership-map support?

security-ownership-map works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is security-ownership-map free to use?

Yes. security-ownership-map is free to install and use. It is available from the open explainx.ai skill registry published by tech-leads-club.

Where can I read ratings and reviews for security-ownership-map?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install security-ownership-map?

Run `npx skills add https://github.com/tech-leads-club/agent-skills --skill security-ownership-map` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does security-ownership-map support?

security-ownership-map works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is security-ownership-map free to use?

Yes. security-ownership-map is free to install and use. It is available from the open explainx.ai skill registry published by tech-leads-club.

Where can I read ratings and reviews for security-ownership-map?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install security-ownership-map?

Run `npx skills add https://github.com/tech-leads-club/agent-skills --skill security-ownership-map` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does security-ownership-map support?

security-ownership-map works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is security-ownership-map free to use?

Yes. security-ownership-map is free to install and use. It is available from the open explainx.ai skill registry published by tech-leads-club.

Where can I read ratings and reviews for security-ownership-map?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install security-ownership-map?

Run `npx skills add https://github.com/tech-leads-club/agent-skills --skill security-ownership-map` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does security-ownership-map support?

security-ownership-map works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is security-ownership-map free to use?

Yes. security-ownership-map is free to install and use. It is available from the open explainx.ai skill registry published by tech-leads-club.

Where can I read ratings and reviews for security-ownership-map?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install security-ownership-map?

Run `npx skills add https://github.com/tech-leads-club/agent-skills --skill security-ownership-map` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does security-ownership-map support?

security-ownership-map works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is security-ownership-map free to use?

Yes. security-ownership-map is free to install and use. It is available from the open explainx.ai skill registry published by tech-leads-club.

Where can I read ratings and reviews for security-ownership-map?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install security-ownership-map?

Run `npx skills add https://github.com/tech-leads-club/agent-skills --skill security-ownership-map` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does security-ownership-map support?

security-ownership-map works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is security-ownership-map free to use?

Yes. security-ownership-map is free to install and use. It is available from the open explainx.ai skill registry published by tech-leads-club.

Where can I read ratings and reviews for security-ownership-map?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install security-ownership-map?

Run `npx skills add https://github.com/tech-leads-club/agent-skills --skill security-ownership-map` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does security-ownership-map support?

security-ownership-map works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is security-ownership-map free to use?

Yes. security-ownership-map is free to install and use. It is available from the open explainx.ai skill registry published by tech-leads-club.

Where can I read ratings and reviews for security-ownership-map?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install security-ownership-map?

Run `npx skills add https://github.com/tech-leads-club/agent-skills --skill security-ownership-map` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does security-ownership-map support?

security-ownership-map works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is security-ownership-map free to use?

Yes. security-ownership-map is free to install and use. It is available from the open explainx.ai skill registry published by tech-leads-club.

Where can I read ratings and reviews for security-ownership-map?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install security-ownership-map?

Run `npx skills add https://github.com/tech-leads-club/agent-skills --skill security-ownership-map` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does security-ownership-map support?

security-ownership-map works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is security-ownership-map free to use?

Yes. security-ownership-map is free to install and use. It is available from the open explainx.ai skill registry published by tech-leads-club.

Where can I read ratings and reviews for security-ownership-map?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install security-ownership-map?

Run `npx skills add https://github.com/tech-leads-club/agent-skills --skill security-ownership-map` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does security-ownership-map support?

security-ownership-map works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is security-ownership-map free to use?

Yes. security-ownership-map is free to install and use. It is available from the open explainx.ai skill registry published by tech-leads-club.

Where can I read ratings and reviews for security-ownership-map?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install security-ownership-map?

Run `npx skills add https://github.com/tech-leads-club/agent-skills --skill security-ownership-map` in your terminal. You need to have run `npx skills init` once in your project first.

security

security-ownership-map▌

tech-leads-club/agent-skills · updated May 23, 2026

MDX-style export adds YAML metadata + attribution linking explainx.ai and this canonical listing URL.

