Can I use this for GDPR or HIPAA compliance?

While it includes data protection checklists relevant to GDPR and HIPAA, it should be used as a support tool for developers rather than a replacement for a formal legal or compliance certification.

How does it help with authentication logic?

The skill provides standardized patterns for secure password hashing (Argon2), JWT management, and Role-Based Access Control (RBAC) to ensure your implementation follows industry best practices.

Does this skill perform live penetration testing?

No, it provides static analysis guidance, security patterns, and checklists to help you identify vulnerabilities during development and code review within the Claude Code environment.

What tools does this skill recommend for automated scanning?

It suggests industry-standard tools like snyk and npm audit for dependencies, bandit for Python static analysis, and trufflehog for secret detection in your repository.

Security Auditing

Name: Security Auditing
Author: jeanluciano

byjeanluciano

•

Seguridad y Pruebas

Audits code for security vulnerabilities using OWASP standards, input validation checks, and comprehensive authentication reviews.

This skill equips Claude with specialized knowledge to identify and mitigate security risks across the entire software development lifecycle. It provides actionable checklists based on the OWASP Top 10, implements secure coding patterns for authentication and authorization, and offers specific commands for dependency scanning and static analysis. Whether you are building an API from scratch or reviewing a legacy codebase, this skill ensures that security best practices—from rate limiting to secrets detection—are integrated directly into your Claude Code workflow.

Características Principales

01Comprehensive input validation and sanitization checklists to prevent XSS and SQLi

02OWASP Top 10 vulnerability scanning and mitigation strategies

03API hardening protocols for rate limiting, CORS, and security headers

0420 GitHub stars

05Integration guidance for security tools like Bandit, Snyk, and TruffleHog

06Secure authentication and authorization patterns including RBAC, JWT, and OAuth

Casos de Uso

01Scanning project dependencies and source code for hardcoded secrets and API keys

02Performing a security-focused code review before merging features into production

03Designing and implementing secure user authentication and session management systems

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeanluciano/quaestor security-auditing

For use in Claude.ai and ChatGPT

Download Skill