How are vulnerabilities prioritized?

The skill uses a CVSS-aligned severity classification (Critical, High, Medium, Low, Info) to help teams prioritize their remediation efforts based on risk and impact.

Where are the security reports saved?

Reports are automatically saved to the 'audit-reports/' directory for assessments and 'planning-docs/' for design requirements, using timestamped subdirectories for organization.

Does this skill fix security bugs automatically?

No, this skill acts as a senior consultant. It identifies vulnerabilities and provides detailed remediation guidance but does not modify your implementation code to ensure human oversight of security changes.

Which security frameworks does it support?

It uses the OWASP Top 10 for vulnerability analysis, the STRIDE methodology for threat modeling, and can assess compliance against GDPR, HIPAA, PCI-DSS, and SOC2 frameworks.

Can I use it for new features before they are built?

Yes, the /plan-security command activates Design Mode, which focuses on identifying security controls, authentication needs, and potential threats during the planning phase.

Nehemiah Security Consultant

Name: Nehemiah Security Consultant
Author: christopheraaronhogg

bychristopheraaronhogg

0•

安全与测试

Performs expert security audits, vulnerability assessments, and threat modeling to provide prioritized remediation recommendations for software projects.

The Nehemiah Security skill transforms Claude into a senior security consultant capable of conducting deep-dive technical audits and security design reviews. It systematically analyzes applications for OWASP Top 10 vulnerabilities, maps attack surfaces, and performs STRIDE-based threat modeling without altering the codebase. By generating executive-ready reports and detailed remediation roadmaps, it helps development teams identify critical risks, evaluate compliance posture for standards like SOC2 or GDPR, and integrate security-by-design principles into the early planning phases of development.

主要功能

01Security design mode for planning requirements of new features

02Systematic OWASP Top 10 vulnerability analysis and reporting

03STRIDE-based threat modeling and attack surface mapping

04Compliance posture assessment for GDPR, HIPAA, SOC2, and PCI-DSS

050 GitHub stars

06Professional executive-ready security reports with prioritized findings

使用场景

01Assessing a legacy codebase for compliance with regulatory data protection standards

02Conducting a comprehensive security audit before a major production release

03Planning security requirements and threat models for new features during the design phase

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add christopheraaronhogg/codehogg nehemiah-security

For use in Claude.ai and ChatGPT

Download Skill