senior-security

Security engineering toolkit for threat modeling, vulnerability analysis, secure architecture, and penetration testing. Includes STRIDE analysis, OWASP guidance, cryptography patterns, and security scanning tools.

Install with Tessl CLI

npx tessl i github:alirezarezvani/claude-skills --skill senior-security

What are skills?

Review — 76%

Does it follow best practices?

If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:

npx tessl skill review --optimize ./path/to/skill

Learn more

Evaluation — 95%

Agent success when using this skill

Validation — 10 / 11 Passed

Validation for skill structure

SKILL.md

Review

Evals

Evaluation results

85%

-1%

Payment Microservice Threat Model

STRIDE/DREAD threat modeling

Criteria

Without context

With context

DFD elements present

100%

Trust boundary shown

100%

STRIDE applied to Process

50%

30%

STRIDE per element matrix

87%

100%

DREAD scores present

100%

DREAD formula correct

Threats table structure

100%

Mitigations mapped

100%

Residual risks documented

100%

Recommendations section

100%

threat_modeler.py used

100%

JSON summary produced

100%

Payment-specific threats

100%

Without context: $0.7411 · 3m 43s · 15 turns · 57 in / 14,106 out tokens

With context: $0.9335 · 3m 48s · 21 turns · 21 in / 14,399 out tokens

100%

Security Audit: Fix Cryptographic Vulnerabilities in Python Module

Cryptography algorithm selection and implementation

Criteria

Without context

With context

ECB mode replaced

100%

Fixed IV eliminated

100%

Authenticated encryption used

100%

MD5 password hashing replaced

100%

Fixed salt eliminated

100%

Secure token generation

100%

Hardcoded secret removed

100%

HMAC-SHA256 for signing

100%

Constant-time comparison

100%

MD5 checksum replaced

100%

Findings report produced

100%

Without context: $0.4955 · 2m 35s · 15 turns · 15 in / 9,405 out tokens

With context: $0.7290 · 2m 57s · 20 turns · 140 in / 10,211 out tokens

100%

Security Architecture Document: Multi-Tenant SaaS Platform

Security architecture design

Criteria

Without context

With context

OAuth 2.0 + PKCE for web

100%

OIDC for identity federation

100%

mTLS for service-to-service

100%

JWT short expiration

100%

All 5 defense-in-depth layers

80%

100%

Zero Trust: verify explicitly

100%

Zero Trust: least privilege / JIT

100%

Zero Trust: assume breach

100%

AES-256-GCM for data at rest

75%

100%

TLS 1.3 for transit

75%

100%

Security headers listed

100%

HSTS specified

100%

Architecture decisions JSON

100%

Rate limiting at perimeter

100%

Without context: $0.4610 · 3m 51s · 10 turns · 10 in / 11,018 out tokens

With context: $0.6281 · 4m 6s · 15 turns · 15 in / 11,875 out tokens

Evaluated: about 1 hour ago
Agent: Claude Code

Table of Contents

Payment Microservice Threat Model Security Audit: Fix Cryptographic Vulnerabilities in Python Module Security Architecture Document: Multi-Tenant SaaS Platform

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.