Run penetration tests, scan codebases for OWASP Top 10 issues, audit cloud configurations, and triage CVEs — all with Claude as the orchestrator. These skills wrap industry-standard scanners (Semgrep, Trivy, Checkov) and bug-bounty workflows so a single prompt produces a structured findings report.
Related searches: claude security audit, claude code OWASP scanner, AI penetration testing skills, claude bug bounty workflow.
Security forensics for git repos, AI skills, and MCP servers. Audits dependencies, detects prompt injection, credential theft, runtime dynamism, manifest drift, known CVEs, CISA KEV (actively exploite
security
Run a full security-in-depth audit including OWASP Top 10, dependency analysis, and defense-in-depth review. Use for security audit, pentest review, or vulnerability assessment.
security
Chief Security Officer mode. Infrastructure-first security audit: secrets archaeology, dependency supply chain, CI/CD pipeline security, LLM/AI security, skill supply chain scanning, plus OWASP Top 10
security
Security review for Go applications: input validation, SQL injection, authentication/authorization, secrets management, TLS, OWASP Top 10, and secure coding patterns. Use when performing security revi
security
Systematic audit against the OWASP 2021 Top 10 web application security risks with severity-rated, file-level findings. Checks A01 Broken Access Control (IDOR, path traversal, CORS, privilege escalati
security
Perform a security audit based on OWASP. Use when the user wants to verify security, look for vulnerabilities, or before a production deployment.
security
Full-stack security posture assessment with 0-100 risk scoring. Scans dependency vulnerabilities (npm audit, pip-audit, cargo audit, govulncheck), dangerous code patterns (SQL injection, eval, command
security
Comprehensive security vulnerability analysis for codebases and infrastructure. Scans dependencies (npm, pip, gem, go, cargo), containers (Docker, Kubernetes), cloud IaC (Terraform, CloudFormation), a
security
Use this skill when conducting authorized penetration tests, vulnerability assessments, or security audits within proper engagement scope. Triggers on pentest methodology, vulnerability scanning, OWAS
engineering
Auditoría de seguridad OWASP Top 10. Usar para revisar código en busca de vulnerabilidades, validar autenticación/autorización, analizar input sanitization, detectar SQL injection, XSS, CSRF y otras v
security
Security audit checklist based on OWASP Top 10 and best practices. Covers authentication, injection, XSS, CSRF, secrets management, and more. Use when reviewing security, before deploy, asking "is thi
security
Fetches dependency vulnerabilities from Vanta, Snyk, Dependabot, or GitHub Security Advisories, creates a tracking issue in Jira/Linear/GitHub Issues, then fixes, commits, pushes, and opens PRs for ea
security
Pre-production security audit and vulnerability scanning. Run Snyk + Aikido dependency scans, OWASP analysis, and set up automated GitHub security checks with Jules. Use when asked to 'run security ch
security
Fast, template-based vulnerability scanning using ProjectDiscovery's Nuclei with extensive community templates covering CVEs, OWASP Top 10, misconfigurations, and security issues across web applicatio
security
Analyze project dependencies for health, security, and bloat — audit outdated, deprecated, vulnerable, duplicate, heavy, and unused packages across npm, pip, cargo, go mod, and more. Produce a depende
security
Python dependency and environment management for multi-service or monorepo python backends. Use when: (1) adding, upgrading, or removing a Python package, (2) responding to Dependabot or security vuln
security
Perform OWASP Top 10 static security audit identifying vulnerabilities in access control, cryptography, injection, configuration, and logging. Activate when user mentions "security audit", "OWASP", "s
security
Audit frontend codebases for security vulnerabilities and bad practices. Use when performing security reviews, auditing code for XSS/CSRF/DOM vulnerabilities, checking Content Security Policy configur
security
Audit Go module dependencies: detect outdated packages, check for known vulnerabilities, review go.mod hygiene, identify unused or redundant deps, and evaluate dependency quality. Use when auditing de
security
Security auditor for Laravel applications. Analyzes code for vulnerabilities, misconfigurations, and insecure practices using OWASP standards and Laravel security best practices.
security
Audit mobile apps against OWASP Mobile Top 10 (M1-M10): credential hardcoding, supply chain dependencies, insecure auth/token storage (Keychain/Keystore), input validation (deep links, WebView XSS), c
security
Generates comprehensive vulnerability reports from npm audit JSON output and the OSV (Open Source Vulnerabilities) API. Parses npm audit --json results, enriches each CVE with CVSS scores from the NVD
tools
오픈소스 취약점 분석 스킬. 사용자가 오픈소스 패키지 이름과 사용 중인 버전을 입력하면, NVD(NIST), OSV.dev(Google), GitHub Advisory 3개 데이터 소스에서 CVE 취약점을 조회하여 최신 버전 정보와 함께 보안 리포트를 생성한다. 마크다운, Excel/CSV, JSON 형식으로 출력 가능하다. package.json, req
security
OWASP API Security Top 10 testing patterns, injection payloads, auth bypass vectors, and security test generation for REST APIs. Use when writing security tests, reviewing API endpoints for vulnerabil
security
Use when performing security audits, vulnerability assessments, or compliance checks on Flutter or mobile applications. Covers OWASP Mobile Top 10 (2024) — hardcoded secrets (M1), insecure storage (M9
security
Perform security testing on web applications, APIs, and codebases. Use when the user asks to "run a security scan", "check for vulnerabilities", "audit dependencies", "check security headers", "find s
engineering
OWASP ZAP/Burp Suite/Nuclei integration, penetration test planning, DAST execution, and vulnerability scanning. For dynamic security testing, pentesting, or runtime vulnerability validation. Complemen
security
Software Composition Analysis (SCA) using Synopsys Black Duck for identifying open source vulnerabilities, license compliance risks, and supply chain security threats with CVE, CWE, and OWASP framewor
security
Unified repo security scanner for scientific Python projects — one call orchestrates `bandit` (Python AST security linter), `shellcheck` (shell-script linter), `pip-audit` (Python dependency CVE scann
security
Security audit methodology and checklist for codebases. Use when performing security reviews, auditing a project for vulnerabilities, or hardening an application before deployment. Covers secret scann
security