windshock/external-software-analysis
skills/external/external-software-analysis/SKILL.md
External software analysis workflows for binaries/packages (decompilation, reverse engineering, static analysis, fuzzing, and evidence collection). Use when analyzing third-party software without source access.
$ install --global
skillsauthnpx skillsauth add windshock/oh-my-secuaudit external-software-analysisInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 27, 2026, 1:33 PM183.7s1 file scanned
SKILL.md
- name:
- external-software-analysis
- description:
- External software analysis workflows for binaries/packages (decompilation, reverse engineering, static analysis, fuzzing, and evidence collection). Use when analyzing third-party software without source access.
External Software Analysis
Overview
Guide external software analysis from decompilation to vulnerability discovery and evidence collection. Output is a structured Markdown report.
Workflow
- Read
references/external_sources.mdfor local canonical references. - Apply the discovery process (decompile -> static scan -> flow tracing -> evidence).
- Produce a Markdown report following the reference report structure.
- When summarizing, map severity using
references/severity_criteria.mdandreferences/severity_criteria_detail.md. - If JSON findings are emitted, they must conform to
schemas/finding_schema.jsonand include:provenance(one ofbinary-confirmed|source-confirmed|runtime-confirmed|not-confirmed)impacted_flow(one or more flow IDs such asF1,F2)
Skill Interop: security-architecture-review
- Use this handoff when binary/package findings affect service trust boundaries, data flows, or authz decisions.
- Produce a compact handoff section (or separate markdown) with:
- External component name/version/artifact path
- Integration points (caller/callee, endpoint/function, file evidence)
- Data-in/data-out and sensitive fields touched
- Security control assumptions at the boundary (TLS, signature, token validation, pinning)
- Finding-to-flow mapping (
finding_id -> impacted flow/boundary) - Evidence provenance tag per claim:
binary-confirmed,source-confirmed,runtime-confirmed,not-confirmed
- When source code is available for the integrating service, explicitly cross-check and upgrade provenance tags where possible.
- Reference template:
references/architecture_handoff.md.
Reporting
- Primary output: Markdown report (example reference provided).
- Use severity mapping from
references/severity_criteria.mdand detailed criteria inreferences/severity_criteria_detail.md. - Produce a common summary JSON using
schemas/reporting_summary_schema.jsonin this skill directory. - When task-level JSON is required, use
schemas/task_output_schema.json. - Use
scripts/generate_reporting_summary.pyin this skill directory to build JSON output. - For cross-skill usage, also emit a handoff markdown file (default:
./external-analysis-architecture-handoff.md) usingreferences/architecture_handoff.md.
Resources
references/
references/external_sources.mdreferences/external_report_template.mdreferences/discovery_process.mdreferences/severity_criteria.mdreferences/severity_criteria_detail.mdreferences/reporting_summary.mdreferences/architecture_handoff.md
schemas/
schemas/reporting_summary_schema.jsonschemas/task_output_schema.jsonschemas/finding_schema.json
scripts/
scripts/generate_reporting_summary.py
Related Skills
windshock/sec-reference-retrieval
testing
VerifiedTrustedCommunity
Query multi-source AppSec catalogs (CWE / OWASP Cheat Sheet Series / GitHub Advisory Database / AppSec.fyi) for a given security finding and propose a synthesis row to the security-field-notes synthesis-ledger via PR. Use when a producer skill (sec-audit-static, sec-audit-dast, external-software-analysis) emits a finding that needs external reference enrichment, or when packaging an assessment finding for downstream remediation context.
2SKILL.mdUpdated May 22, 2026
windshock/security-testing-as-code
development
VerifiedTrustedCommunity
Transform security assessment deliverables from static documents (Word/Excel/portal) into version-controlled, executable projects. PoCs replace narrative claims; saved HTTP requests replace checkboxes; commit hashes enable exact-state reproduction. Use when scoping methodology for an audit, when an existing assessment needs to be made reproducible, or when assessment outputs must be inheritable across teams.
2SKILL.mdUpdated May 19, 2026
windshock/security-architecture-review
development
VerifiedTrustedCommunity
Security architecture review for codebases, producing Data Flow Diagram (DFD) with trust boundaries, Attack Flow overlay, scoped attack surface inventory, sensitive data map, and risk summary grounded in code. Use when asked to perform architecture-focused security review, reconstruct security design from code, or produce DFD/attack-flow documentation.
2SKILL.mdUpdated May 19, 2026
windshock/sec-cluster
development
VerifiedTrustedCommunity
Dataflow-based code clustering for security assessments. Groups (Endpoint, Sink) paths by shared review strategy so reviewers sample representative cases instead of exhaustively reviewing every path. Use when scoping manual review on a codebase with 50+ endpoints, repetitive sanitization patterns, or after initial SAST/SCA produces large finding sets that need triage.
2SKILL.mdUpdated May 19, 2026