What is the Ghost Security Validator skill?

It is a specialized Claude Code skill that analyzes application code and live environments to determine if a reported security finding is a true positive or a false positive.

Which vulnerability classes can this skill validate?

It is designed to validate a wide range of vulnerabilities, including BFLA, BOLA (IDOR), SQL injection, XSS, SSRF, and general authentication flaws.

Does it provide remediation advice?

Yes, for every True Positive finding, the skill provides a specific recommendation on how to fix the vulnerability, such as adding ownership checks or sanitizing inputs.

Can I use it with my own security scanner results?

Absolutely. You can provide findings via file paths or pasted text, and the skill will extract the relevant details to begin the validation workflow.

How does it handle live vulnerability testing?

The skill can utilize a proxy to intercept, modify, and replay requests against a running application to confirm if a specific exploit vector is actually reachable and successful.

Ghost Security Validator

Name: Ghost Security Validator
Author: ghostsecurity

byghostsecurity

•

357

•

セキュリティとテスト

Validates security vulnerability findings by tracing data flows, analyzing source code, and verifying exploit conditions.

Ghost Security Validator is a specialized skill designed for AI coding agents to accurately triage and confirm security vulnerabilities within an application. By performing deep data flow analysis, verifying authentication and authorization logic, and optionally utilizing the Reaper proxy for live exploit testing, it distinguishes between true positives and false positives with high precision. This skill is indispensable for security engineers and developers who need to automate the triage process of security scanner outputs or manual findings, providing detailed evidence and actionable remediation advice for every validated threat.

主な機能

01Automated data flow tracing and source code analysis to verify vulnerability claims.

02Direct persistence of validation results into existing security finding documentation.

03Deep inspection of middleware, helpers, and ORM constraints to identify hidden protections.

04Standardized reporting with confidence levels and specific code-level evidence.

05357 GitHub stars

06Live exploit verification using integrated proxy tools for real-world confirmation.

ユースケース

01Confirming complex business logic flaws like BOLA or BFLA through authenticated live testing.

02Generating detailed remediation reports and evidence for security audit compliance.

03Triaging high volumes of static analysis (SAST) or dynamic analysis (DAST) scanner outputs.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add ghostsecurity/skills validate

For use in Claude.ai and ChatGPT

Download Skill