What security framework does this skill use?

The skill primarily uses the STRIDE threat modeling framework to identify Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

How does it map my application's attack surface?

It enumerates API endpoints, authentication mechanisms, and data channels by reading your Rawgentic project configuration and scanning service definitions.

Is it safe to let an AI handle security remediations?

The skill includes an 'ambiguity circuit breaker' that stops the process and asks for user confirmation if findings are unclear or if a fix could have unintended side effects.

Can I use it to audit specific vulnerabilities like CVEs?

Yes, you can invoke the skill in 'reactive' mode by providing a CVE ID, which triggers an impact assessment and a corresponding remediation PR.

Does it support automated fixes?

Yes, in audit+fix mode, the workflow handles everything from finding the vulnerability to generating remediation PRs and verifying post-deployment security.

Rawgentic Security Audit & Remediation

Name: Rawgentic Security Audit & Remediation
Author: 3D-Stories

by3D-Stories

•

安全与测试

Conducts comprehensive 14-step security audits and automated remediations using STRIDE threat modeling and attack surface mapping.

The Rawgentic Security Audit skill implements a rigorous WF9 workflow designed to secure your entire codebase or specific components. By leveraging the STRIDE framework (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege), it systematically analyzes endpoints, data channels, and authentication mechanisms. This skill doesn't just find vulnerabilities; it provides detailed reporting, severity-based prioritization, and can even automate the generation of remediation pull requests and deployment verification, ensuring a closed-loop security process directly within your AI-assisted development environment.

主要功能

01Ambiguity circuit breakers that pause for user input when findings are uncertain.

02Systematic STRIDE threat modeling for comprehensive risk identification.

032 GitHub stars

04Integrated remediation workflow that generates PRs and verifies security fixes.

05Automated attack surface enumeration of API endpoints and data channels.

06Flexible audit modes including full codebase, targeted components, or reactive CVE assessments.

使用场景

01Auditing newly developed API endpoints to ensure authentication and validation patterns are correctly applied.

02Running a comprehensive security sweep across a project before a production release.

03Quickly assessing and patching a specific CVE impact within your dependencies.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add 3d-stories/rawgentic security-audit

For use in Claude.ai and ChatGPT

主要功能

01Ambiguity circuit breakers that pause for user input when findings are uncertain.

02Systematic STRIDE threat modeling for comprehensive risk identification.

032 GitHub stars

04Integrated remediation workflow that generates PRs and verifies security fixes.

05Automated attack surface enumeration of API endpoints and data channels.

06Flexible audit modes including full codebase, targeted components, or reactive CVE assessments.

使用场景

01Auditing newly developed API endpoints to ensure authentication and validation patterns are correctly applied.

02Running a comprehensive security sweep across a project before a production release.

03Quickly assessing and patching a specific CVE impact within your dependencies.