Does it support Zero Trust architecture?

Yes, the skill is built on key principles including Zero Trust, Least Privilege, Defense in Depth, and Security by Design.

What kind of vulnerability reports does the skill generate?

It generates reports that classify findings by severity—Critical, High, Medium, and Low—providing clear impact descriptions and recommended response timelines.

Which tools does the skill use to analyze code?

The skill utilizes Read, Write, Grep, Glob, Bash, and WebSearch to thoroughly scan the codebase for insecure patterns and cross-reference with security databases.

How does this skill use OWASP guidelines?

It performs a systematic check against the OWASP Top 10 list, including Injection, Broken Access Control, and SSRF, ensuring the codebase meets industry-standard security benchmarks.

Can it help with authentication design?

Yes, it provides specific recommendations for JWT, session management, and authorization models like RBAC and ABAC to ensure secure user access.

Security Review & Vulnerability Analysis

Name: Security Review & Vulnerability Analysis
Author: aimskr

byaimskr

Security & Testing

Performs systematic security audits and vulnerability assessments based on OWASP guidelines to ensure robust application architecture.

About

The Security Review skill provides a structured framework for auditing codebases, designing secure authentication systems, and identifying potential vulnerabilities before deployment. By following a multi-phase process—ranging from attack surface mapping to rigorous OWASP Top 10 verification—it helps developers implement Zero Trust principles and Defense in Depth strategies. It automates the identification of critical risks such as injection and broken access control while providing prioritized remediation reports and long-term security design recommendations to harden your application against modern threats.

Key Features

0 GitHub stars
Systematic OWASP Top 10 (2021) vulnerability verification and checklist
Secure design recommendations for JWT, session management, and RBAC/ABAC models
Sensitive data flow tracing to prevent cryptographic failures and data leaks
Comprehensive attack surface mapping for inputs, file uploads, and API endpoints
Prioritized vulnerability reporting with severity classification (Critical to Low)

Use Cases

Pre-deployment security checklist verification for production-ready codebases
Designing and auditing complex authentication and authorization workflows
Identifying and remediating sensitive data handling flaws in legacy systems

About

Key Features

0 GitHub stars
Systematic OWASP Top 10 (2021) vulnerability verification and checklist
Secure design recommendations for JWT, session management, and RBAC/ABAC models
Sensitive data flow tracing to prevent cryptographic failures and data leaks
Comprehensive attack surface mapping for inputs, file uploads, and API endpoints
Prioritized vulnerability reporting with severity classification (Critical to Low)

Use Cases

Pre-deployment security checklist verification for production-ready codebases
Designing and auditing complex authentication and authorization workflows
Identifying and remediating sensitive data handling flaws in legacy systems