Security Assessment Suite
Comprehensive security testing toolkit for web applications. Covers vulnerability scanning, access control testing, and SSH security assessment.
Install
Run this command to install all skills in this plugin:
npx skillstore add @security-assessment-suite Skills will be installed to .claude/skills/ directory
Overview
Usage Guide
Enhanced by AIDetailed Guide
## Overview Security Assessment Suite is a comprehensive security testing toolkit for web applications. It combines three specialized skills to cover the full spectrum of web security assessment — from code-level security review, to access control vulnerability testing, to SSH infrastructure penetration testing. ## Quick Start 1. Install the plugin: `npx skillstore add @security-assessment-suite` 2. Start with **security-review** to audit your authentication, user input handling, secrets management, and API endpoints 3. Run **IDOR Vulnerability Testing** to detect insecure direct object references and broken access control 4. Use **ssh-penetration-testing** to assess your SSH infrastructure security ## Key Skills - **security-review** — Provides a comprehensive security checklist for authentication flows, user input handling, secrets/key management, API endpoint hardening, and payment or sensitive feature implementation. Use this whenever you are adding auth, handling user input, working with secrets, or creating API endpoints. - **IDOR Vulnerability Testing** — Detects and exploits Insecure Direct Object Reference (IDOR) vulnerabilities. Covers enumeration of user IDs and object references, authorization bypass techniques, and broken access control testing. Use when you need to test for IDOR vulnerabilities or verify that access control is properly enforced across user boundaries. - **ssh-penetration-testing** — Comprehensive SSH security assessment for authorized penetration testing. Includes SSH service enumeration, credential testing, vulnerability scanning, and tunneling techniques. Use for infrastructure-level security audits of SSH services. ## Tips - Run **security-review** first on new features before deployment — it catches common security anti-patterns early - Combine **IDOR Vulnerability Testing** with **security-review** for thorough access control validation - Use **ssh-penetration-testing** only in authorized testing environments — always get written permission before testing - Pair this plugin with monitoring/logging tools for a complete security posture assessment
Skills
3security-review
Safe 71Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist and patterns.
IDOR Vulnerability Testing
Low Risk 66This skill should be used when the user asks to "test for insecure direct object references," "find IDOR vulnerabilities," "exploit broken access control," "enumerate user IDs or object references," or "bypass authorization to access other users' data." It provides comprehensive guidance for detecting, exploiting, and remediating IDOR vulnerabilities in web applications.
ssh-penetration-testing
Low Risk 66Comprehensive SSH security assessment skill for authorized penetration testing, including enumeration, credential testing, vulnerability scanning, and tunneling techniques.
Similar Plugins
OpenClaw Security Monitor
Automated security scanning, vulnerability analysis, and code security review for authorized assets
3 skills
Application Security Toolkit
Scan code, dependencies, and running targets with a unified AppSec workflow
3 skills
Threat Modeling Workbench
Build structured security reviews from threat discovery to mitigation planning. This plugin helps teams map attack paths, extract concrete security requirements, and turn risks into prioritized controls.
3 skills