How does this differ from standard static analysis (SAST) tools?

Unlike static tools, this skill uses a multi-phase workflow that incorporates threat modeling and LLM-powered reasoning to identify complex logic flaws and architectural risks that simple pattern matching often misses.

Does this skill require specific AI capabilities?

Yes, this skill is optimized to work with the Gemini CLI, leveraging its large context window to analyze multiple files and directory structures simultaneously for a holistic security view.

Is it safe to run against my source code?

Yes, the skill performs a passive analysis of your source code and configurations. It does not attempt to exploit live environments or perform destructive actions on your infrastructure.

Can it help me meet compliance standards like SOC 2 or HIPAA?

While it is not a certification tool, it includes specific phases to profile your application's data sensitivity and compliance requirements to ensure the audit focuses on relevant regulatory controls.

Comprehensive Security Audit

Name: Comprehensive Security Audit
Author: Expanly

byExpanly

0•

보안 및 테스팅

Conducts a multi-phase security audit featuring threat modeling, vulnerability discovery, and detailed remediation planning.

The Comprehensive Security Audit skill provides a structured 7-phase workflow for identifying and mitigating security risks within your codebase. By guiding developers through professional threat modeling, automated attack surface mapping, and deep vulnerability analysis powered by Gemini, it moves beyond basic automated scanning to offer contextual insights into authentication, authorization, and business logic flaws. It is an essential tool for teams preparing for production releases, conducting post-incident reviews, or ensuring compliance with major standards like OWASP Top 10, GDPR, and PCI-DSS.

주요 기능

01Human-in-the-loop checkpoints for nuanced security context gathering

02Context-aware threat modeling and application profiling

03Detailed remediation reports with exploit scenarios and fix examples

04Automated attack surface discovery and sensitive data flow mapping

05Deep vulnerability analysis covering OWASP Top 10 and logic flaws

060 GitHub stars

사용 사례

01Auditing legacy codebases for hidden vulnerabilities and technical debt

02Preparing for professional penetration testing or compliance audits

03Performing pre-deployment security reviews for high-stakes features

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add expanly/expanly-claude-code-agents comprehensive-security-audit

For use in Claude.ai and ChatGPT

주요 기능

01Human-in-the-loop checkpoints for nuanced security context gathering

02Context-aware threat modeling and application profiling

03Detailed remediation reports with exploit scenarios and fix examples

04Automated attack surface discovery and sensitive data flow mapping

05Deep vulnerability analysis covering OWASP Top 10 and logic flaws

060 GitHub stars

사용 사례

01Auditing legacy codebases for hidden vulnerabilities and technical debt

02Preparing for professional penetration testing or compliance audits

03Performing pre-deployment security reviews for high-stakes features

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add expanly/expanly-claude-code-agents comprehensive-security-audit

For use in Claude.ai and ChatGPT