senior-security

Name: senior-security
Author: alirezarezvani

0.0

Comprehensive security engineering skill for application security, penetration testing, security architecture, and compliance auditing. Includes security assessment tools, threat modeling, crypto implementation, and security automation. Use when designing security architecture, conducting penetration tests, implementing cryptography, or performing security audits.

Commands Agents Marketplace

#core capabilities#claude-ai#compliance auditing#Senior Security#security#claudecode-subagents#claude-ai-skills#security architecture

Third-Party Agent Skill: Review the code before installing. Agent skills execute in your AI assistant's environment and can access your files. Learn more about security

Installation for Agentic Skill

View all platforms →

Claude Code (CLI) Fast

skilz install alirezarezvani/claude-skills/senior-security

OpenCode (CLI) Fast

skilz install alirezarezvani/claude-skills/senior-security --agent opencode

OpenAI Codex (CLI) Native

skilz install alirezarezvani/claude-skills/senior-security --agent codex

Gemini CLI (Project) Project

skilz install alirezarezvani/claude-skills/senior-security --agent gemini

First time? Install Skilz: pip install skilz

Works with 22+ AI coding agents

Cursor, Aider, Copilot, Windsurf, Qwen, Kimi, and more...

View All Agents

For Claude Desktop Easy

Download Agent Skill ZIP

Extract and copy to ~/.claude/skills/ then restart Claude Desktop

Manual Installation

1. Clone the repository:

git clone https://github.com/alirezarezvani/claude-skills

Agentic Skill Grades →

Agent Skill Grade

Score: 40/100 Click to see breakdown

Score Breakdown

Spec Compliance

12/15

PDA Architecture

8/30

Ease of Use

12/25

Writing Style

4/10

Utility

4/20

Areas to Improve

All three reference files are identical generic templates with no security content. They promise 'Security Architecture Patterns', 'Penetration Testing Guide', and 'Cryptography Implementation' but contain placeholder text.
All three Python scripts are identical templates. They promise threat modeling, security auditing, and penetration testing but only print empty reports. The analyze() method does nothing.
Tech stack lists generic technologies unrelated to security engineering. No security tools mentioned (Burp Suite, Metasploit, OWASP ZAP, Nmap, Wireshark, etc.).

Recommendations

Focus on improving Pda (currently 8/30)
Focus on improving Ease Of Use (currently 12/25)
Focus on improving Writing Style (currently 4/10)

Graded: 1/24/2026

Developer Feedback

I was curious about the security-focused angle here, but the fundamentals seem to be missing some depth—let me walk through what I'm seeing at a 40/100 grade and where we could strengthen this.

Links:

The TL;DR

You're at 40/100, landing in F territory. This is based on Anthropic's best practices for agentic skills. Your strongest area is Spec Compliance (12/15)—the frontmatter and naming conventions are solid. The killer is Utility (4/20)—the skill promises a lot but doesn't deliver actual security functionality.

What's Working Well

Clean metadata structure – Your YAML frontmatter is valid and the skill name follows hyphen-case conventions correctly
Solid trigger phrases – The description nails discoverability with specific keywords: "penetration tests", "security audits", "cryptography implementation"
Good spec alignment – You're following the skill format requirements properly; the problem is what's inside

The Big One: Empty Reference and Script Files

This is your main blocker. All three reference files (security_architecture_patterns.md, penetration_testing_guide.md, cryptography_implementation.md) are identical generic templates with placeholder text like "Pattern 1: Best Practice Implementation" and "Detailed explanation of the pattern." Same story with your Python scripts—they're all identical templates where analyze() just returns empty results.

You're promising "Complete toolkit for senior security" but delivering boilerplate. Replace those references with actual security patterns: OAuth 2.0 validation, STRIDE threat modeling, OWASP Top 10 mitigations, AES-256-GCM encryption, SQL injection prevention. The scripts should implement real security scanning—threat modeling analysis, secret detection, vulnerability testing. This alone could net you +15 points.

Other Things Worth Fixing

Tech stack mismatch – Lists React, Next.js, Flutter but nothing security-specific. Swap in Burp Suite, OWASP ZAP, Metasploit, Wireshark, cryptography libraries. This shows you understand the actual tools.
Marketing fluff everywhere – "Expert-level automation", "Production-grade output", "Complete toolkit" without substance. Replace with concrete descriptions of what actually happens (e.g., "Generates STRIDE threat models" instead of "Comprehensive analysis").
Missing navigation – Your main SKILL.md is 210 lines with no table of contents, making it harder to navigate. A quick TOC at the top would help.

Quick Wins

Most impactful first:

Populate reference files with real security patterns and implementation guidance (+10 points)
Implement actual script logic instead of empty templates (+8 points)
Swap generic tech stack for security-specific tools (+5 points)
Strip marketing language and replace with concrete descriptions (+3 points)

Checkout your skill here: SkillzWave.ai | SpillWave We have an agentic skill installer that install skills in 14+ coding agent platforms. Check out this guide on how to improve your agentic skills.

AI-Detected Topics

Extracted using NLP analysis

core capabilities claude-ai compliance auditing Senior Security security claudecode-subagents claude-ai-skills security architecture practices senior-security description guide claude-skills claude-code anthropic-claude penetration testing Comprehensive claude-code-skills agentic-ai agentic-coding

Report Security Issue

Found a security vulnerability in this agent skill?