What kind of code vulnerabilities does it identify?

It flags patterns like user enumeration in login responses, insecure security questions, lack of rate limiting on verification endpoints, and MFA bypasses in recovery flows.

How does it help with help desk security?

It maps every human-mediated path where support staff can override automated security, auditing the verification procedures to ensure they are resistant to pretexting.

Does this skill perform automated penetration testing?

No, it focuses on a structured assessment of the human-factor attack surface, identifying weaknesses in processes, identity verification, and OSINT exposure.

Can it help with phishing defense?

Yes, it evaluates email authentication records (SPF, DKIM, DMARC) and lookalike domains to identify weaknesses that could be exploited in phishing campaigns.

Social Engineering Security Audit

Name: Social Engineering Security Audit
Author: plurigrid

byplurigrid

•

Security & Testing

Assess and mitigate human-factor security risks, OSINT exposure, and social engineering vulnerabilities within applications and organizations.

The Social Engineering Audit skill enables Claude to conduct structured evaluations of the human-centric attack surface where technology, process, and trust intersect. It provides comprehensive guidance for mapping human-mediated authentication paths, identifying OSINT leaks, and auditing help desk procedures for pretexting vulnerabilities. By analyzing code for patterns like user enumeration and reviewing account recovery flows, it helps security teams and developers harden their systems against non-technical attack vectors such as phishing, SIM swapping, and authority exploitation.

Key Features

01Maps human-mediated authentication bypasses and help desk override vectors.

02Evaluates phishing resistance, including SPF/DKIM/DMARC and lookalike domain checks.

03Analyzes OSINT exposure across public records, social media, and code repositories.

04Identifies insecure code patterns like user enumeration and weak recovery logic.

057 GitHub stars

06Provides severity-calibrated findings with concrete remediation strategies.

Use Cases

01Auditing sensitive account recovery and password reset mechanisms for bypasses.

02Assessing organizational exposure to targeted phishing and credential harvesting.

03Reviewing customer support and identity verification protocols for pretexting risks.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add plurigrid/asi social-engineering-audit

For use in Claude.ai and ChatGPT

Download Skill