Run penetration tests, scan codebases for OWASP Top 10 issues, audit cloud configurations, and triage CVEs — all with Claude as the orchestrator. These skills wrap industry-standard scanners (Semgrep, Trivy, Checkov) and bug-bounty workflows so a single prompt produces a structured findings report.
Related searches: claude security audit, claude code OWASP scanner, AI penetration testing skills, claude bug bounty workflow.
Security forensics for git repos, AI skills, and MCP servers. Audits dependencies, detects prompt injection, credential theft, runtime dynamism, manifest drift, known CVEs, CISA KEV (actively exploite
security
Run a full security-in-depth audit including OWASP Top 10, dependency analysis, and defense-in-depth review. Use for security audit, pentest review, or vulnerability assessment.
security
全面的代码安全检查和服务器安全审计skill。适用于:(1) 代码漏洞扫描 - 检测SQL注入、XSS、SSRF等OWASP Top 10漏洞,(2) 依赖安全检查 - 识别过时或有漏洞的第三方库(如React2Shell CVE-2025-55182、Next.js CVE-2025-66478),(3) 服务器配置审计 - 检查SSH、防火墙、权限等安全配置,(4) 敏感信息泄露检测 - AP
security
Security review for Go applications: input validation, SQL injection, authentication/authorization, secrets management, TLS, OWASP Top 10, and secure coding patterns. Use when performing security revi
security
Comprehensive security auditing framework for LLM applications covering OWASP Top 10 for LLMs, threat modeling, penetration testing, and compliance with NIST AI RMF and ISO 42001Use when "security aud
security
Perform comprehensive security audits on Node.js, JavaScript, and TypeScript codebases. Scans source code for OWASP Top 10 vulnerabilities, insecure patterns, dependency risks, and generates a priorit
security
Systematic audit against the OWASP 2021 Top 10 web application security risks with severity-rated, file-level findings. Checks A01 Broken Access Control (IDOR, path traversal, CORS, privilege escalati
security
Perform a security audit based on OWASP. Use when the user wants to verify security, look for vulnerabilities, or before a production deployment.
security
Full-stack security posture assessment with 0-100 risk scoring. Scans dependency vulnerabilities (npm audit, pip-audit, cargo audit, govulncheck), dangerous code patterns (SQL injection, eval, command
security
Comprehensive security vulnerability analysis for codebases and infrastructure. Scans dependencies (npm, pip, gem, go, cargo), containers (Docker, Kubernetes), cloud IaC (Terraform, CloudFormation), a
security
Usar esta habilidad SIEMPRE que el usuario quiera realizar pruebas de penetración, auditoría, análisis automático o explotación de vulnerabilidades sobre un portal web, aplicación web, API REST, servi
security
Use this skill when conducting authorized penetration tests, vulnerability assessments, or security audits within proper engagement scope. Triggers on pentest methodology, vulnerability scanning, OWAS
engineering
Comprehensive security audits identifying vulnerabilities, misconfigurations, and best-practice violations across applications, APIs, infrastructure, and data pipelines. Use for OWASP Top 10 reviews,
security
Auditoría de seguridad OWASP Top 10. Usar para revisar código en busca de vulnerabilidades, validar autenticación/autorización, analizar input sanitization, detectar SQL injection, XSS, CSRF y otras v
security
Security audit checklist based on OWASP Top 10 and best practices. Covers authentication, injection, XSS, CSRF, secrets management, and more. Use when reviewing security, before deploy, asking "is thi
security
Unified ATV security audit. Scans agentic config (.github/, .vscode/) using AgentShield's 33-rule taxonomy AND application source code for OWASP Top 10 + STRIDE threats. Triggers on 'security scan', '
security
Attack your own system — under explicit authorization — to prove its defenses hold, before launch and continuously after: scope and authorize, recon, scan and enumerate, exploit and confirm real vulne
security
Ghost Security - SAST code scanner. Finds security vulnerabilities in source code by planning and executing targeted scans for issues like SQL injection, XSS, BOLA, BFLA, SSRF, and other OWASP categor
security
Composite skill — full security pass across secrets, dependencies, code paths, and OWASP risks. Chains security-audit (broad) + socket-audit (npm supply chain) + semgrep (pattern scan) + code-security
security
A.I.G Scanner — AI security scanning for infrastructure, AI tools / skills, AI Agents, and LLM jailbreak evaluation via Tencent Zhuque Lab AI-Infra-Guard. Uses built-in exec + Python script, no plugin
security
Adversarial smart contract security audit. Auto-selects 5-7 specialist agents based on contract features (from a roster of 12). Attacks from every relevant angle: SWC registry, signatures, reentrancy,
security
Audit code against OWASP Top 10 vulnerabilities with structured findings. Use when reviewing code for security issues or conducting security audits.
security
Complete bug bounty workflow — recon (subdomain enumeration, asset discovery, fingerprinting, HackerOne scope, source code audit), pre-hunt learning (disclosed reports, tech stack research, mind maps,
security
Fetches dependency vulnerabilities from Vanta, Snyk, Dependabot, or GitHub Security Advisories, creates a tracking issue in Jira/Linear/GitHub Issues, then fixes, commits, pushes, and opens PRs for ea
security
Pre-production security audit and vulnerability scanning. Run Snyk + Aikido dependency scans, OWASP analysis, and set up automated GitHub security checks with Jules. Use when asked to 'run security ch
security
Comprehensive code security audit toolkit combining OWASP Top 10 vulnerability scanning, dependency analysis, secret detection, SSL/TLS verification, AI Agent security checks, and automated security s
security
Scan code for security issues: dependency vulnerabilities (npm/pip audit), secret leaks (regex and entropy analysis), and OWASP anti-patterns like SQL injection, XSS, or command injection. Use when th
security
Remediate dependency vulnerability scanner failures by verifying live package registry data and upgrading instead of suppressing. Use when an SCA / CVE tool fails or files an alert: npm audit, pnpm au
security
Audit CVE/vulnerability source coverage for a technology stack. Maps each component (container, library, base image, runtime) to authoritative CVE feeds, flags gaps, and produces audit-ready reports.
security
Read-only exposure audit of the user's machine and projects for a CVE, breach, malicious package, or other security advisory, then write a structured report to a local audit folder. Use when the user
security
SKILL.md files, not affiliated with, endorsed by, or sponsored by Anthropic.