$npx skills add https://github.com/tech-leads-club/agent-skills --skill security-ownership-map

0 commentsdiscussion

summary

'Analyze git repositories to build a security ownership topology (people-to-file), compute bus factor and sensitive-code ownership, and export CSV/JSON for graph databases and visualization. Use when the user explicitly wants a security-oriented ownership or bus-factor analysis grounded in git history (for example: orphaned sensitive code, security maintainers, CODEOWNERS reality checks for risk, sensitive hotspots, or ownership clusters). Do NOT use for general maintainer lists, non-security ownership questions, or threat modeling (use security-threat-model).'

skill.md

name	security-ownership-map
description	'Analyze git repositories to build a security ownership topology (people-to-file), compute bus factor and sensitive-code ownership, and export CSV/JSON for graph databases and visualization. Use when the user explicitly wants a security-oriented ownership or bus-factor analysis grounded in git history (for example: orphaned sensitive code, security maintainers, CODEOWNERS reality checks for risk, sensitive hotspots, or ownership clusters). Do NOT use for general maintainer lists, non-security ownership questions, or threat modeling (use security-threat-model).'
metadata	author: github.com/openai/skills version: '1.0.0'

Security Ownership Map

Overview

Build a bipartite graph of people and files from git history, then compute ownership risk and export graph artifacts for Neo4j/Gephi. Also build a file co-change graph (Jaccard similarity on shared commits) to cluster files by how they move together while ignoring large, noisy commits.

Requirements

Python 3
networkx (required; community detection is enabled by default)

Install with:

pip install networkx

Workflow

Scope the repo and time window (optional --since/--until).
Decide sensitivity rules (use defaults or provide a CSV config).
Build the ownership map with scripts/run_ownership_map.py (co-change graph is on by default; use --cochange-max-files to ignore supernode commits).
Communities are computed by default; graphml output is optional (--graphml).
Query the outputs with scripts/query_ownership.py for bounded JSON slices.
Persist and visualize (see references/neo4j-import.md).

By default, the co-change graph ignores common “glue” files (lockfiles, .github/*, editor config) so clusters reflect actual code movement instead of shared infra edits. Override with --cochange-exclude or --no-default-cochange-excludes. Dependabot commits are excluded by default; override with --no-default-author-excludes or add patterns via --author-exclude-regex.

If you want to exclude Linux build glue like Kbuild from co-change clustering, pass:

python skills/skills/security-ownership-map/scripts/run_ownership_map.py \
  --repo /path/to/linux \
  --out ownership-map-out \
  --cochange-exclude "**/Kbuild"

Quick start

Run from the repo root:

python skills/skills/security-ownership-map/scripts/run_ownership_map.py \
  --repo . \
  --out ownership-map-out \
  --since "12 months ago" \
  --emit-commits

Defaults: author identity, author date, and merge commits excluded. Use --identity committer, --date-field committer, or --include-merges if needed.

Example (override co-change excludes):

python skills/skills/security-ownership-map/scripts/run_ownership_map.py \
  --repo . \
  --out ownership-map-out \
  --cochange-exclude "**/Cargo.lock" \
  --cochange-exclude "**/.github/**" \
  --no-default-cochange-excludes

Communities are computed by default. To disable:

python skills/skills/security-ownership-map/scripts/run_ownership_map.py \
  --repo . \
  --out ownership-map-out \
  --no-communities

Sensitivity rules

By default, the script flags common auth/crypto/secret paths. Override by providing a CSV file:

# pattern,tag,weight
**/auth/**,auth,1.0
**/crypto/**,crypto,1.0
**/*.pem,secrets,1.0

Use it with --sensitive-config path/to/sensitive.csv.

Output artifacts

ownership-map-out/ contains:

people.csv (nodes: people)
files.csv (nodes: files)
edges.csv (edges: touches)
cochange_edges.csv (file-to-file co-change edges with Jaccard weight; omitted with --no-cochange)
summary.json (security ownership findings)
commits.jsonl (optional, if --emit-commits)
communities.json (computed by default from co-change edges when available; includes maintainers per community; disable with --no-communities)
cochange.graph.json (NetworkX node-link JSON with community_id + community_maintainers; falls back to ownership.graph.json if no co-change edges)
ownership.graphml / cochange.graphml (optional, if --graphml)

people.csv includes timezone detection based on author commit offsets: primary_tz_offset, primary_tz_minutes, and timezone_offsets.

LLM query helper

Use scripts/query_ownership.py to return small, JSON-bounded slices without loading the full graph into context.

Examples:

python skills/skills/security-ownership-map/scripts/query_ownership.py --data-dir ownership-map-out people --limit 10
python skills/skills/security-ownership-map/scripts/query_ownership.py --data-dir ownership-map-out files --tag auth --bus-factor-max 1
python skills/skills/security-ownership-map/scripts/query_ownership.py --data-dir ownership-map-out person --person alice@corp --limit 10
python skills/skills/security-ownership-map/scripts/query_ownership.py --data-dir ownership-map-out file --file crypto/tls
python skills/skills/security-ownership-map/scripts/query_ownership.py --data-dir ownership-map-out cochange --file crypto/tls --limit 10
python skills/skills/security-ownership-map/scripts/query_ownership.py --data-dir ownership-map-out summary --section orphaned_sensitive_code
python skills/skills/security-ownership-map/scripts/query_ownership.py --data-dir ownership-map-out community --id 3

Use --community-top-owners 5 (default) to control how many maintainers are stored per community.

