Can this skill help with PCI DSS or GDPR compliance?

Yes, it includes specific checks for sensitive data protection, encryption, and access control that are foundational for GDPR and PCI DSS compliance.

Can I audit my server configurations with this skill?

Yes, it includes templates and checks for Apache security headers, Node.js middleware like Helmet, and rate-limiting configurations.

How does it categorize the severity of found issues?

It uses the CVSS 3.1 scoring system, ranking vulnerabilities from Low (0.1-3.9) to Critical (9.0-10.0) based on their potential impact and exploitability.

Which security standards does the Security Review skill support?

The skill is primarily based on the OWASP Top 10 2021 standards and references the CVE vulnerability database for up-to-date threat detection.

Does it provide code examples for fixing vulnerabilities?

Yes, the skill provides side-by-side comparisons of 'Dangerous' vs. 'Secure' code to guide developers through the remediation process.

Security Review

Name: Security Review
Author: Protagonistss

byProtagonistss

0•

セキュリティとテスト

Performs comprehensive security audits and vulnerability assessments based on OWASP standards to identify and mitigate code-level risks.

The Security Review skill provides advanced security analysis capabilities for Claude, enabling the identification of common vulnerabilities such as SQL injection, Cross-Site Scripting (XSS), and broken access control. By leveraging the OWASP Top 10 2021 framework and CVE databases, it evaluates codebases for authentication weaknesses, sensitive data exposure, and insecure configurations. The skill goes beyond simple detection by providing prioritized remediation plans using CVSS 3.1 scoring, secure coding examples, and integration patterns for CI/CD pipelines, making it an essential tool for developers looking to build resilient and compliant applications.

主な機能

01Automated detection of OWASP Top 10 vulnerabilities including Injection and XSS

02Configuration auditing for web servers, Node.js environments, and CI/CD workflows

03Detailed security report generation with prioritized remediation steps

04Sensitive data handling analysis and encryption implementation checks

05Comprehensive risk assessment using the CVSS 3.1 scoring system

060 GitHub stars

ユースケース

01Modernizing legacy code by replacing insecure patterns with protected coding standards

02Performing a pre-release security audit to identify critical vulnerabilities in a new feature

03Generating professional security reports for compliance checks or stakeholder reviews

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add protagonistss/ithinku-plugins security-review

For use in Claude.ai and ChatGPT

Download Skill