Can it help secure my CI/CD pipeline?

Yes, it includes specific verification steps for SLSA (Supply-chain Levels for Software Artifacts) compliance to help you secure build processes and provenance.

What kind of vulnerability reports does it generate?

It produces standardized reports including severity ratings, CVSS scores, affected components, proof-of-concept steps, and specific remediation guidance.

Does it support formal threat modeling?

The skill utilizes the STRIDE framework (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) to help you analyze and mitigate architectural threats.

How does this skill help with OWASP compliance?

It provides a structured checklist covering all ten OWASP categories, from injection and broken access control to SSRF, ensuring your code meets modern web security standards.

Will it catch hardcoded secrets?

Yes, the skill specifically audits code for hardcoded credentials and provides patterns for moving them to secure environment variables or secret managers.

Security Reviewer

Name: Security Reviewer
Author: jpoley

byjpoley

•

安全与测试

Performs comprehensive security audits, threat modeling, and SLSA compliance checks to ensure production-grade software security.

The Security Reviewer skill transforms Claude into an expert security engineer capable of identifying vulnerabilities across the software development lifecycle. It provides structured frameworks for OWASP Top 10 verification, STRIDE threat modeling, and SLSA supply chain security levels. By applying systematic checklists for authentication, authorization, and data protection, it helps developers proactively detect flaws like injection, broken access control, and insecure configurations before code reaches production. It also includes templates for professional vulnerability reporting and secure coding patterns to remediate identified risks.

主要功能

01SLSA supply chain compliance verification across all four levels

02STRIDE-based threat modeling frameworks for architectural analysis

03Automated secure coding pattern suggestions for common vulnerabilities

04Standardized vulnerability reporting templates with CVSS scoring

055 GitHub stars

06OWASP Top 10 vulnerability identification and checklists

使用场景

01Verifying and documenting SLSA compliance for CI/CD pipelines

02Conducting deep-dive security audits on new features or pull requests

03Performing proactive threat modeling to identify architectural flaws early

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jpoley/flowspec security-reviewer

For use in Claude.ai and ChatGPT

Download Skill