Can it help with supply chain security?

Absolutely, it provides specific guidance and checklists for achieving SLSA compliance levels 1 through 4, covering build provenance and source integrity.

Does this skill check for OWASP vulnerabilities?

Yes, it includes a comprehensive checklist for the OWASP Top 10 including injection, broken access control, and SSRF.

How does it handle threat modeling?

It utilizes the STRIDE framework (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) to identify and mitigate architectural threats.

What kind of security reports does it generate?

It generates standardized vulnerability reports that include severity levels, CVSS scores, descriptions of affected components, and actionable remediation steps.

Security Reviewer

Name: Security Reviewer
Author: jpoley

byjpoley

•

Security & Testing

Conducts comprehensive security audits, threat modeling, and compliance verification to harden software against vulnerabilities.

About

The Security Reviewer skill equips Claude with the expertise of a senior security engineer to perform deep-dive code reviews, conduct STRIDE-based threat modeling, and ensure SLSA supply chain compliance. It provides structured guidance through OWASP Top 10 checklists, validates security headers, and implements secure coding patterns to prevent common exploits like injection and broken access control. Whether you are performing a pre-deployment audit or documenting security requirements, this skill ensures your development lifecycle adheres to industry-leading security standards and best practices.

Key Features

OWASP Top 10 vulnerability assessment and checklists
SLSA supply chain compliance level verification
Automated secure coding pattern implementation
8 GitHub stars
STRIDE framework for architectural threat modeling
Standardized vulnerability report generation with CVSS scores

Use Cases

Verifying SLSA compliance for CI/CD pipeline security
Performing automated security audits on pull requests
Conducting architectural threat modeling during the design phase

About

Key Features

OWASP Top 10 vulnerability assessment and checklists
SLSA supply chain compliance level verification
Automated secure coding pattern implementation
8 GitHub stars
STRIDE framework for architectural threat modeling
Standardized vulnerability report generation with CVSS scores

Use Cases

Verifying SLSA compliance for CI/CD pipeline security
Performing automated security audits on pull requests
Conducting architectural threat modeling during the design phase