Does it support Zero Trust architecture?

Yes, the skill is built on key principles including Zero Trust, Least Privilege, Defense in Depth, and Security by Design.

What kind of vulnerability reports does the skill generate?

It generates reports that classify findings by severity—Critical, High, Medium, and Low—providing clear impact descriptions and recommended response timelines.

Which tools does the skill use to analyze code?

The skill utilizes Read, Write, Grep, Glob, Bash, and WebSearch to thoroughly scan the codebase for insecure patterns and cross-reference with security databases.

How does this skill use OWASP guidelines?

It performs a systematic check against the OWASP Top 10 list, including Injection, Broken Access Control, and SSRF, ensuring the codebase meets industry-standard security benchmarks.

Can it help with authentication design?

Yes, it provides specific recommendations for JWT, session management, and authorization models like RBAC and ABAC to ensure secure user access.

Security Review & Vulnerability Analysis

Name: Security Review & Vulnerability Analysis
Author: aimskr

byaimskr

0•

安全与测试

Performs systematic security audits and vulnerability assessments based on OWASP guidelines to ensure robust application architecture.

The Security Review skill provides a structured framework for auditing codebases, designing secure authentication systems, and identifying potential vulnerabilities before deployment. By following a multi-phase process—ranging from attack surface mapping to rigorous OWASP Top 10 verification—it helps developers implement Zero Trust principles and Defense in Depth strategies. It automates the identification of critical risks such as injection and broken access control while providing prioritized remediation reports and long-term security design recommendations to harden your application against modern threats.

主要功能

010 GitHub stars

02Systematic OWASP Top 10 (2021) vulnerability verification and checklist

03Secure design recommendations for JWT, session management, and RBAC/ABAC models

04Sensitive data flow tracing to prevent cryptographic failures and data leaks

05Comprehensive attack surface mapping for inputs, file uploads, and API endpoints

06Prioritized vulnerability reporting with severity classification (Critical to Low)

使用场景

01Pre-deployment security checklist verification for production-ready codebases

02Designing and auditing complex authentication and authorization workflows

03Identifying and remediating sensitive data handling flaws in legacy systems

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add aimskr/aims-claude-toolkit security-review

For use in Claude.ai and ChatGPT

Download Skill