Does it provide actionable remediation advice?

Every security finding includes a detailed impact assessment and specific, prioritized remediation steps to help developers fix the issues immediately.

Does this skill replace manual security testing?

It complements manual testing by automating standard scans and identifying common patterns, while providing a framework for expert manual review to catch complex logic-based vulnerabilities.

What vulnerability standards does it follow?

The skill references industry standards including the OWASP Top 10, CWE, and CIS benchmarks to ensure comprehensive coverage of security risks.

Can I use this for cloud infrastructure security?

Yes, the skill includes specialized guidance for infrastructure-as-code audits, cloud configuration reviews, and DevSecOps pipeline security.

Security Reviewer

Name: Security Reviewer
Author: Jeffallan

byJeffallan

•

Security & Testing

Performs comprehensive security audits and vulnerability assessments using SAST, penetration testing, and infrastructure analysis.

The Security Reviewer skill transforms Claude into a senior security analyst capable of performing end-to-end application security audits. It combines automated scanning tools like SAST and secret detection with expert manual code analysis to identify critical vulnerabilities such as SQL injection, XSS, and broken authentication. Designed for DevSecOps workflows, this skill provides actionable reports featuring CVSS-based severity ratings, specific file locations, and remediation guidance to harden both application code and cloud infrastructure.

Key Features

01Automated Static Analysis Security Testing (SAST) and dependency auditing

02Identification of hardcoded secrets, API keys, and sensitive credentials

03Manual logic review for authentication and authorization flaws

04Infrastructure-as-Code (IaC) and cloud security configuration scanning

057 GitHub stars

06Comprehensive reporting with severity ratings and remediation steps

Use Cases

01Validating cloud infrastructure templates against security best practices

02Conducting a pre-production security audit to identify critical vulnerabilities

03Scanning repositories for leaked secrets or insecure dependency versions

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeffallan/claude-skills security-reviewer

For use in Claude.ai and ChatGPT

Download Skill