Does it provide code examples for fixes?

Yes, the templates include specific sections for technical remediation that encourage providing both 'vulnerable' and 'secure' code snippets.

Does this skill perform the actual security scan?

This skill provides the framework and templates for reporting findings; it works best when paired with an auditor agent or manual verification to populate the data.

How is finding severity determined?

It uses a built-in decision tree based on exploitability, remote access requirements, and potential data impact to categorize findings from Critical down to Info.

Can I export the security reports to other tools?

Yes, the skill generates both structured Markdown for documentation and JSON for integration with other security tools, CI/CD pipelines, or databases.

What standards are supported by the audit-report skill?

It primarily uses the OWASP Application Security Verification Standard (ASVS) and Common Weakness Enumeration (CWE) for categorization and mapping.

Security Audit Reporting

Name: Security Audit Reporting
Author: Zate

byZate

0•

Security & Testing

Generates standardized, professional security audit reports with automated severity classification and ASVS mapping.

The Security Audit Reporting skill provides a comprehensive framework for documenting security findings within the Claude Code environment. By offering standardized templates for executive summaries, detailed finding reports, and remediation guidance, it ensures that security audits are consistent, actionable, and aligned with industry standards like OWASP ASVS and CWE. It includes built-in severity decision trees and structured JSON output for integration with other tools, making it an essential resource for developers and security professionals performing thorough code reviews or system assessments.

Key Features

01Standardized markdown templates for comprehensive security audit reports

020 GitHub stars

03Automated severity classification using a logic-based decision tree

04Structured finding formats with impact analysis and remediation code blocks

05Mapping to OWASP Application Security Verification Standard (ASVS) and CWE

06Dual output capability in both human-readable Markdown and machine-readable JSON

Use Cases

01Standardizing how remediation tasks are communicated to development teams

02Generating professional audit reports for stakeholders after a repository audit

03Documenting vulnerabilities discovered during a security review of a web application

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add zate/cc-plugins audit-report

For use in Claude.ai and ChatGPT

Download Skill