Basic security queries

Run these to answer common security ownership questions with bounded output:

# Orphaned sensitive code (stale + low bus factor)
python skills/skills/security-ownership-map/scripts/query_ownership.py --data-dir ownership-map-out summary --section orphaned_sensitive_code

# Hidden owners for sensitive tags
python skills/skills/security-ownership-map/scripts/query_ownership.py --data-dir ownership-map-out summary --section hidden_owners

# Sensitive hotspots with low bus factor
python skills/skills/security-ownership-map/scripts/query_ownership.py --data-dir ownership-map-out summary --section bus_factor_hotspots

# Auth/crypto files with bus factor <= 1
python skills/skills/security-ownership-map/scripts/query_ownership.py --data-dir ownership-map-out files --tag auth --bus-factor-max 1
python skills/skills/security-ownership-map/scripts/query_ownership.py --data-dir ownership-map-out files --tag crypto --bus-factor-max 1

# Who is touching sensitive code the most
python skills/skills/security-ownership-map/scripts/query_ownership.py --data-dir ownership-map-out people --sort sensitive_touches --limit 10

# Co-change neighbors (cluster hints for ownership drift)
python skills/skills/security-ownership-map/scripts/query_ownership.py --data-dir ownership-map-out cochange --file path/to/file --min-jaccard 0.05 --limit 20

# Community maintainers (for a cluster)
python skills/skills/security-ownership-map/scripts/query_ownership.py --data-dir ownership-map-out community --id 3

# Monthly maintainers for the community containing a file
python skills/skills/security-ownership-map/scripts/community_maintainers.py \
  --data-dir ownership-map-out \
  --file network/card.c \
  --since 2025-01-01 \
  --top 5

# Quarterly buckets instead of monthly
python skills/skills/security-ownership-map/scripts/community_maintainers.py \
  --data-dir ownership-map-out \
  --file network/card.c \
  --since 2025-01-01 \
  --bucket quarter \
  --top 5

Notes:

Touches default to one authored commit (not per-file). Use --touch-mode file to count per-file touches.
Use --window-days 90 or --weight recency --half-life-days 180 to smooth churn.
Filter bots with --ignore-author-regex '(bot|dependabot)'.
Use --min-share 0.1 to show stable maintainers only.
Use --bucket quarter for calendar quarter groupings.
Use --identity committer or --date-field committer to switch from author attribution.
Use --include-merges to include merge commits (excluded by default).

Summary format (default)

Use this structure, add fields if needed:

{
  "orphaned_sensitive_code": [
    {
      "path": "crypto/tls/handshake.rs",
      "last_security_touch": "2023-03-12T18:10:04+00:00",
      "bus_factor": 1
    }
  ],
  "hidden_owners": [
    {
      "person": "alice@corp",
      "controls": "63% of auth code"
    }
  ]
}

Graph persistence

Use references/neo4j-import.md when you need to load the CSVs into Neo4j. It includes constraints, import Cypher, and visualization tips.

Notes

bus_factor_hotspots in summary.json lists sensitive files with low bus factor; orphaned_sensitive_code is the stale subset.
If git log is too large, narrow with --since or --until.
Compare summary.json against CODEOWNERS to highlight ownership drift.

how to use security-ownership-map

How to use security-ownership-map on Cursor

AI-first code editor with Composer

Prerequisites

Before installing skills in Cursor, ensure your development environment meets these requirements:

›Cursor installed and configured on your development machine
›Node.js version 16.0+ with npm package manager (verify with node --version)
›Active project directory or workspace where you want to add security-ownership-map

Execute installation command

Execute the skills CLI command in your project's root directory to begin installation:

$npx skills add https://github.com/tech-leads-club/agent-skills --skill security-ownership-map

The skills CLI fetches security-ownership-map from GitHub repository tech-leads-club/agent-skills and configures it for Cursor.

Select Cursor when prompted

The CLI will show a list of available agents. Use arrow keys to navigate and space to select Cursor:

◆ Which agents do you want to install to?

