About
This Claude skill performs structured security reviews to harden designs and implementations when triggered by terms like "threat model" or "security review." It provides threat modeling, secure design analysis, dependency audits, and compliance checks, generating outputs like security gap assessments and remediation backlogs. It's designed to be used after architecture and test strategy work is complete.
Quick Install
Claude Code
Recommendednpx skills add mattnigh/skills_collection -a claude-code/plugin add https://github.com/mattnigh/skills_collectiongit clone https://github.com/mattnigh/skills_collection.git ~/.claude/skills/bmad-security-reviewCopy and paste this command in Claude Code to install this skill
GitHub Repository
Frequently asked questions
What is the bmad-security-review skill?
bmad-security-review is a Claude Skill by mattnigh. Skills package instructions and resources that Claude loads on demand, so Claude can perform bmad-security-review-related tasks without extra prompting.
How do I install bmad-security-review?
Use the install commands on this page: add bmad-security-review to Claude Code as a plugin, or clone its repository into your skills directory, then restart Claude so it picks up the skill.
What category does bmad-security-review belong to?
bmad-security-review is in the Design category, tagged design.
Is bmad-security-review free to use?
Yes. bmad-security-review is listed on AIMCP and free to install. It runs inside Claude, so no separate service account is required to use the skill itself.
Related Skills
Use the executing-plans skill when you have a complete implementation plan to execute in controlled batches with review checkpoints. It loads and critically reviews the plan, then executes tasks in small batches (default 3 tasks) while reporting progress between each batch for architect review. This ensures systematic implementation with built-in quality control checkpoints.
This skill dispatches a code-reviewer subagent to analyze code changes against requirements before proceeding. It should be used after completing tasks, implementing major features, or before merging to main. The review helps catch issues early by comparing the current implementation with the original plan.
This skill provides a comprehensive guide for developers to connect MCP servers to Claude Code using HTTP, stdio, or SSE transports. It covers installation, configuration, authentication, and security for integrating external services like GitHub, Notion, and custom APIs. Use it when setting up MCP integrations, configuring external tools, or working with Claude's Model Context Protocol.
This skill helps developers choose between Claude Code Web and CLI interfaces based on task analysis, then enables seamless session teleportation between these environments. It optimizes workflow by managing session state and context when switching between web, CLI, or mobile. Use it for complex projects requiring different tools at various stages.
