Skills senior-security
🛡️

senior-security

Low Risk ⚙️ External commands📁 Filesystem access

Senior Security Engineering Toolkit

Also available from: davila7

This skill provides comprehensive security engineering capabilities for application security, threat modeling, and compliance auditing. It helps security professionals design secure architectures, implement proper cryptography, and automate security assessments across multiple technology stacks.

Supports: Claude Codex Code(CC)
🥈 77 Silver
1

Download the skill ZIP

2

Upload in Claude

Go to Settings → Capabilities → Skills → Upload skill

3

Toggle on and start using

Test it

Using "senior-security". Analyze my React application for security vulnerabilities

Expected outcome:

  • Security Audit Results:
  • - Critical: Potential XSS in user input rendering (Component.js:45)
  • - High: Missing authentication on API endpoints (routes.js:12)
  • - Medium: Insecure CORS configuration allowing all origins
  • Recommendations:
  • 1. Sanitize all user inputs before rendering
  • 2. Implement JWT-based authentication for API routes
  • 3. Restrict CORS to specific allowed origins

Using "senior-security". Design authentication for my mobile banking app

Expected outcome:

  • Authentication Architecture:
  • 1. OAuth 2.0 with PKCE flow for mobile clients
  • 2. JWT access tokens (15 min expiry) with refresh tokens (7 days)
  • 3. Secure token storage using iOS Keychain and Android Keystore
  • 4. Biometric authentication (Face ID, Touch ID) for app unlock
  • 5. Certificate pinning for API communications

Using "senior-security". Create a threat model for my payment processing service

Expected outcome:

  • Threat Model Summary:
  • Assets: Payment card data, customer PII, transaction records
  • Threat Actors: External attackers, malicious insiders
  • Attack Vectors: API injection, man-in-the-middle, credential theft
  • Security Controls: TLS 1.3, tokenization, MFA, SIEM logging

Security Audit

Low Risk
v3 • 1/16/2026

After manual evaluation, all 115 static findings are FALSE POSITIVES. The static scanner detected markdown code block syntax (```) as shell backticks, security terminology in educational documentation as exploits, and standard Python file I/O for report generation. The skill contains skeleton scripts and reference documentation for defensive security practices only. No malicious code, actual exploits, or harmful functionality exists.

9
Files scanned
2,131
Lines analyzed
2
findings
3
Total audits

Risk Factors

⚙️ External commands (6)
SKILL.md:16-25 SKILL.md:40-42 SKILL.md:55-57 references/cryptography_implementation.md:20-25 references/penetration_testing_guide.md:20-25 references/security_architecture_patterns.md:20-25
📁 Filesystem access (3)
scripts/security_auditor.py:107 scripts/threat_modeler.py:107 scripts/pentest_automator.py:107
Audited by: claude View Audit History →

Quality Score

68
Architecture
100
Maintainability
87
Content
30
Community
90
Security
91
Spec Compliance

What You Can Build

Application Security Assessment

Conduct comprehensive security audits of web applications, APIs, and mobile apps to identify and remediate vulnerabilities.

Threat Modeling for Projects

Create automated threat models for new software projects by identifying assets, threats, and security controls.

Secure Architecture Design

Design secure system architectures following zero-trust principles, defense in depth, and least privilege patterns.

Try These Prompts

Security Audit 
Use the security auditor to analyze the codebase at [path]. Run the analysis and provide a detailed report of critical and high-severity security findings with remediation recommendations.
Create Threat Model 
Create a threat model for [project name]. Identify assets, threat actors, attack vectors, and recommend appropriate security controls following STRIDE methodology.
Design Security Architecture 
Design a secure architecture for [system description] following the security architecture patterns reference. Include authentication, authorization, input validation, and audit logging.
Implement Cryptography 
Implement secure encryption for [data type] using industry-standard algorithms. Use AES-256-GCM for symmetric encryption and RSA-2048 or higher for asymmetric encryption with proper key management.

Best Practices

  • Validate and sanitize all user inputs to prevent injection attacks like SQL injection and XSS
  • Use parameterized queries or ORM frameworks for all database operations
  • Store passwords using strong hashing algorithms like bcrypt or Argon2 with unique salts
  • Implement HTTPS/TLS for all network communications and use certificate pinning in mobile apps
  • Follow the principle of least privilege for user permissions and service account access

Avoid

  • Hardcoding credentials, API keys, or secrets directly in source code
  • Using weak or deprecated cryptographic algorithms like MD5, SHA1, or DES
  • Trusting user input without validation or sanitization
  • Implementing custom cryptography instead of using established libraries

Frequently Asked Questions

How do I run a security audit on my codebase?
Run 'python scripts/security_auditor.py <target-path> --verbose' to analyze the target directory. The script performs analysis and generates a report with security findings.
What permissions are needed for penetration testing?
You must have explicit written authorization before conducting any penetration tests. Use this skill only on systems you own or have proper legal scope to test.
Which cryptographic algorithms should I use?
Use AES-256-GCM for symmetric encryption, RSA-2048 or higher for asymmetric encryption, SHA-256 for hashing, and bcrypt for password storage.
How do I create a threat model?
Run 'python scripts/threat_modeler.py <project-path>' to generate a threat model. The tool identifies assets, threats, and recommends security controls.
What programming languages are supported?
This skill supports TypeScript, JavaScript, Python, Go, Swift, and Kotlin. It covers frameworks like React, Node.js, Express, and databases like PostgreSQL.
How often should security audits be performed?
Run automated audits on every code commit or pull request. Conduct comprehensive manual audits quarterly and after major feature additions.

Developer Details

License

MIT

Repository

https://github.com/alirezarezvani/claude-skills/tree/main/engineering-team/senior-security

Ref

main

File structure

📁 references/

📄 cryptography_implementation.md

📄 penetration_testing_guide.md

📄 security_architecture_patterns.md

📁 scripts/

📄 pentest_automator.py

📄 security_auditor.py

📄 threat_modeler.py

📄 evaluation_output.json

📄 SKILL.md