│

│ ── Universal (.agents/skills) ── always included ────

│ • Amp

│ • Antigravity

│ • Cline

│ • Codex

│ ●Cursor(selected)

│ • Cursor

│ • Windsurf

Verify installation

Confirm successful installation by checking the skill directory location:

.cursor/skills/security-ownership-map

Reload or restart Cursor to activate security-ownership-map. Access the skill through slash commands (e.g., /security-ownership-map) or your agent's skill management interface.

⚠

Security & Verification Notice

We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.

Skills execute code in your development environment. Always verify the publisher's identity, review recent commits, and test in isolated environments before production deployment.

Additional Resources

›View source code on GitHub ›Skills CLI documentation ›Learn more about Cursor ›What are agent skills?

List & Monetize Your Skill

Submit your Claude Code skill and start earning

GET_STARTED →

Use Cases▌

Task Automation & Efficiency

Automate repetitive workflows and reduce manual effort

Example

Generate reports, summarize documents, draft communications

✓

Save 3-5 hours per week on routine tasks

Knowledge Enhancement

Learn new skills, understand complex topics, get expert guidance

Example

Explain concepts, provide examples, suggest learning resources

✓

Accelerate learning and skill development by 2x

Quality Improvement

Enhance output quality through reviews, suggestions, and refinements

Example

Review drafts, suggest improvements, catch errors

✓

Improve work quality by 30-40% with less effort

Implementation Guide▌

Prerequisites

›Claude Desktop or compatible AI client with skill support
›Clear understanding of task or problem to solve
›Willingness to iterate and refine outputs

Time Estimate

15-45 minutes depending on use case complexity

Installation Steps

1.Install skill using provided installation command
2.Test with simple use case relevant to your work
3.Evaluate output quality and relevance
4.Iterate on prompts to improve results
5.Integrate into regular workflow if valuable

Common Pitfalls

⚠Expecting perfect results without iteration
⚠Not providing enough context in prompts
⚠Using skill for tasks outside its intended scope
⚠Accepting outputs without review and validation

Best Practices▌

✓ Do

+Start with clear, specific prompts
+Provide relevant context and constraints
+Review and refine all outputs before using
+Iterate to improve output quality
+Document successful prompt patterns

✗ Don't

−Don't use without understanding skill limitations
−Don't skip validation of outputs
−Don't share sensitive information in prompts
−Don't expect skill to replace human judgment

💡 Pro Tips

★Be specific about desired format and style
★Ask for multiple options to choose from
★Request explanations to understand reasoning
★Combine AI efficiency with human expertise

When to Use This▌

✓ Use When

Use when skill capabilities match your task, clear ROI on time saved, and you can validate outputs. Best for repetitive tasks, learning, and quality improvement.

✗ Avoid When

Avoid when task requires deep expertise you can't validate, involves sensitive decisions, or when learning process is more valuable than speed of completion.

Learning Path▌

1Familiarize yourself with skill capabilities and limitations
2Start with low-risk, non-critical tasks
3Progress to more complex and valuable use cases
4Build expertise through regular use and experimentation

Discussion

Product Hunt–style comments (not star reviews)

No comments yet — start the thread.

general reviews

Ratings

4.7★★★★★26 reviews

★★★★★Shikha Mishra· Dec 20, 2024
security-ownership-map fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
★★★★★Lucas Taylor· Dec 20, 2024
We added security-ownership-map from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
★★★★★Ganesh Mohane· Dec 12, 2024
Keeps context tight: security-ownership-map is the kind of skill you can hand to a new teammate without a long onboarding doc.
★★★★★Sakshi Patil· Nov 3, 2024
security-ownership-map has been reliable in day-to-day use. Documentation quality is above average for community skills.
★★★★★Chaitanya Patil· Oct 22, 2024
Solid pick for teams standardizing on skills: security-ownership-map is focused, and the summary matches what you get after install.
★★★★★Ama Desai· Sep 25, 2024
Keeps context tight: security-ownership-map is the kind of skill you can hand to a new teammate without a long onboarding doc.
★★★★★Anaya Ghosh· Sep 17, 2024
security-ownership-map is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
★★★★★Rahul Santra· Sep 13, 2024
Registry listing for security-ownership-map matched our evaluation — installs cleanly and behaves as described in the markdown.
★★★★★Olivia Rahman· Aug 16, 2024
security-ownership-map is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
★★★★★Naina Singh· Aug 8, 2024
Keeps context tight: security-ownership-map is the kind of skill you can hand to a new teammate without a long onboarding doc.

showing 1-10 of 26

1 / 3