Can it help secure my CI/CD pipeline?

Yes, it includes specific verification steps for SLSA (Supply-chain Levels for Software Artifacts) compliance to help you secure build processes and provenance.

What kind of vulnerability reports does it generate?

It produces standardized reports including severity ratings, CVSS scores, affected components, proof-of-concept steps, and specific remediation guidance.

Does it support formal threat modeling?

The skill utilizes the STRIDE framework (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) to help you analyze and mitigate architectural threats.

How does this skill help with OWASP compliance?

It provides a structured checklist covering all ten OWASP categories, from injection and broken access control to SSRF, ensuring your code meets modern web security standards.

Will it catch hardcoded secrets?

Yes, the skill specifically audits code for hardcoded credentials and provides patterns for moving them to secure environment variables or secret managers.

Security Reviewer

Name: Security Reviewer
Author: jpoley

byjpoley

•

安全与测试

Performs comprehensive security audits, threat modeling, and SLSA compliance checks to ensure production-grade software security.

关于

The Security Reviewer skill transforms Claude into an expert security engineer capable of identifying vulnerabilities across the software development lifecycle. It provides structured frameworks for OWASP Top 10 verification, STRIDE threat modeling, and SLSA supply chain security levels. By applying systematic checklists for authentication, authorization, and data protection, it helps developers proactively detect flaws like injection, broken access control, and insecure configurations before code reaches production. It also includes templates for professional vulnerability reporting and secure coding patterns to remediate identified risks.

主要功能

SLSA supply chain compliance verification across all four levels
STRIDE-based threat modeling frameworks for architectural analysis
Automated secure coding pattern suggestions for common vulnerabilities
Standardized vulnerability reporting templates with CVSS scoring
5 GitHub stars
OWASP Top 10 vulnerability identification and checklists

使用场景

Verifying and documenting SLSA compliance for CI/CD pipelines
Conducting deep-dive security audits on new features or pull requests
Performing proactive threat modeling to identify architectural flaws early

关于

主要功能

SLSA supply chain compliance verification across all four levels
STRIDE-based threat modeling frameworks for architectural analysis
Automated secure coding pattern suggestions for common vulnerabilities
Standardized vulnerability reporting templates with CVSS scoring
5 GitHub stars
OWASP Top 10 vulnerability identification and checklists

使用场景

Verifying and documenting SLSA compliance for CI/CD pipelines
Conducting deep-dive security audits on new features or pull requests
Performing proactive threat modeling to identify architectural flaws early