What security frameworks does this skill support?

The skill references NIST CSF 2.0, CIS Controls v8, NIST SSDF, OWASP ASVS, OWASP Top 10, MITRE ATT&CK, SLSA, and OpenSSF Scorecard.

Can it audit blockchain and smart contracts?

Yes, it includes specific guidelines for protocol invariants, upgradeability, oracle threats, and ZK circuit soundness constraints.

Is this skill useful for threat modeling?

Absolutely. It uses the STRIDE methodology (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) to identify risks.

How are security findings presented?

Findings are structured in a standardized format including severity, category, location, impact, and actionable recommendations with framework references.

Does it help with supply chain security?

Yes, it assesses dependency integrity, build provenance, and CI/CD pipeline security using SLSA and OpenSSF standards.

Security Research & Audit

Name: Security Research & Audit
Author: ClementWalter

byClementWalter

•

Seguridad y Pruebas

Conducts comprehensive security reviews and threat modeling based on industry-standard frameworks like NIST and OWASP.

Acerca de

This skill empowers Claude to act as a senior security researcher, providing structured audits of codebases, architectural designs, and infrastructure configurations. By leveraging canonical control frameworks such as NIST CSF 2.0, CIS Controls v8, and the OWASP Top 10, it identifies vulnerabilities across identity management, cryptography, supply chain integrity, and smart contracts. It is particularly valuable during threat modeling sessions, pull request reviews, or when preparing for high-stakes production deployments to ensure systems are resilient against modern adversary techniques.

Características Principales

Specialized audits for blockchain protocols and ZK circuit soundness
Standardized vulnerability reporting with severity and remediation steps
Multi-framework compliance mapping including NIST, CIS, and OWASP ASVS
STRIDE-based threat modeling for architecture and trust boundaries
2 GitHub stars
Supply chain security analysis using SLSA and OpenSSF Scorecard

Casos de Uso

Auditing application code and PRs for OWASP Top 10 vulnerabilities
Assessing CI/CD pipeline integrity and third-party dependency risks
Performing threat modeling for new cloud infrastructure and system designs

Acerca de

Características Principales

Specialized audits for blockchain protocols and ZK circuit soundness
Standardized vulnerability reporting with severity and remediation steps
Multi-framework compliance mapping including NIST, CIS, and OWASP ASVS
STRIDE-based threat modeling for architecture and trust boundaries
2 GitHub stars
Supply chain security analysis using SLSA and OpenSSF Scorecard

Casos de Uso

Auditing application code and PRs for OWASP Top 10 vulnerabilities
Assessing CI/CD pipeline integrity and third-party dependency risks
Performing threat modeling for new cloud infrastructure and system designs