Does it generate formal reports?

Yes, the skill includes a standardized security report template for documenting findings, risk levels, and recommended next steps.

Is it suitable for API security testing?

Absolutely. It contains specific checks for API-related vulnerabilities, including authentication tokens, JWT management, and sensitive data exposure.

Does this skill perform automated scanning?

Yes, the QA Security Scan skill can integrate with the Codex CLI MCP to perform automated security scans in addition to its manual checklist-based assessments.

Which security standards are supported?

The skill is primarily aligned with the OWASP Top 10, covering major risks like injection, broken access control, and cross-site scripting (XSS).

Can it help fix identified vulnerabilities?

Yes, it includes remediation guidance for each check, providing 'Bad' vs 'Good' code examples to help developers implement secure coding patterns.

QA Security Scan

Name: QA Security Scan
Author: takemi-ohama

bytakemi-ohama

Security & Testing

Conducts comprehensive security audits and vulnerability assessments using OWASP-aligned checklists and automated scanning integrations.

About

The QA Security Scan skill empowers Claude to perform professional-grade security evaluations of codebases and web applications. It provides structured checklists based on the OWASP Top 10, systematic verification for authentication and authorization logic, and data protection audits. By offering specific remediation patterns and integrating with tools like Codex CLI, it helps developers identify risks such as SQL injection, XSS, and broken access control early in the development lifecycle, ultimately producing structured, executive-ready security reports.

Key Features

Systematic OWASP Top 10 vulnerability checklists
Automated security report generation
Data protection and encryption auditing
0 GitHub stars
Authentication and session management verification
Codex CLI MCP integration for scanning automation

Use Cases

Generating structured security compliance reports for stakeholders
Pre-deployment security audits for web applications
Automated vulnerability scanning during development cycles

About

Key Features

Systematic OWASP Top 10 vulnerability checklists
Automated security report generation
Data protection and encryption auditing
0 GitHub stars
Authentication and session management verification
Codex CLI MCP integration for scanning automation

Use Cases

Generating structured security compliance reports for stakeholders
Pre-deployment security audits for web applications
Automated vulnerability scanning during development cycles