Is this skill useful for reviewing third-party dependencies?

Yes, the vulnerability scan stage explicitly includes reviewing dependency and supply chain security to catch known vulnerabilities in external packages.

How does it handle risk prioritization?

It uses a CVSS-aligned severity scale (Critical, High, Medium, Low) to rank findings based on exploitability, impact, and data exposure risk.

What security frameworks does this skill support?

This skill leverages the STRIDE framework for systematic threat identification and maps findings against the OWASP Top 10 and CWE (Common Weakness Enumeration) databases.

Can it provide actual code fixes for vulnerabilities?

Yes, every finding includes a specific remediation plan that provides secure code examples and actionable steps to resolve the identified risk.

Security Engineering

Name: Security Engineering
Author: outfitter-dev

byoutfitter-dev

•

Seguridad y Pruebas

Conducts systematic security audits and threat modeling using OWASP patterns, STRIDE analysis, and CVSS-aligned risk assessments.

The Security Engineering skill provides a professional-grade framework for auditing codebases, reviewing authentication flows, and identifying potential vulnerabilities before they reach production. It guides developers through a structured five-stage workflow—from initial threat modeling and attack surface mapping to vulnerability scanning and remediation planning. By leveraging industry standards like the OWASP Top 10 and the STRIDE framework, it helps identify critical issues such as injection vulnerabilities, broken access controls, and cryptographic failures, providing clear, severity-ranked findings with actionable code fixes.

Características Principales

01Automated mapping of application attack surfaces and trust boundaries

02STRIDE-based threat modeling and attack tree generation

032 GitHub stars

04CVSS-aligned risk assessment with severity-ranked findings

05Actionable remediation plans with secure code implementation examples

06Comprehensive vulnerability scanning against OWASP Top 10 and CWE patterns

Casos de Uso

01Performing a security-focused deep dive before major production releases

02Reviewing authentication and authorization logic for potential bypass vulnerabilities

03Auditing codebase for injection flaws, XSS, and sensitive data exposure

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add outfitter-dev/outfitter security

For use in Claude.ai and ChatGPT

Download Skill