Security Reviewer
Skill Verifiziert AktivIdentifies security vulnerabilities, generates structured audit reports with severity ratings, and provides actionable remediation guidance. Use when conducting security audits, reviewing code for vulnerabilities, or analyzing infrastructure security. Invoke for SAST scans, penetration testing, DevSecOps practices, cloud security reviews, dependency audits, secrets scanning, or compliance checks. Produces vulnerability reports, prioritized recommendations, and compliance checklists.
To provide users with a specialized capability for conducting thorough security audits and vulnerability assessments, ensuring applications and infrastructure are secure.
Funktionen
- Identifies security vulnerabilities
- Generates structured audit reports
- Provides actionable remediation guidance
- Supports SAST, dependency audits, and secrets scanning
- Rates severity using CVSS
Anwendungsfälle
- Use when conducting security audits
- Use when reviewing code for vulnerabilities
- Use when analyzing infrastructure security
- Use for penetration testing or DevSecOps automation
Nicht-Ziele
- Skipping manual review of findings
- Testing on production systems without authorization
- Causing service disruption or data loss
- Testing outside defined scope or rules of engagement
Installation
Zuerst Marketplace hinzufügen
/plugin marketplace add jeffallan/claude-skills/plugin install claude-skills@fullstack-dev-skillsQualitätspunktzahl
VerifiziertVertrauenssignale
Ähnliche Erweiterungen
Clawsec Scanner
100Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and agent-specific DAST hook execution testing for OpenClaw hooks.
Context Mode Ops
100Verwalten Sie GitHub-Issues, PRs, Releases und Marketing mit parallelen Subagenten-Armeen im Context-Mode. Orchestriert 10-20 dynamische Agenten pro Aufgabe. Verwenden Sie dies bei der Triage von Issues, der Überprüfung von PRs, der Veröffentlichung von Versionen, dem Schreiben von LinkedIn-Posts, der Ankündigung von Releases, der Behebung von Fehlern, dem Mergen von Beiträgen, der Validierung von ENV-Variablen, dem Testen von Adaptern oder dem Synchronisieren von Branches.
Security Pen Testing
99Use when the user asks to perform security audits, penetration testing, vulnerability scanning, OWASP Top 10 checks, or offensive security assessments. Covers static analysis, dependency scanning, secret detection, API security testing, and pen test report generation.
Prepare Inspection Readiness
100Prepare an organisation for regulatory inspection by assessing readiness against agency-specific focus areas (FDA, EMA, MHRA). Covers warning letter and 483 theme analysis, mock inspection protocols, document bundle preparation, inspection logistics, and response template creation. Use when a regulatory inspection has been announced or is anticipated, when a periodic self-assessment is due, when new systems have been implemented since the last inspection, or after a significant audit finding that may attract regulatory attention.
Monitor Data Integrity
100Design and operate a data integrity monitoring programme based on ALCOA+ principles. Covers detective controls, audit trail review schedules, anomaly detection patterns (off-hours activity, sequential modifications, bulk changes), metrics dashboards, investigation triggers, and escalation matrix definition. Use when establishing a data integrity monitoring programme for GxP systems, preparing for inspections where data integrity is a focus area, after a data integrity incident requiring enhanced monitoring, or when implementing MHRA, WHO, or PIC/S guidance.
Investigate Capa Root Cause
100Investigate root causes and manage CAPAs (Corrective and Preventive Actions) for compliance deviations. Covers investigation method selection (5-Why, fishbone, fault tree), structured root cause analysis, corrective vs preventive action design, effectiveness verification, and trend analysis. Use when an audit finding requires a CAPA, when a deviation or incident occurs in a validated system, when a regulatory observation needs a formal response, when a data integrity anomaly requires investigation, or when recurring issues suggest a systemic root cause.