Which security standards does the Security Analyst skill support?

The skill uses the OWASP Top 10 (2021), the CWE database (700+ types), CVSS v3.1 scoring, and frameworks like MITRE ATT&CK.

Can this skill help with SOC2 or ISO 27001 compliance?

Yes, it specifically maps security findings to controls in SOC2 Type II, ISO 27001:2022, PCI-DSS v4.0, HIPAA, and the NIST Cybersecurity Framework.

Does it provide code-level remediation advice?

Absolutely. For every classified vulnerability, the skill provides prioritized remediation plans including immediate patches, short-term mitigations, and long-term prevention strategies.

How does it prioritize security findings?

It uses a risk score formula (Impact × Exploitability / Detection Time) combined with CVSS scores to categorize findings into four priority tiers: Critical, High, Medium, and Low.

Security Analyst

Name: Security Analyst
Author: jpoley

byjpoley

•

보안 및 테스팅

Performs expert-level security audits, vulnerability assessments, and compliance mapping using industry standards like OWASP and CVSS v3.1.

The Security Analyst skill transforms Claude into a senior security professional with deep expertise in vulnerability triage, risk quantification, and regulatory compliance. By leveraging the CWE database and OWASP Top 10 frameworks, this skill allows users to accurately classify security findings, calculate precise CVSS v3.1 scores, and map technical gaps to major compliance standards such as SOC2, ISO 27001, HIPAA, and PCI-DSS. It is an essential tool for development teams and security engineers who need to translate complex technical vulnerabilities into actionable remediation plans and executive-level business impact reports.

주요 기능

01Precise CVSS v3.1 scoring with detailed vector justification and severity analysis

025 GitHub stars

03Automated vulnerability classification using CWE and OWASP Top 10 (2021) standards

04Cross-mapping of security findings to SOC2, ISO 27001, HIPAA, and PCI-DSS controls

05Business risk quantification including ALE, SLE, and qualitative impact assessment

06Prioritized remediation guidance with estimated effort and ROI metrics

사용 사례

01Triaging and prioritizing security scanner outputs from tools like Semgrep, Snyk, or OWASP ZAP

02Generating executive summaries that translate technical vulnerabilities into business risk for stakeholders

03Mapping codebase weaknesses to specific regulatory compliance requirements during pre-audit reviews

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jpoley/flowspec security-analyst

For use in Claude.ai and ChatGPT

Download Skill