git404hub

what is security-skills fr?

mn-youssef/security-skills — explained in plain English

Analysis updated 2026-05-18

32Audience · developerComplexity · 2/5Setup · easy

tl;dr

A set of 16 AI-assistant skills that guide you through finding and fixing security vulnerabilities in your own applications, from recon through reporting.

vibe map

mindmap
  root((Security Skills))
    Lifecycle
      Recon
      Plan
      Find
      Exploit
      Fix
      Report
    Core Skills
      security-testing orchestrator
      recon-and-osint
      threat-modeling
      security-code-audit
      active-pentest
    Deep Dive Specialists
      access-control-testing
      authentication-testing
      injection-testing
      api-security-testing
    Install Options
      Skills CLI
      Claude Code Plugin
      Manual Copy

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Run a guided security review of your own web app, from mapping exposed attack surface to writing a final report.

VIBE 2

Get a static code audit that flags common vulnerability patterns like injection or broken access control.

VIBE 3

Safely test your staging environment for issues like account takeover, SSRF, or leaked secrets.

VIBE 4

Combine several small findings into one critical, chained attack path with a dedicated skill.

what's the stack?

Claude CodeMarkdownSkills CLI

how it stacks up fr

mn-youssef/security-skills855princekumar/sense-hivea6216abcd/free-residential-ip-proxy-controller
Stars323232
LanguageHTMLJavaScript
Setup difficultyeasyeasyhard
Complexity2/52/54/5
Audiencedeveloperops devopsdeveloper

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · easy time til it works · 5min

Written authorization for the target system is required before running any active testing skill.

in plain english

This repository is a collection of 16 security-testing skills packaged as a plugin for AI coding tools like Claude Code. Each skill is a markdown file that gives an AI assistant structured instructions for a specific stage of security work, from initial reconnaissance all the way through writing a final report. The goal is to bring a methodical approach to finding and fixing security problems in your own applications. The skills follow a defined lifecycle: discover what is exposed, map the risks, read the source code for vulnerabilities, run active tests against a staging environment, fix what you find, and document everything with severity scores. An entry-point skill called security-testing acts as the starting point. It confirms that you have authorization to test the target and then routes you to whichever phase is relevant. You can also call individual skills directly if you already know what phase you are in. The specialist skills cover a wide range of vulnerability categories. There are skills for checking whether one user can access another user's data (a common and serious flaw), for testing login and session handling, for finding SQL injection and similar input-based attacks, for reviewing API endpoints, for catching secrets like API keys accidentally left in code or version history, and for combining multiple smaller findings into a single high-impact attack path. A final pair of skills covers applying fixes and writing structured reports with CVSS severity scores. Installing the plugin takes one command using the npx skills CLI, or a couple of slash commands inside Claude Code. The skills themselves are plain markdown files, so you can also copy individual ones manually into whatever path your tool expects. The README is explicit that these skills are for testing systems you own or have written permission to test. The active testing skill in particular is scoped to staging environments and avoids destructive techniques.

prompts (copy fr)

prompt 1
Use the security-testing skill to start a full authorized security review of my staging app, beginning with recon.
prompt 2
Run security-code-audit on this codebase and list any injection or authentication vulnerabilities you find.
prompt 3
I have written authorization to test my own app. Use active-pentest to safely validate potential access-control issues.
prompt 4
Use secrets-management-audit to check this repo and its git history for any exposed API keys or tokens.
prompt 5
After running the recon and audit skills, use vulnerability-chaining to see if any findings combine into a bigger attack path.

Frequently asked questions

what is security-skills fr?

A set of 16 AI-assistant skills that guide you through finding and fixing security vulnerabilities in your own applications, from recon through reporting.

How hard is security-skills to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is security-skills for?

Mainly developer.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.