Can it scan external dependencies?

Yes, it uses integrated WebSearch and WebFetch tools to cross-reference your project's framework and library versions against the latest authoritative CVE databases and advisories.

Can it audit database access controls?

Yes, it analyzes database schemas and query patterns using MCP tools to ensure least-privilege access and identify potential tenancy isolation breaches or weak row filtering.

How does the Security Review skill identify vulnerabilities?

It uses a combination of static code analysis, threat modeling frameworks like STRIDE, and dynamic testing simulations to find authorization gaps, session flaws, and injection vulnerabilities.

What security standards does it follow?

The skill aligns its assessments with industry-standard benchmarks including the OWASP ASVS (Application Security Verification Standard) and the OWASP API Security Top 10.

Does it provide remediation steps?

Every finding includes a detailed impact analysis, a concrete exploit path, and specific code-level fix recommendations along with verification steps to ensure the patch works.

Security Review & Vulnerability Analysis

Name: Security Review & Vulnerability Analysis
Author: EdWrld

byEdWrld

Seguridad y Pruebas

Conducts deep adversarial security audits of API endpoints, UI flows, and database interactions to identify and fix vulnerabilities.

Acerca de

This skill empowers Claude to perform comprehensive, red-team style security assessments across your entire application stack. It systematically maps API endpoints to UI flows, performs threat modeling using frameworks like STRIDE and OWASP, and executes deep-dive audits into authorization gaps, injection surfaces, and session management. Whether you are conducting a routine permission audit or a complex vulnerability analysis, this skill provides actionable reports featuring prioritized findings, concrete exploit paths, and step-by-step remediation guidance to harden your codebase.

Características Principales

0 GitHub stars
Red-team style threat modeling using STRIDE and LINDDUN frameworks
Real-time vulnerability intelligence via WebSearch for dependencies and CVEs
Comprehensive API and UI flow mapping to identify trust boundaries
Prioritized reporting with concrete exploit paths and fix recommendations
Deep-dive auditing for IDOR, privilege escalation, and injection vulnerabilities

Casos de Uso

Auditing a new feature's API endpoints for horizontal and vertical privilege escalation
Investigating potential business logic flaws and rate-limiting gaps in critical workflows
Performing a pre-release security scan of database-interacting code and input validation

Acerca de

Características Principales

0 GitHub stars
Red-team style threat modeling using STRIDE and LINDDUN frameworks
Real-time vulnerability intelligence via WebSearch for dependencies and CVEs
Comprehensive API and UI flow mapping to identify trust boundaries
Prioritized reporting with concrete exploit paths and fix recommendations
Deep-dive auditing for IDOR, privilege escalation, and injection vulnerabilities

Casos de Uso

Auditing a new feature's API endpoints for horizontal and vertical privilege escalation
Investigating potential business logic flaws and rate-limiting gaps in critical workflows
Performing a pre-release security scan of database-interacting code and input validation