What security standards does this skill follow?

This skill is built upon the OWASP Top 10 for identifying web vulnerabilities and the STRIDE methodology for comprehensive threat modeling during the design phase.

Can this skill help me prevent hardcoded secrets?

Yes, it provides specific guidance on using environment variables, secrets managers, and pre-commit hooks like TruffleHog to prevent sensitive data from entering your repository.

Does it support vulnerability scanning for dependencies?

The skill includes standardized auditing procedures for multiple ecosystems including JavaScript (npm), Python (pip), Go, and Rust to identify outdated or vulnerable components.

How does it assist with authentication implementation?

It provides a detailed checklist covering MFA, session rotation, password complexity policies, and secure JWT handling to ensure robust identity management.

Security Review

Name: Security Review
Author: doancan

bydoancan

•

セキュリティとテスト

Provides comprehensive security guidance based on OWASP Top 10 and STRIDE threat modeling to harden applications against vulnerabilities.

The Security Review skill equips Claude with specialized knowledge to conduct thorough security audits, implement robust authentication patterns, and perform threat modeling during the development lifecycle. By following industry standards like the OWASP Top 10 and the STRIDE methodology, this skill helps developers identify risks, manage secrets securely, and configure HTTP security headers, ensuring applications remain resilient against modern cyber threats from initial design through to production deployment.

主な機能

01Standardized HTTP security header and dependency audit configurations

02Comprehensive OWASP Top 10 compliance checklists and mitigation strategies

031 GitHub stars

04Detailed authentication and authorization framework implementation guides

05Secure coding patterns for input validation, password hashing, and output encoding

06STRIDE-based threat modeling for systematic design-phase risk analysis

ユースケース

01Designing a new feature architecture using data flow diagrams and STRIDE threat analysis

02Conducting a security audit on an existing codebase to find injection or access control flaws

03Implementing secure secret management and CI/CD dependency scanning workflows

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add doancan/mags security-review

For use in Claude.ai and ChatGPT

Download Skill