Can this skill help with PCI DSS or GDPR compliance?

Yes, it includes specific checks for sensitive data protection, encryption, and access control that are foundational for GDPR and PCI DSS compliance.

Can I audit my server configurations with this skill?

Yes, it includes templates and checks for Apache security headers, Node.js middleware like Helmet, and rate-limiting configurations.

How does it categorize the severity of found issues?

It uses the CVSS 3.1 scoring system, ranking vulnerabilities from Low (0.1-3.9) to Critical (9.0-10.0) based on their potential impact and exploitability.

Which security standards does the Security Review skill support?

The skill is primarily based on the OWASP Top 10 2021 standards and references the CVE vulnerability database for up-to-date threat detection.

Does it provide code examples for fixing vulnerabilities?

Yes, the skill provides side-by-side comparisons of 'Dangerous' vs. 'Secure' code to guide developers through the remediation process.

Security Review

Name: Security Review
Author: Protagonistss

byProtagonistss

安全与测试

Performs comprehensive security audits and vulnerability assessments based on OWASP standards to identify and mitigate code-level risks.

关于

The Security Review skill provides advanced security analysis capabilities for Claude, enabling the identification of common vulnerabilities such as SQL injection, Cross-Site Scripting (XSS), and broken access control. By leveraging the OWASP Top 10 2021 framework and CVE databases, it evaluates codebases for authentication weaknesses, sensitive data exposure, and insecure configurations. The skill goes beyond simple detection by providing prioritized remediation plans using CVSS 3.1 scoring, secure coding examples, and integration patterns for CI/CD pipelines, making it an essential tool for developers looking to build resilient and compliant applications.

主要功能

Automated detection of OWASP Top 10 vulnerabilities including Injection and XSS
Configuration auditing for web servers, Node.js environments, and CI/CD workflows
Detailed security report generation with prioritized remediation steps
Sensitive data handling analysis and encryption implementation checks
Comprehensive risk assessment using the CVSS 3.1 scoring system
0 GitHub stars

使用场景

Modernizing legacy code by replacing insecure patterns with protected coding standards
Performing a pre-release security audit to identify critical vulnerabilities in a new feature
Generating professional security reports for compliance checks or stakeholder reviews

关于

主要功能

Automated detection of OWASP Top 10 vulnerabilities including Injection and XSS
Configuration auditing for web servers, Node.js environments, and CI/CD workflows
Detailed security report generation with prioritized remediation steps
Sensitive data handling analysis and encryption implementation checks
Comprehensive risk assessment using the CVSS 3.1 scoring system
0 GitHub stars

使用场景

Modernizing legacy code by replacing insecure patterns with protected coding standards
Performing a pre-release security audit to identify critical vulnerabilities in a new feature
Generating professional security reports for compliance checks or stakeholder reviews