How does this skill reduce false positives in security reports?

The skill follows a 'research before reporting' mandate, tracing data flows to ensure inputs are truly attacker-controlled and checking for framework-level mitigations before flagging an issue.

Does it support specific web frameworks?

Yes, it includes specialized guides for popular frameworks like Django, React, Vue, and Express to recognize built-in security features like auto-escaping and parameterized queries.

How are severity levels determined?

Findings are categorized from Low to Critical based on exploitability and impact, ranging from simple defense-in-depth suggestions to unauthenticated remote code execution.

Can it review infrastructure-as-code and configuration files?

Yes, the skill provides specific security guidance for Dockerfiles, Kubernetes manifests, Terraform scripts, and CI/CD pipeline configurations.

What types of vulnerabilities can it identify?

It identifies major OWASP Top 10 issues, including SQL/NoSQL injection, Cross-Site Scripting (XSS), CSRF, insecure deserialization, and hardcoded secrets.

Security Reviewer

Name: Security Reviewer
Author: monmacllcapp

bymonmacllcapp

0•

安全与测试

Conducts systematic, high-confidence security audits to identify exploitable vulnerabilities like injection, XSS, and authentication flaws.

The Security Review skill empowers Claude to perform professional-grade security audits by identifying exploitable vulnerabilities within codebases. It follows a rigorous research-first methodology based on OWASP standards, distinguishing between theoretical risks and high-confidence exploits by tracing data flow and verifying attacker-controlled inputs. This skill is essential for developers looking to secure their applications against common attack vectors while minimizing false positives through framework-aware analysis and infrastructure-specific guidance across various languages and cloud environments.

主要功能

01Infrastructure security auditing for Docker, K8s, and Terraform

02Systematic data flow tracing to distinguish attacker-controlled input

03OWASP-aligned reviews covering injection, XSS, and broken access control

04High-confidence vulnerability reporting to minimize false positives

05Framework-aware analysis for Django, React, Vue, and Express

060 GitHub stars

使用场景

01Verifying framework-specific security mitigations in modern web applications

02Performing a final security audit before merging sensitive pull requests

03Scanning legacy codebases for hidden injection vulnerabilities or hardcoded secrets

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add monmacllcapp/skill-forks security-review

For use in Claude.ai and ChatGPT

Download Skill