Does it generate formal reports?

Yes, the skill includes a standardized security report template for documenting findings, risk levels, and recommended next steps.

Is it suitable for API security testing?

Absolutely. It contains specific checks for API-related vulnerabilities, including authentication tokens, JWT management, and sensitive data exposure.

Does this skill perform automated scanning?

Yes, the QA Security Scan skill can integrate with the Codex CLI MCP to perform automated security scans in addition to its manual checklist-based assessments.

Which security standards are supported?

The skill is primarily aligned with the OWASP Top 10, covering major risks like injection, broken access control, and cross-site scripting (XSS).

Can it help fix identified vulnerabilities?

Yes, it includes remediation guidance for each check, providing 'Bad' vs 'Good' code examples to help developers implement secure coding patterns.

QA Security Scan

Name: QA Security Scan
Author: takemi-ohama

bytakemi-ohama

0•

Security & Testing

Conducts comprehensive security audits and vulnerability assessments using OWASP-aligned checklists and automated scanning integrations.

The QA Security Scan skill empowers Claude to perform professional-grade security evaluations of codebases and web applications. It provides structured checklists based on the OWASP Top 10, systematic verification for authentication and authorization logic, and data protection audits. By offering specific remediation patterns and integrating with tools like Codex CLI, it helps developers identify risks such as SQL injection, XSS, and broken access control early in the development lifecycle, ultimately producing structured, executive-ready security reports.

Key Features

01Systematic OWASP Top 10 vulnerability checklists

02Automated security report generation

03Data protection and encryption auditing

040 GitHub stars

05Authentication and session management verification

06Codex CLI MCP integration for scanning automation

Use Cases

01Generating structured security compliance reports for stakeholders

02Pre-deployment security audits for web applications

03Automated vulnerability scanning during development cycles

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add takemi-ohama/ai-agent-marketplace qa-security-scan

For use in Claude.ai and ChatGPT

Download Skill