Can it detect hardcoded secrets and API keys?

Yes, it is specifically configured to identify hardcoded tokens, private keys, and PII (Personally Identifiable Information) that should not be stored in your repository.

Does this skill modify my source code automatically?

No, the Security Review skill is designed to use read-only tools to analyze your files and provide remediation guidance for you to review and implement manually.

What methodology does the skill use for threat modeling?

The skill typically follows the STRIDE framework, focusing on Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

How does it handle third-party dependency risks?

It reviews lockfiles and new dependencies to ensure they are minimal, justified, and vetted for known risks before they are integrated into your project.

Security Review Specialist

Name: Security Review Specialist
Author: nicholasgriffintn

bynicholasgriffintn

セキュリティとテスト

Conducts comprehensive security audits, threat modeling, and remediation guidance for software projects using standardized safety frameworks.

概要

The Security Review skill empowers Claude to perform deep-dive security assessments across your codebase, focusing on critical areas such as authentication, data validation, and secrets management. By utilizing read-only tools like Grep and Glob, it identifies potential vulnerabilities—including unsanitized inputs, hardcoded credentials, and dependency risks—without making unauthorized changes. It follows a structured workflow to provide actionable remediation notes and ensure that security best practices, such as the STRIDE model, are integrated directly into your development lifecycle.

主な機能

Validation of authentication and authorization logic for least-privilege compliance.
Input/Output sanitization audits to prevent injection, XSS, and SSRF attacks.
Automated threat modeling to identify entry points and trust boundaries.
0 GitHub stars
Security-focused dependency risk assessment and lockfile verification.
Deep scan for hardcoded secrets, PII, and sensitive credentials in logs or configs.

ユースケース

Reviewing code changes for new public endpoints or external API integrations.
Evaluating third-party dependency upgrades for potential supply chain vulnerabilities.
Auditing authentication and permission systems after a major architecture refactor.

概要

主な機能

Validation of authentication and authorization logic for least-privilege compliance.
Input/Output sanitization audits to prevent injection, XSS, and SSRF attacks.
Automated threat modeling to identify entry points and trust boundaries.
0 GitHub stars
Security-focused dependency risk assessment and lockfile verification.
Deep scan for hardcoded secrets, PII, and sensitive credentials in logs or configs.

ユースケース

Reviewing code changes for new public endpoints or external API integrations.
Evaluating third-party dependency upgrades for potential supply chain vulnerabilities.
Auditing authentication and permission systems after a major architecture refactor.