Does it provide remediation advice?

Absolutely; every generated report includes detailed remediation steps to help developers fix identified security flaws effectively.

Is it safe to use on live environments?

While the skill is designed for security testing, you should always ensure you have explicit authorization and defined scopes before scanning any production system.

What tools does this skill utilize?

It utilizes the penetration-tester plugin in conjunction with filesystem tools like Grep, Glob, and Bash to analyze code and execute scans.

Can this skill perform full-scale penetration tests?

Yes, it initiates comprehensive scans on specified domains to identify vulnerabilities like SQL injection, Cross-Site Scripting (XSS), and CSRF.

Can it test REST APIs?

Yes, the skill can target specific API endpoints to check for authentication bypasses, authorization issues, and improper data exposure.

Penetration Testing & Security Audit

Name: Penetration Testing & Security Audit
Author: jeremylongshore

byjeremylongshore

•

883

Seguridad y Pruebas

Conducts automated security vulnerability assessments and penetration tests on web applications and APIs.

Acerca de

This skill empowers Claude to act as an automated security professional, identifying critical vulnerabilities such as those found in the OWASP Top 10. By leveraging the penetration-tester plugin, it scans web applications and API endpoints to uncover flaws like SQL injection, XSS, and CSRF. It goes beyond simple identification by suggesting exploitation techniques for proof-of-concept demonstrations and generating comprehensive reports complete with risk ratings and remediation steps, making it an essential tool for developers and security engineers aiming to harden their web infrastructure.

Características Principales

883 GitHub stars
API endpoint security and authorization testing
Exploitation technique suggestions for proof-of-concept
Automated OWASP Top 10 vulnerability scanning
Actionable remediation advice and risk prioritization
Detailed penetration test report generation

Casos de Uso

Performing a full security audit on a production or staging domain
Testing specific API endpoints for authentication and authorization flaws
Generating security compliance reports for stakeholders and developers

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills penetration-tester

For use in Claude.ai and ChatGPT

Download Skill

GitHub