What security frameworks does this skill support?

The skill references NIST CSF 2.0, CIS Controls v8, NIST SSDF, OWASP ASVS, OWASP Top 10, MITRE ATT&CK, SLSA, and OpenSSF Scorecard.

Can it audit blockchain and smart contracts?

Yes, it includes specific guidelines for protocol invariants, upgradeability, oracle threats, and ZK circuit soundness constraints.

Is this skill useful for threat modeling?

Absolutely. It uses the STRIDE methodology (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) to identify risks.

How are security findings presented?

Findings are structured in a standardized format including severity, category, location, impact, and actionable recommendations with framework references.

Does it help with supply chain security?

Yes, it assesses dependency integrity, build provenance, and CI/CD pipeline security using SLSA and OpenSSF standards.

Security Research & Audit

Name: Security Research & Audit
Author: ClementWalter

byClementWalter

•

安全与测试

Conducts comprehensive security reviews and threat modeling based on industry-standard frameworks like NIST and OWASP.

This skill empowers Claude to act as a senior security researcher, providing structured audits of codebases, architectural designs, and infrastructure configurations. By leveraging canonical control frameworks such as NIST CSF 2.0, CIS Controls v8, and the OWASP Top 10, it identifies vulnerabilities across identity management, cryptography, supply chain integrity, and smart contracts. It is particularly valuable during threat modeling sessions, pull request reviews, or when preparing for high-stakes production deployments to ensure systems are resilient against modern adversary techniques.

主要功能

01Specialized audits for blockchain protocols and ZK circuit soundness

02Standardized vulnerability reporting with severity and remediation steps

03Multi-framework compliance mapping including NIST, CIS, and OWASP ASVS

04STRIDE-based threat modeling for architecture and trust boundaries

052 GitHub stars

06Supply chain security analysis using SLSA and OpenSSF Scorecard

使用场景

01Auditing application code and PRs for OWASP Top 10 vulnerabilities

02Assessing CI/CD pipeline integrity and third-party dependency risks

03Performing threat modeling for new cloud infrastructure and system designs

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add clementwalter/rookie-marketplace security-audit

For use in Claude.ai and ChatGPT

Download Skill