How does this differ from standard static analysis (SAST) tools?

Unlike static tools, this skill uses a multi-phase workflow that incorporates threat modeling and LLM-powered reasoning to identify complex logic flaws and architectural risks that simple pattern matching often misses.

Does this skill require specific AI capabilities?

Yes, this skill is optimized to work with the Gemini CLI, leveraging its large context window to analyze multiple files and directory structures simultaneously for a holistic security view.

Is it safe to run against my source code?

Yes, the skill performs a passive analysis of your source code and configurations. It does not attempt to exploit live environments or perform destructive actions on your infrastructure.

Can it help me meet compliance standards like SOC 2 or HIPAA?

While it is not a certification tool, it includes specific phases to profile your application's data sensitivity and compliance requirements to ensure the audit focuses on relevant regulatory controls.

Comprehensive Security Audit

Name: Comprehensive Security Audit
Author: Expanly

byExpanly

Seguridad y Pruebas

Conducts a multi-phase security audit featuring threat modeling, vulnerability discovery, and detailed remediation planning.

Acerca de

The Comprehensive Security Audit skill provides a structured 7-phase workflow for identifying and mitigating security risks within your codebase. By guiding developers through professional threat modeling, automated attack surface mapping, and deep vulnerability analysis powered by Gemini, it moves beyond basic automated scanning to offer contextual insights into authentication, authorization, and business logic flaws. It is an essential tool for teams preparing for production releases, conducting post-incident reviews, or ensuring compliance with major standards like OWASP Top 10, GDPR, and PCI-DSS.

Características Principales

Human-in-the-loop checkpoints for nuanced security context gathering
Context-aware threat modeling and application profiling
Detailed remediation reports with exploit scenarios and fix examples
Automated attack surface discovery and sensitive data flow mapping
Deep vulnerability analysis covering OWASP Top 10 and logic flaws
0 GitHub stars

Casos de Uso

Auditing legacy codebases for hidden vulnerabilities and technical debt
Preparing for professional penetration testing or compliance audits
Performing pre-deployment security reviews for high-stakes features

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add expanly/expanly-claude-code-agents comprehensive-security-audit

For use in Claude.ai and ChatGPT

Download Skill

GitHub