Which programming languages does this security skill support?

The skill provides domain-specific security patterns for Node.js, Python, PHP, Go, Java, Kotlin, .NET (C#), Rust, and React/Frontend environments.

How does it handle third-party dependency vulnerabilities?

It prioritizes running native security audit tools (such as npm audit, pip-audit, or cargo audit) to get real-time results before cross-referencing with global CVE databases.

Does it provide actionable fixes for the vulnerabilities it finds?

Every identified risk includes a remediation plan featuring upgrade guidance, version compatibility checks, and mitigation strategies based on CVSS severity levels.

Can this skill identify logical vulnerabilities beyond static code issues?

Yes, it goes beyond simple pattern matching by utilizing taint analysis, manual logic abusability checks, and structure-aware fuzzing to find complex flaws like race conditions.

Comprehensive Security Analysis

Name: Comprehensive Security Analysis
Author: davistroy

bydavistroy

•

Security & Testing

Performs deep-dive security audits and vulnerability assessments across diverse technology stacks to identify and remediate risks.

This skill transforms Claude into a specialized security architect capable of executing a rigorous five-phase security framework. It handles everything from initial technology stack discovery and attack surface mapping to advanced vulnerability hunting using taint analysis and structure-aware fuzzing. Designed for production-grade codebases, it automates dependency auditing using native tools like npm-audit and pip-audit while providing context-aware analysis of data flows. Whether you are conducting a pre-release audit or investigating a potential breach, this skill provides actionable remediation plans and standardized CVSS risk classifications.

Key Features

01Actionable remediation planning with standardized CVSS severity scoring

02Advanced taint analysis to trace untrusted user input from source to sink

032 GitHub stars

04Multi-language support for Node.js, Python, Go, Java, .NET, Rust, and PHP

05Logic-based vulnerability hunting including race conditions and business logic flaws

06Automated dependency auditing with native tool integration and CVE verification

Use Cases

01Conducting pre-release security audits to identify injection and access control flaws

02Tracing complex data flows to prevent sensitive data exposure and PII leaks

03Automating the detection and patching of vulnerable third-party dependencies

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add davistroy/claude-marketplace security-analysis

For use in Claude.ai and ChatGPT

Download Skill