What kind of vulnerabilities can it identify?

It is designed to identify a wide range of issues including XSS, CSRF, SQL injection, insecure dependencies, hardcoded secrets, and cloud misconfigurations.

How does the multi-agent workflow function?

The skill launches five specialized agents—Security Sentinel, Threat Modeling Expert, Backend Security Coder, Comprehensive Review, and Codex 5.3—in parallel to analyze the target from different security perspectives.

Does it support modern security standards?

Yes, it specifically assesses compliance against the OWASP Top 10:2025 standards and uses modern scoring frameworks like EPSS and the CISA KEV catalog.

Can I use this for web application testing?

Absolutely. It includes built-in tools to check HTTP headers for missing security controls like CSP, X-Frame-Options, and HSTS before performing deeper code analysis.

What is the Evidence-Only Policy in this skill?

The Evidence-Only Policy is a strict protocol that requires every security finding to be backed by specific evidence, such as source code line numbers, HTTP headers, or official documentation, to prevent hallucinations.

Security Vulnerability Analyzer

Name: Security Vulnerability Analyzer
Author: swannysec

byswannysec

0•

安全与测试

Orchestrates multi-agent parallel security audits to validate, analyze, and remediate complex vulnerabilities with evidence-based findings.

The Security Vulnerability Analyzer is a high-precision security skill for Claude Code designed to handle professional vulnerability reports, bug bounty submissions, and security disclosures. It operates under a strict 'Evidence-Only' policy, ensuring that every finding is linked to specific source code lines, HTTP headers, or configuration values. By launching five specialized sub-agents in parallel—including experts in threat modeling and backend security—it provides a comprehensive 360-degree view of security risks. Users benefit from sophisticated risk scoring that integrates CVSS, EPSS, and CISA KEV data, resulting in a prioritized remediation roadmap that bridges the gap between identification and resolution.

主要功能

01Multi-agent parallel orchestration for deep-dive security analysis

02Strict Evidence-Only policy requiring code-level citations for every claim

03Advanced risk scoring integrating CVSS, EPSS, and CISA KEV catalogs

04Automated vulnerability validation via HTTP header and security control checks

05Comprehensive remediation roadmaps with prioritized fixes and effort estimates

060 GitHub stars

使用场景

01Validating and remediating bug bounty submissions or security disclosure reports

02Conducting automated security audits against OWASP Top 10:2025 standards

03Analyzing and fixing specific CVEs within application source code

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add swannysec/robot-tools security-vuln-analyzer

For use in Claude.ai and ChatGPT

Download Skill