Summary
This is a structured security auditing skill that walks Claude through threat modeling, vulnerability scanning, and remediation planning for both code and AI prompts. It enforces hard rules like not dismissing findings without proof and not exposing discovered secrets, then runs through a checklist covering OWASP risks, prompt injection, and business logic flaws. The workflow is opinionated about severity classification and includes a table of developer rationalizations to push back against. What's useful here is the dual focus on traditional app security and LLM-specific attacks, treating prompts as code that controls tool execution. Good for pre-commit reviews or release audits when you want consistent coverage without the false negatives that come from ad-hoc security questions.
Install to Claude Code
npx -y skills add codeaholicguy/ai-devkit --skill security-review --agent claude-codeInstalls into .claude/skills of the current project.
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →
Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →Files
SKILL.md
Select a file.
Featured
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →First SeenJun 11, 2026
