mn-youssef/security-skills — explained in plain English
Analysis updated 2026-05-18
Run a guided security review of your own web app, from mapping exposed attack surface to writing a final report.
Get a static code audit that flags common vulnerability patterns like injection or broken access control.
Safely test your staging environment for issues like account takeover, SSRF, or leaked secrets.
Combine several small findings into one critical, chained attack path with a dedicated skill.
| mn-youssef/security-skills | 855princekumar/sense-hive | a6216abcd/free-residential-ip-proxy-controller | |
|---|---|---|---|
| Stars | 32 | 32 | 32 |
| Language | — | HTML | JavaScript |
| Setup difficulty | easy | easy | hard |
| Complexity | 2/5 | 2/5 | 4/5 |
| Audience | developer | ops devops | developer |
Figures from each repo's GitHub metadata at analysis time.
Written authorization for the target system is required before running any active testing skill.
This repository is a collection of 16 security-testing skills packaged as a plugin for AI coding tools like Claude Code. Each skill is a markdown file that gives an AI assistant structured instructions for a specific stage of security work, from initial reconnaissance all the way through writing a final report. The goal is to bring a methodical approach to finding and fixing security problems in your own applications. The skills follow a defined lifecycle: discover what is exposed, map the risks, read the source code for vulnerabilities, run active tests against a staging environment, fix what you find, and document everything with severity scores. An entry-point skill called security-testing acts as the starting point. It confirms that you have authorization to test the target and then routes you to whichever phase is relevant. You can also call individual skills directly if you already know what phase you are in. The specialist skills cover a wide range of vulnerability categories. There are skills for checking whether one user can access another user's data (a common and serious flaw), for testing login and session handling, for finding SQL injection and similar input-based attacks, for reviewing API endpoints, for catching secrets like API keys accidentally left in code or version history, and for combining multiple smaller findings into a single high-impact attack path. A final pair of skills covers applying fixes and writing structured reports with CVSS severity scores. Installing the plugin takes one command using the npx skills CLI, or a couple of slash commands inside Claude Code. The skills themselves are plain markdown files, so you can also copy individual ones manually into whatever path your tool expects. The README is explicit that these skills are for testing systems you own or have written permission to test. The active testing skill in particular is scoped to staging environments and avoids destructive techniques.
A set of 16 AI-assistant skills that guide you through finding and fixing security vulnerabilities in your own applications, from recon through reporting.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.