What security standards does this skill follow?

The skill is primarily aligned with the OWASP Top 10 for web vulnerabilities and the SLSA (Supply-chain Levels for Software Artifacts) framework for supply chain security.

Can it help with architectural threat modeling?

Yes, it uses the STRIDE methodology (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) to analyze system architecture.

How does it assist with SLSA compliance?

It provides a step-by-step checklist for SLSA Levels 1-4, helping you verify build process documentation, provenance generation, and hermetic build environments.

Does it support vulnerability reporting?

Yes, it includes a standardized template for generating professional reports that include severity levels, CVSS scores, impact analysis, and remediation steps.

Security Reviewer

Name: Security Reviewer
Author: jpoley

byjpoley

•

安全与测试

Conducts comprehensive security audits and threat modeling to ensure applications meet OWASP standards and SLSA compliance.

The Security Reviewer skill transforms Claude into an expert application security engineer capable of performing deep-dive code assessments, architectural threat modeling, and compliance verification. It provides a structured framework for identifying vulnerabilities like those in the OWASP Top 10, ensuring cryptographic integrity, and validating supply chain security via SLSA levels. Whether you are reviewing authentication logic, analyzing dependencies for known vulnerabilities, or generating professional vulnerability reports, this skill provides the checklists and patterns needed to ensure your software development lifecycle remains resilient against modern threats.

主要功能

015 GitHub stars

02Automated generation of detailed vulnerability reports with CVSS scoring

03SLSA compliance auditing for levels 1 through 4

04Secure coding pattern enforcement for secrets management and input validation

05OWASP Top 10 vulnerability scanning and checklist verification

06STRIDE-based threat modeling for architectural security analysis

使用场景

01Implementing and verifying SLSA compliance within CI/CD pipelines

02Performing a security audit on a new codebase before production deployment

03Identifying and remediating hardcoded secrets or insecure authentication logic

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jpoley/flowspec security-reviewer

For use in Claude.ai and ChatGPT

Download Skill