What types of vulnerabilities can it detect?

The skill focuses on the OWASP Top 10, including SQL injection, Cross-Site Scripting (XSS), CSRF, broken authentication, and sensitive data exposure.

Is the exploitation feature safe to use?

The skill is designed to use safe exploitation techniques to demonstrate proof-of-concept vulnerabilities without causing data loss or system downtime.

Does it provide a final security report?

Yes, the skill generates a comprehensive report that outlines discovered flaws, assigns risk ratings, and suggests specific code changes for remediation.

Can I use this for API security testing?

Absolutely. You can target specific API endpoints to identify flaws such as authentication bypass, improper authorization, and insecure data handling.

Does this skill require authorization to run?

Yes. You must always ensure you have explicit, written authorization before performing penetration testing or vulnerability assessments on any target system.

Security Penetration Tester

Name: Security Penetration Tester
Author: jeremylongshore

byjeremylongshore

•

883

Security & Testing

Automates web application penetration testing and vulnerability assessments to identify OWASP Top 10 threats and provide remediation guidance.

About

This skill empowers developers and security professionals to conduct automated security audits of web applications and APIs directly within the Claude Code environment. By leveraging a specialized penetration testing plugin, it systematically identifies critical vulnerabilities—including SQL injection, XSS, and CSRF—simulates safe exploitation techniques, and generates comprehensive reports with actionable remediation steps to harden your application's security posture.

Key Features

Automated OWASP Top 10 vulnerability scanning
Detailed remediation and patching recommendations
Targeted API endpoint security assessments
883 GitHub stars
Comprehensive security reporting with risk ratings
Safe exploitation technique simulations

Use Cases

Generating detailed security audit reports for compliance and stakeholder review.
Conducting a formal vulnerability assessment on production-ready API endpoints.
Identifying and remediating SQL injection and XSS vulnerabilities in a web application.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills penetration-tester

For use in Claude.ai and ChatGPT

Download Skill

GitHub