Can it scan external dependencies?

Yes, it uses integrated WebSearch and WebFetch tools to cross-reference your project's framework and library versions against the latest authoritative CVE databases and advisories.

Can it audit database access controls?

Yes, it analyzes database schemas and query patterns using MCP tools to ensure least-privilege access and identify potential tenancy isolation breaches or weak row filtering.

How does the Security Review skill identify vulnerabilities?

It uses a combination of static code analysis, threat modeling frameworks like STRIDE, and dynamic testing simulations to find authorization gaps, session flaws, and injection vulnerabilities.

What security standards does it follow?

The skill aligns its assessments with industry-standard benchmarks including the OWASP ASVS (Application Security Verification Standard) and the OWASP API Security Top 10.

Does it provide remediation steps?

Every finding includes a detailed impact analysis, a concrete exploit path, and specific code-level fix recommendations along with verification steps to ensure the patch works.

Security Review & Vulnerability Analysis

Name: Security Review & Vulnerability Analysis
Author: EdWrld

byEdWrld

0•

Security & Testing

Conducts deep adversarial security audits of API endpoints, UI flows, and database interactions to identify and fix vulnerabilities.

This skill empowers Claude to perform comprehensive, red-team style security assessments across your entire application stack. It systematically maps API endpoints to UI flows, performs threat modeling using frameworks like STRIDE and OWASP, and executes deep-dive audits into authorization gaps, injection surfaces, and session management. Whether you are conducting a routine permission audit or a complex vulnerability analysis, this skill provides actionable reports featuring prioritized findings, concrete exploit paths, and step-by-step remediation guidance to harden your codebase.

Key Features

010 GitHub stars

02Red-team style threat modeling using STRIDE and LINDDUN frameworks

03Real-time vulnerability intelligence via WebSearch for dependencies and CVEs

04Comprehensive API and UI flow mapping to identify trust boundaries

05Prioritized reporting with concrete exploit paths and fix recommendations

06Deep-dive auditing for IDOR, privilege escalation, and injection vulnerabilities

Use Cases

01Auditing a new feature's API endpoints for horizontal and vertical privilege escalation

02Investigating potential business logic flaws and rate-limiting gaps in critical workflows

03Performing a pre-release security scan of database-interacting code and input validation

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add edwrld/config.files security-review

For use in Claude.ai and ChatGPT

Download Skill