Is it integrated with other security tools?

It uses local tools like Grep and Bash to scan your project files and can interpret results from tools like npm audit or Snyk to provide contextual fixes.

How does this skill help with security audits?

It systematically analyzes your code against the OWASP Top 10 and uses the STRIDE methodology to identify architectural risks and technical vulnerabilities.

Can this skill assist with regulatory compliance?

Yes, it provides guidance for major frameworks including GDPR, HIPAA, PCI-DSS, and SOC 2, helping you align your development with legal standards.

What technical vulnerabilities can it detect?

It specializes in identifying SQL injection, XSS, CSRF, insecure authentication, broken access controls, and sensitive data exposure.

Does it support threat modeling?

Absolutely. It uses the STRIDE framework to analyze assets and threats, providing clear risk levels and mitigation strategies for each identified issue.

Security & Compliance Reviewer

Name: Security & Compliance Reviewer
Author: anton-abyzov

byanton-abyzov

•

安全与测试

Performs deep security audits, threat modeling, and compliance checks to harden applications against vulnerabilities and data breaches.

This skill transforms Claude into a senior Security Engineer capable of conducting comprehensive application security assessments. It leverages industry-standard methodologies like STRIDE for threat modeling and evaluates code against the OWASP Top 10, covering everything from SQL injection and XSS to authentication flaws and insecure design. Beyond technical vulnerabilities, it assists with regulatory compliance (GDPR, HIPAA, SOC 2) and provides structured, domain-specific guidance on encryption, secrets management, and secure architecture patterns, ensuring your software is production-ready and resilient against modern threats.

主要功能

01STRIDE Threat Modeling: Conducts systematic architectural reviews to uncover spoofing, tampering, and information disclosure risks.

0223 GitHub stars

03Secrets Management: Audits and recommends best practices for API keys, token rotation, and sensitive data handling.

04Compliance Auditing: Evaluates software against GDPR, HIPAA, PCI-DSS, and SOC 2 requirements.

05OWASP Top 10 Analysis: Identifies and provides remediation for the most critical web application security risks.

06Secure Code Review: Scans for vulnerabilities like SQL injection, XSS, CSRF, and broken access controls.

使用场景

01Conducting a pre-production security audit to find and fix vulnerabilities before deployment.

02Reviewing authentication and authorization logic to ensure secure session management and MFA implementation.

03Generating a STRIDE-based threat model for a new feature or architectural change.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add anton-abyzov/specweave security

For use in Claude.ai and ChatGPT

Download Skill