Summary
This is a proper penetration testing workflow that actually opens a browser and validates security issues at runtime, not just static analysis. It walks through OWASP Top 10 checks with real evidence: submitting XSS payloads to see if they render, testing JWT tampering, verifying HttpOnly flags on cookies, attempting CSRF attacks. The phased approach (educate, scope, analyze, report, remediate) means you get findings with CVE references and confidence scores, plus YAML regression tests to prevent backsliding. Use it before launches, after auth changes, or when handling payment data. It catches the stuff that only shows up in a live browser: misconfigured headers, insecure token storage, broken access controls.
Install to Claude Code
npx -y skills add shiplightai/agent-skills --skill security-review --agent claude-codeInstalls into .claude/skills of the current project.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Files
SKILL.md
Select a file.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →First SeenJun 3, 2026
