# Run Security Readiness Checks

Software teams need repeatable checks before code reaches users. This skill gives Claude, Codex, and Claude Code a concise security workflow for keys, dependencies, OWASP risks, and release readiness.

## Install

```bash
npx skillstore add byronwilliamscpa/security
```

## Metadata

- - Slug: byronwilliamscpa-security
- - Version: 1.0.0
- - Author: ByronWilliamsCPA
- - GitHub username: ByronWilliamsCPA
- - License: MIT
- - Repository: https://github.com/ByronWilliamsCPA/fragrance-rater/tree/main/.claude/skills/security
- - Ref: main
- - Supported tools: Claude, Codex, Claude Code
- - Risk level: low
- - Risk factors: external\_commands
- - Quality score: 78
- - Quality tier: bronze
- - Public page: https://skillstore.pages.dev/skills/byronwilliamscpa-security
- - Manifest: https://skillstore.pages.dev/api/skills/byronwilliamscpa-security/manifest

## Capabilities

- Guides GPG secret key and SSH agent validation.
- Lists git signing key checks for development environments.
- Provides commands for Bandit, pip-audit, Safety, and Semgrep scans.
- Defines pre-commit and pre-release security checklist items.
- Summarizes OWASP Top 10 review areas for application code.

## Use Cases

- Pre-Commit Security Check: Run a quick checklist for secrets, dependency risk, and Python security findings before committing code.
- Release Readiness Review: Confirm known vulnerabilities are addressed and document advisory needs before publishing a release.
- OWASP Risk Walkthrough: Use the OWASP Top 10 prompts to review input validation, access control, data exposure, and logging.

## Prompt Templates

### Check My Environment

```
Use the security skill to help me validate my GPG key, SSH key, and git signing configuration. Explain each check before I run it.
```

### Run a Basic Scan Plan

```
Use the security skill to create a safe scan plan for this repository. Include dependency checks, Bandit, and Semgrep, but do not run commands until I approve them.
```

### Review Release Security

```
Use the security skill to review release readiness. Check unresolved vulnerabilities, dependency status, security advisory needs, and secure configuration risks.
```

### Map Findings to OWASP

```
Use the security skill to map these scan findings to OWASP Top 10 categories. Prioritize exploitable issues, explain impact, and suggest remediation steps.
```

## Limitations

- Does not include executable workflow files beyond the main SKILL.md guidance.
- Does not automatically run scanners or validate scan results.
- Assumes the required security tools are installed in the project environment.
- Provides general OWASP guidance, not legal, compliance, or penetration testing certification.

## Best Practices

- Review every command before execution and confirm it matches your repository layout.
- Run dependency and static analysis scans before releases and after major dependency changes.
- Treat secrets, signing keys, and scan reports as sensitive project information.

## Anti Patterns

- Running scanner commands blindly without checking their scope or configuration.
- Treating a clean scan as proof that the application is secure.
- Ignoring dependency updates after a known vulnerability is reported.

## Security Audit

- - Safe to publish: true
- - Audited at: 2026-06-28T18:14:47.119\+00:00
- - Summary: Static analysis flagged a command block and two weak-cryptography patterns. The command block is documented guidance for local security tools, while the weak-cryptography matches are false positives in descriptive security text.

## Stats

- - Views: 203
- - Downloads: 5
- - Favorites: 0
- - Popularity score: 0
