security-review
When the user needs a security assessment — threat modeling, vulnerability review, auth flow audit, dependency scanning, or says "is this secure", "review for vulnerabilities", "threat model", "security audit", "pen test prep".
83
80%
Does it follow best practices?
Impact
86%
1.30xAverage score across 3 eval scenarios
Risky
Do not use without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/security-review/SKILL.mdEvaluation results
95%
46%Security Assessment: E-Commerce Checkout Service
Security report format and STRIDE threat modeling
Executive Summary section
75%
100%
STRIDE threat model table
0%
100%
Findings by severity
100%
100%
SEC-N finding identifiers
0%
100%
CVSS scores on findings
50%
90%
File:line locations
100%
100%
Remediation code examples
100%
100%
Business impact in findings
100%
100%
Auth Flow Assessment section
0%
100%
Dependency Vulnerabilities section
25%
50%
Remediation Roadmap section
33%
100%
65%
-14%Security Audit: Python ML API Service
Automated scanning tools and five-phase workflow
semgrep in audit script
70%
50%
bandit in audit script
100%
100%
pip-audit in audit script
100%
100%
trivy image in audit script
100%
100%
Scanning before manual review
40%
30%
Secrets detection step
100%
100%
CVSS v3.1 scores assigned
80%
0%
False positive validation noted
0%
0%
Remediation roadmap with timelines
100%
100%
Business impact classification
100%
70%
100%
30%Auth System Security Review: Healthcare SaaS Platform
Auth flow checklist and remediation priorities
bcrypt cost flag
100%
100%
JWT access token lifetime
90%
100%
Refresh token rotation
100%
100%
Refresh token lifetime
25%
100%
Rate limiting on auth endpoints
50%
100%
Session invalidation on password change
100%
100%
OAuth state parameter
25%
100%
MFA for admin accounts
100%
100%
Single-use time-limited reset tokens
100%
100%
Remediation priority timelines
40%
100%
Auth/authz bypass priority
40%
100%
- Repository
- shawnpang/startup-founder-skills
- Commit
4ad31b4
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.