whatisgithub

What is security-skills?

mn-youssef/security-skills — explained in plain English

Analysis updated 2026-05-18

32Audience · developerComplexity · 2/5Setup · easy

In one sentence

A set of 16 AI-assistant skills that guide you through finding and fixing security vulnerabilities in your own applications, from recon through reporting.

Mindmap

mindmap
  root((Security Skills))
    Lifecycle
      Recon
      Plan
      Find
      Exploit
      Fix
      Report
    Core Skills
      security-testing orchestrator
      recon-and-osint
      threat-modeling
      security-code-audit
      active-pentest
    Deep Dive Specialists
      access-control-testing
      authentication-testing
      injection-testing
      api-security-testing
    Install Options
      Skills CLI
      Claude Code Plugin
      Manual Copy

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Run a guided security review of your own web app, from mapping exposed attack surface to writing a final report.

USE CASE 2

Get a static code audit that flags common vulnerability patterns like injection or broken access control.

USE CASE 3

Safely test your staging environment for issues like account takeover, SSRF, or leaked secrets.

USE CASE 4

Combine several small findings into one critical, chained attack path with a dedicated skill.

What is it built with?

Claude CodeMarkdownSkills CLI

How does it compare?

mn-youssef/security-skills855princekumar/sense-hivea6216abcd/free-residential-ip-proxy-controller
Stars323232
LanguageHTMLJavaScript
Setup difficultyeasyeasyhard
Complexity2/52/54/5
Audiencedeveloperops devopsdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

Written authorization for the target system is required before running any active testing skill.

So what is it?

This repository is a collection of 16 security-testing skills packaged as a plugin for AI coding tools like Claude Code. Each skill is a markdown file that gives an AI assistant structured instructions for a specific stage of security work, from initial reconnaissance all the way through writing a final report. The goal is to bring a methodical approach to finding and fixing security problems in your own applications. The skills follow a defined lifecycle: discover what is exposed, map the risks, read the source code for vulnerabilities, run active tests against a staging environment, fix what you find, and document everything with severity scores. An entry-point skill called security-testing acts as the starting point. It confirms that you have authorization to test the target and then routes you to whichever phase is relevant. You can also call individual skills directly if you already know what phase you are in. The specialist skills cover a wide range of vulnerability categories. There are skills for checking whether one user can access another user's data (a common and serious flaw), for testing login and session handling, for finding SQL injection and similar input-based attacks, for reviewing API endpoints, for catching secrets like API keys accidentally left in code or version history, and for combining multiple smaller findings into a single high-impact attack path. A final pair of skills covers applying fixes and writing structured reports with CVSS severity scores. Installing the plugin takes one command using the npx skills CLI, or a couple of slash commands inside Claude Code. The skills themselves are plain markdown files, so you can also copy individual ones manually into whatever path your tool expects. The README is explicit that these skills are for testing systems you own or have written permission to test. The active testing skill in particular is scoped to staging environments and avoids destructive techniques.

Copy-paste prompts

Prompt 1
Use the security-testing skill to start a full authorized security review of my staging app, beginning with recon.
Prompt 2
Run security-code-audit on this codebase and list any injection or authentication vulnerabilities you find.
Prompt 3
I have written authorization to test my own app. Use active-pentest to safely validate potential access-control issues.
Prompt 4
Use secrets-management-audit to check this repo and its git history for any exposed API keys or tokens.
Prompt 5
After running the recon and audit skills, use vulnerability-chaining to see if any findings combine into a bigger attack path.

Frequently asked questions

What is security-skills?

A set of 16 AI-assistant skills that guide you through finding and fixing security vulnerabilities in your own applications, from recon through reporting.

How hard is security-skills to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is security-skills for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.