Does this skill only provide security advice?

No, it generates concrete, production-ready code changes that resolve vulnerabilities and can apply them directly to your codebase.

What types of vulnerabilities can it fix?

It supports a wide variety of CWEs, including SQL Injection, XSS, Command Injection, Path Traversal, SSRF, and Hardcoded Secrets.

Is the generated code compatible with my framework?

The skill is designed to be framework-idiomatic, preferring built-in security mechanisms for popular frameworks like Express, Django, and React.

How does it track which issues are resolved?

It updates a local '.appsec/findings.json' file with a 'fix-applied' status, timestamps, and the specific diff used for the remediation.

Can I control the scope of the code changes?

Yes, using the --depth flag you can choose between 'quick' (minimal changes), 'standard', 'deep' (refactoring), or 'expert' (including regression tests).

AppSec Security Fix Generator

Name: AppSec Security Fix Generator
Author: florianbuetow

byflorianbuetow

•

Seguridad y Pruebas

Generates and applies production-ready code fixes for security vulnerabilities and findings identified within your codebase.

The AppSec Fix skill automates the remediation of security vulnerabilities by generating concrete, idiomatic code changes tailored to your specific tech stack. It handles a wide range of security issues, including SQL injection, XSS, and broken access control, by analyzing the root cause and applying context-aware mitigations. Whether you need a minimal one-line patch or an expert-level refactor with regression tests, this skill streamlines the transition from security finding to resolved issue while maintaining your project's coding style and framework best practices.

Características Principales

01Generates production-ready, functional code fixes for CWE-mapped vulnerabilities.

02Maintains an audit trail by updating local findings records with applied fix metadata.

036 GitHub stars

04Supports multiple fix depths ranging from quick patches to deep architectural refactors.

05Provides framework-idiomatic solutions for environments like Express, Django, and React.

06Automatically identifies targets via finding IDs, file locations, or vulnerability descriptions.

Casos de Uso

01Automating the application of security patches across multiple files to ensure defensive coding consistency.

02Securing legacy code by replacing hardcoded credentials with environment-based secret management.

03Rapidly remediating high-severity SQL injection or XSS findings discovered in security audits.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add florianbuetow/claude-code fix

For use in Claude.ai and ChatGPT

Download Skill