This one trains Claude to think like a security researcher, not just run a scanner. It covers OWASP Top 10 2025 (including the new supply chain and exceptional conditions categories), teaches threat modeling, and shows you how to prioritize findings with CVSS and EPSS scores instead of drowning in CVE noise. The methodology is phase-based: reconnaissance, discovery, analysis, reporting. What I like here is the emphasis on root causes over symptoms and the fail-secure mindset throughout. It includes runtime validation scripts and checklists for auth, APIs, and data protection. Use this when you need structured security analysis that considers business context, not just a raw vulnerability dump.
npx skills add https://github.com/davila7/claude-code-templates --skill vulnerability-scanner