Claude Code Plugins

Community-maintained marketplace

Feedback

senior-security

@rickydwilson-dcs/claude-skills
6
0

Comprehensive security engineering skill for application security, penetration testing, security architecture, and compliance auditing. Includes security assessment tools, threat modeling, crypto implementation, and security automation. Use when designing security architecture, conducting penetration tests, implementing cryptography, or performing security audits.

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name senior-security
title Senior Security Skill Package
description Comprehensive security engineering skill for application security, penetration testing, security architecture, and compliance auditing. Includes security assessment tools, threat modeling, crypto implementation, and security automation. Use when designing security architecture, conducting penetration tests, implementing cryptography, or performing security audits.
domain engineering
subdomain security-engineering
difficulty advanced
time-saved TODO: Quantify time savings
frequency TODO: Estimate usage frequency
use-cases Conducting security audits and vulnerability assessments, Implementing authentication and authorization patterns, Setting up security monitoring and incident response, Reviewing code for OWASP Top 10 vulnerabilities
related-agents
related-skills
related-commands
orchestrated-by
dependencies [object Object]
compatibility [object Object]
tech-stack Python 3.8+, Markdown
examples [object Object]
stats [object Object]
version v1.0.0
author Claude Skills Team
contributors
created Sun Oct 19 2025 00:00:00 GMT+0000 (Coordinated Universal Time)
updated Sun Nov 23 2025 00:00:00 GMT+0000 (Coordinated Universal Time)
license MIT
tags architecture, automation, design, engineering, security, senior, testing
featured false
verified true

Senior Security

Complete toolkit for senior security engineers with comprehensive security architecture, penetration testing, and threat modeling frameworks.

Overview

The Senior Security skill provides enterprise-grade security engineering frameworks, penetration testing methodologies, and threat modeling tools for building secure applications and infrastructure. This skill covers application security, API security, cryptography implementation, secure architecture patterns, and security auditing used by leading security teams.

Designed for senior security engineers and application security specialists, this skill includes proven patterns for OWASP Top 10 mitigation, threat modeling (STRIDE, PASTA), penetration testing automation, and secure coding practices. All content focuses on defense-in-depth security with practical implementation guidance.

Core Value: Build security-first applications that prevent 98%+ of common vulnerabilities while enabling rapid development and maintaining compliance with industry standards.

Quick Start

Main Capabilities

This skill provides three core capabilities through automated scripts:

# Script 1: Threat Modeler
python scripts/threat_modeler.py [options]

# Script 2: Security Auditor
python scripts/security_auditor.py [options]

# Script 3: Pentest Automator
python scripts/pentest_automator.py [options]

Core Capabilities

1. Threat Modeler

Automated tool for threat modeler tasks.

Features:

  • Automated scaffolding
  • Best practices built-in
  • Configurable templates
  • Quality checks

Usage:

python scripts/threat_modeler.py <project-path> [options]

2. Security Auditor

Comprehensive analysis and optimization tool.

Features:

  • Deep analysis
  • Performance metrics
  • Recommendations
  • Automated fixes

Usage:

python scripts/security_auditor.py <target-path> [--verbose]

3. Pentest Automator

Advanced tooling for specialized tasks.

Features:

  • Expert-level automation
  • Custom configurations
  • Integration ready
  • Production-grade output

Usage:

python scripts/pentest_automator.py [arguments] [options]

Key Workflows

1. Conduct Threat Modeling

Time: 4-6 hours for comprehensive threat model

  1. Define System Scope - Identify boundaries, assets, and trust levels
  2. Create Architecture Diagram - Map data flows and components
  3. Run Threat Modeler - Execute threat_modeler.py to identify threats (STRIDE framework)
  4. Assess Risk - Evaluate likelihood and impact of each threat
  5. Define Mitigations - Design security controls for high-priority threats

Expected Output: Threat model with identified threats, risk scores, and mitigation strategies

2. Perform Security Audit

Time: 1-2 weeks

  1. Scope Security Audit - Define systems, applications, and infrastructure to audit
  2. Run Security Auditor - Execute security_auditor.py for automated checks
  3. Manual Review - Code review, configuration review, access control audit
  4. Document Findings - Create audit report with severity classifications
  5. Create Remediation Plan - Prioritize and schedule security improvements

Expected Output: Security audit report with findings, severity scores, and remediation roadmap

3. Execute Penetration Test

Time: 1-2 weeks

  1. Define Pentest Scope - Identify targets, testing boundaries, and rules of engagement
  2. Run Automated Scans - Execute pentest_automator.py for initial reconnaissance
  3. Manual Exploitation - Attempt to exploit identified vulnerabilities
  4. Document Exploits - Record successful attacks with proof-of-concept
  5. Provide Remediation Guidance - Recommend fixes for discovered vulnerabilities

Expected Output: Penetration test report with exploited vulnerabilities and remediation recommendations

Python Tools

threat_modeler.py

Performs systematic threat modeling using STRIDE framework with automated threat identification and mitigation recommendations.

