How is the security posture calculated?

The skill uses a logic-based formula: 'AT RISK' if there are any critical or high vulnerabilities, 'CONDITIONAL' for medium/low issues, and 'SECURE' only when zero vulnerabilities are found.

What file formats does the report generation support?

The primary output is structured Markdown, which can be easily converted to HTML or PDF formats for formal presentations and distribution.

Can this skill help with executive reporting?

Yes, it specifically includes templates for Executive Summaries that translate technical scan data into business impact and prioritized action items for non-technical stakeholders.

Does it provide remediation advice?

Every detailed finding generated by the skill includes specific remediation steps, impact analysis, and an estimated effort level to guide development teams.

What frameworks does the Security Reporter skill support?

The skill provides built-in support for the OWASP Top 10 (2021) framework, CWE mappings, and MITRE ATT&CK for comprehensive vulnerability classification.

Security Audit & Reporting

Name: Security Audit & Reporting
Author: jpoley

byjpoley

•

安全与测试

Generates comprehensive security audit reports, risk assessments, and OWASP Top 10 compliance mappings from vulnerability scan data.

The Security Reporter skill transforms Claude into an expert security analyst capable of synthesizing complex scan results into actionable intelligence. It automates the calculation of overall security posture using CVSS standards, maps vulnerabilities to the OWASP Top 10 framework, and generates structured audit reports that bridge the gap between technical findings and executive decision-making. Whether you are prioritizing a remediation backlog or preparing for a compliance review, this skill provides the templates and analytical rigor needed to manage your application's security lifecycle effectively.

主要功能

01Data aggregation from multiple security tools and triage results

02Executive-ready summaries and prioritized remediation roadmaps

03Automated security posture calculation based on critical/high vulnerability density

04Comprehensive OWASP Top 10 (2021) compliance checklists and mapping

058 GitHub stars

06Standardized CVSS-based severity definitions and risk analysis templates

使用场景

01Aggregating and triaging findings from automated SAST/DAST scanning tools

02Generating professional security audit reports for stakeholders and compliance reviews

03Creating prioritized remediation plans for development teams based on business impact

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jpoley/flowspec security-reporter

For use in Claude.ai and ChatGPT

Download Skill