Can it help with supply chain security?

Absolutely, it provides specific guidance and checklists for achieving SLSA compliance levels 1 through 4, covering build provenance and source integrity.

Does this skill check for OWASP vulnerabilities?

Yes, it includes a comprehensive checklist for the OWASP Top 10 including injection, broken access control, and SSRF.

How does it handle threat modeling?

It utilizes the STRIDE framework (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) to identify and mitigate architectural threats.

What kind of security reports does it generate?

It generates standardized vulnerability reports that include severity levels, CVSS scores, descriptions of affected components, and actionable remediation steps.

Security Reviewer

Name: Security Reviewer
Author: jpoley

byjpoley

•

Seguridad y Pruebas

Conducts comprehensive security audits, threat modeling, and compliance verification to harden software against vulnerabilities.

The Security Reviewer skill equips Claude with the expertise of a senior security engineer to perform deep-dive code reviews, conduct STRIDE-based threat modeling, and ensure SLSA supply chain compliance. It provides structured guidance through OWASP Top 10 checklists, validates security headers, and implements secure coding patterns to prevent common exploits like injection and broken access control. Whether you are performing a pre-deployment audit or documenting security requirements, this skill ensures your development lifecycle adheres to industry-leading security standards and best practices.

Características Principales

01OWASP Top 10 vulnerability assessment and checklists

02SLSA supply chain compliance level verification

03Automated secure coding pattern implementation

048 GitHub stars

05STRIDE framework for architectural threat modeling

06Standardized vulnerability report generation with CVSS scores

Casos de Uso

01Verifying SLSA compliance for CI/CD pipeline security

02Performing automated security audits on pull requests

03Conducting architectural threat modeling during the design phase

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jpoley/flowspec security-reviewer

For use in Claude.ai and ChatGPT

Download Skill