Key Features:

  • STRIDE threat analysis (Spoofing, Tampering, Repudiation, Information Disclosure, DoS, Elevation of Privilege)
  • Data flow diagram parsing
  • Automated threat identification based on architecture patterns
  • Risk scoring (likelihood × impact)
  • Mitigation strategy recommendations
  • Threat library with common attack patterns
  • Export to security documentation formats

Common Usage:

# Analyze architecture diagram
python scripts/threat_modeler.py architecture.json --framework stride

# Generate threat report
python scripts/threat_modeler.py architecture.json --report detailed

# Focus on high-risk threats
python scripts/threat_modeler.py architecture.json --min-risk high

# Help
python scripts/threat_modeler.py --help

Use Cases:

  • Security design reviews for new features
  • Identifying security requirements before development
  • Risk assessment for system changes
  • Security training and threat awareness

security_auditor.py

Performs comprehensive security audits with OWASP coverage, secure coding analysis, and configuration review.

Key Features:

  • OWASP Top 10 compliance checking
  • Secure coding pattern analysis
  • Authentication and authorization review
  • Cryptography implementation audit
  • API security assessment
  • Configuration hardening checks
  • Access control verification
  • Audit trail and logging validation

Common Usage:

# Run security audit
python scripts/security_auditor.py /path/to/project

# Focus on specific areas
python scripts/security_auditor.py /path/to/project --checks auth,crypto,api

# Generate compliance report
python scripts/security_auditor.py /path/to/project --report compliance

# Help
python scripts/security_auditor.py --help

Use Cases:

  • Pre-production security validation
  • Compliance audits (SOC 2, ISO 27001)
  • Security baseline assessment for acquisitions
  • Periodic security health checks

pentest_automator.py

Automates penetration testing workflows with reconnaissance, vulnerability exploitation, and reporting capabilities.

Key Features:

  • Automated reconnaissance (port scanning, service enumeration)
  • Vulnerability exploitation (common CVEs, misconfigurations)
  • Web application testing (SQLi, XSS, CSRF, authentication bypass)
  • Network testing (man-in-the-middle, lateral movement)
  • API security testing
  • Report generation with proof-of-concept
  • Integration with Metasploit, Burp Suite, and other pentest tools

Common Usage:

# Run automated pentest
python scripts/pentest_automator.py --target https://example.com

# Focus on web application
python scripts/pentest_automator.py --target https://example.com --scope web

# Generate executive report
python scripts/pentest_automator.py --target https://example.com --report executive

# Help
python scripts/pentest_automator.py --help

Use Cases:

  • Annual penetration testing requirements
  • Pre-launch security validation
  • Red team exercises
  • Security posture assessment

Reference Documentation

Security Architecture Patterns

Comprehensive guide available in references/security_architecture_patterns.md:

  • Detailed patterns and practices
  • Code examples
  • Best practices
  • Anti-patterns to avoid
  • Real-world scenarios

Penetration Testing Guide

Complete workflow documentation in references/penetration_testing_guide.md:

  • Step-by-step processes
  • Optimization strategies
  • Tool integrations
  • Performance tuning
  • Troubleshooting guide

Cryptography Implementation

Technical reference guide in references/cryptography_implementation.md:

  • Technology stack details
  • Configuration examples
  • Integration patterns
  • Security considerations
  • Scalability guidelines

Tech Stack

Languages: TypeScript, JavaScript, Python, Go, Swift, Kotlin Frontend: React, Next.js, React Native, Flutter Backend: Node.js, Express, GraphQL, REST APIs Database: PostgreSQL, Prisma, NeonDB, Supabase DevOps: Docker, Kubernetes, Terraform, GitHub Actions, CircleCI Cloud: AWS, GCP, Azure

Development Workflow

1. Setup and Configuration

# Install dependencies
npm install
# or
pip install -r requirements.txt

# Configure environment
cp .env.example .env

2. Run Quality Checks

# Use the analyzer script
python scripts/security_auditor.py .

# Review recommendations
# Apply fixes

3. Implement Best Practices

Follow the patterns and practices documented in:

  • references/security_architecture_patterns.md
  • references/penetration_testing_guide.md
  • references/cryptography_implementation.md

Best Practices Summary

Code Quality

  • Follow established patterns
  • Write comprehensive tests
  • Document decisions
  • Review regularly

Performance

  • Measure before optimizing
  • Use appropriate caching
  • Optimize critical paths
  • Monitor in production

Security

  • Validate all inputs
  • Use parameterized queries
  • Implement proper authentication
  • Keep dependencies updated

Maintainability

  • Write clear code
  • Use consistent naming
  • Add helpful comments
  • Keep it simple

Common Commands

# Development
npm run dev
npm run build
npm run test
npm run lint

# Analysis
python scripts/security_auditor.py .
python scripts/pentest_automator.py --analyze

# Deployment
docker build -t app:latest .
docker-compose up -d
kubectl apply -f k8s/

Troubleshooting

Common Issues

Check the comprehensive troubleshooting section in references/cryptography_implementation.md.

Getting Help

  • Review reference documentation
  • Check script output messages
  • Consult tech stack documentation
  • Review error logs

Resources

  • Pattern Reference: references/security_architecture_patterns.md
  • Workflow Guide: references/penetration_testing_guide.md
  • Technical Guide: references/cryptography_implementation.md
  • Tool Scripts: scripts/ directory