software-engineering-eng-security
CommunityFind and fix AppSec risks before production
System Documentation
What problem does it solve?
It helps teams identify and remediate application security weaknesses early, reducing the chance of exploitable vulnerabilities, data leaks, and costly late fixes.
Core Features & Use Cases
- Code security review (OWASP-aligned): Audits code for OWASP Top 10 risks and prioritizes P0 issues with evidence (e.g., CWE), attack vectors, and concrete fix guidance.
- Threat modeling (STRIDE + DFD): Produces a structured STRIDE analysis with a data-flow diagram, threat register, mitigations, and testable security acceptance criteria.
- Secure configuration checks: Reviews security headers, CORS/CSP, auth/session/cookie hardening, and secrets management practices to prevent common misconfigurations.
Use cases include reviewing a PR for injection/authz issues, modeling threats for a new feature, hardening API headers and cookie settings, and auditing secrets/dependency exposure ahead of release.
Quick Start
Ask the skill to "Review this feature design for security using threat modeling with STRIDE and produce mitigations and acceptance criteria."
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: software-engineering-eng-security Download link: https://github.com/rodrigo-altissimo/qiartificial/archive/main.zip#software-engineering-eng-security Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.