Does it provide code examples for fixes?

Yes, the templates include specific sections for technical remediation that encourage providing both 'vulnerable' and 'secure' code snippets.

Does this skill perform the actual security scan?

This skill provides the framework and templates for reporting findings; it works best when paired with an auditor agent or manual verification to populate the data.

How is finding severity determined?

It uses a built-in decision tree based on exploitability, remote access requirements, and potential data impact to categorize findings from Critical down to Info.

Can I export the security reports to other tools?

Yes, the skill generates both structured Markdown for documentation and JSON for integration with other security tools, CI/CD pipelines, or databases.

What standards are supported by the audit-report skill?

It primarily uses the OWASP Application Security Verification Standard (ASVS) and Common Weakness Enumeration (CWE) for categorization and mapping.

Security Audit Reporting

Name: Security Audit Reporting
Author: Zate

byZate

安全与测试

Generates standardized, professional security audit reports with automated severity classification and ASVS mapping.

关于

The Security Audit Reporting skill provides a comprehensive framework for documenting security findings within the Claude Code environment. By offering standardized templates for executive summaries, detailed finding reports, and remediation guidance, it ensures that security audits are consistent, actionable, and aligned with industry standards like OWASP ASVS and CWE. It includes built-in severity decision trees and structured JSON output for integration with other tools, making it an essential resource for developers and security professionals performing thorough code reviews or system assessments.

主要功能

Standardized markdown templates for comprehensive security audit reports
0 GitHub stars
Automated severity classification using a logic-based decision tree
Structured finding formats with impact analysis and remediation code blocks
Mapping to OWASP Application Security Verification Standard (ASVS) and CWE
Dual output capability in both human-readable Markdown and machine-readable JSON

使用场景

Standardizing how remediation tasks are communicated to development teams
Generating professional audit reports for stakeholders after a repository audit
Documenting vulnerabilities discovered during a security review of a web application

关于

主要功能

Standardized markdown templates for comprehensive security audit reports
0 GitHub stars
Automated severity classification using a logic-based decision tree
Structured finding formats with impact analysis and remediation code blocks
Mapping to OWASP Application Security Verification Standard (ASVS) and CWE
Dual output capability in both human-readable Markdown and machine-readable JSON

使用场景

Standardizing how remediation tasks are communicated to development teams
Generating professional audit reports for stakeholders after a repository audit
Documenting vulnerabilities discovered during a security review of a web application