generating-security-audit-reports
について
このスキルは、セキュリティデータから包括的なセキュリティ監査レポートを生成し、脆弱性の評価、コンプライアンスの確認、修復ロードマップの作成を行います。ユーザーが脆弱性評価やセキュリティ態勢分析を必要とする際に、`/audit-report` などのコマンドで起動されます。このスキルは、開発者がセキュリティ問題を特定し追跡するのに役立つ、様々な形式の詳細なレポートを作成します。
クイックインストール
Claude Code
推奨/plugin add https://github.com/jeremylongshore/claude-code-plugins-plusgit clone https://github.com/jeremylongshore/claude-code-plugins-plus.git ~/.claude/skills/generating-security-audit-reportsこのコマンドをClaude Codeにコピー&ペーストしてスキルをインストールします
ドキュメント
Overview
This skill allows Claude to create detailed security audit reports. It analyzes existing security data, identifies vulnerabilities, assesses compliance with industry standards, and suggests remediation steps. The generated reports can be used to improve an organization's security posture and meet compliance requirements.
How It Works
- Data Collection: Claude gathers data from various security tools and sources.
- Analysis: The plugin analyzes the collected data to identify vulnerabilities and compliance issues.
- Report Generation: Claude compiles the findings into a comprehensive security audit report, including an executive summary, vulnerability details, compliance status, and remediation recommendations.
When to Use This Skill
This skill activates when you need to:
- Generate a comprehensive security audit report.
- Assess the security posture of an application or system.
- Identify vulnerabilities and compliance issues.
Examples
Example 1: Security Posture Assessment
User request: "Create a security audit report for our web application."
The skill will:
- Analyze the web application's security data.
- Generate a report outlining vulnerabilities, compliance status, and remediation recommendations.
Example 2: Compliance Audit
User request: "/auditreport for PCI-DSS compliance"
The skill will:
- Analyze the current system configurations and security measures.
- Generate a report focused on PCI-DSS compliance, highlighting areas of non-compliance and recommended actions.
Best Practices
- Clarity: Provide specific details about the system or application you want to audit.
- Context: Mention any relevant compliance standards (e.g., PCI-DSS, GDPR, HIPAA) to focus the audit.
- Review: Always review the generated report for accuracy and completeness.
Integration
This skill can be integrated with other security tools and plugins to enhance data collection and analysis. It provides a central point for generating security audit reports from various sources.
GitHub リポジトリ
関連スキル
content-collections
メタThis skill provides a production-tested setup for Content Collections, a TypeScript-first tool that transforms Markdown/MDX files into type-safe data collections with Zod validation. Use it when building blogs, documentation sites, or content-heavy Vite + React applications to ensure type safety and automatic content validation. It covers everything from Vite plugin configuration and MDX compilation to deployment optimization and schema validation.
creating-opencode-plugins
メタThis skill provides the structure and API specifications for creating OpenCode plugins that hook into 25+ event types like commands, files, and LSP operations. It offers implementation patterns for JavaScript/TypeScript modules that intercept and extend the AI assistant's lifecycle. Use it when you need to build event-driven plugins for monitoring, custom handling, or extending OpenCode's capabilities.
evaluating-llms-harness
テストThis Claude Skill runs the lm-evaluation-harness to benchmark LLMs across 60+ standardized academic tasks like MMLU and GSM8K. It's designed for developers to compare model quality, track training progress, or report academic results. The tool supports various backends including HuggingFace and vLLM models.
sglang
メタSGLang is a high-performance LLM serving framework that specializes in fast, structured generation for JSON, regex, and agentic workflows using its RadixAttention prefix caching. It delivers significantly faster inference, especially for tasks with repeated prefixes, making it ideal for complex, structured outputs and multi-turn conversations. Choose SGLang over alternatives like vLLM when you need constrained decoding or are building applications with extensive prefix sharing.