How does the AI improve the security review process?

The AI filters out false positives by understanding code context, provides root cause analysis for complex vulnerabilities, and generates specific 'Before and After' code examples for remediation.

Can I run a security review on a specific directory?

Absolutely. You can provide a specific path as an argument to focus the analysis on a single directory or file instead of the entire project.

What tools does this skill use for analysis?

This skill utilizes the Codacy CLI v2 to orchestrate multiple industry-standard engines including Semgrep, Trivy, ESLint, and Pylint, combined with custom AI-driven pattern matching.

Does it detect hardcoded secrets and API keys?

Yes, it specifically scans for high-risk secrets including AWS keys, GitHub tokens, database URLs, and private keys using advanced regex patterns and AI verification.

Does this skill cover the OWASP Top 10?

Yes, the security-review workflow includes a specific checklist and scanning patterns designed to cover all categories of the OWASP Top 10, from Injection to SSRF.

Codacy Security Review

Name: Codacy Security Review
Author: jaimefjorge

byjaimefjorge

0•

Seguridad y Pruebas

Performs comprehensive security audits by combining Codacy static analysis with AI-powered vulnerability detection and remediation guidance.

The Codacy Security Review skill empowers developers to conduct deep security assessments within their local environment. By integrating Codacy CLI v2 with Claude's reasoning capabilities, it identifies vulnerabilities across multiple languages and frameworks, detects exposed secrets, and evaluates risks based on the OWASP Top 10. The skill intelligently loads project profiles to provide context-aware analysis, ensuring that findings are relevant to your specific architecture while providing actionable code fixes to resolve identified issues.

Características Principales

01Automated secrets detection for cloud keys, tokens, and credentials

02AI-powered risk assessment and context-aware remediation snippets

03Framework-specific scanning for React, Express, Django, Flask, and FastAPI

040 GitHub stars

05Multi-tool static analysis using Codacy CLI v2 (Semgrep, Trivy, ESLint, etc.)

06Comprehensive security report generation with severity grading

Casos de Uso

01Validating third-party dependency safety and infrastructure-as-code configurations

02Scanning legacy repositories for hidden vulnerabilities and hardcoded secrets

03Pre-production security auditing of new features and microservices

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jaimefjorge/codacy-plugin security-review

For use in Claude.ai and ChatGPT

Características Principales

01Automated secrets detection for cloud keys, tokens, and credentials

02AI-powered risk assessment and context-aware remediation snippets

03Framework-specific scanning for React, Express, Django, Flask, and FastAPI

040 GitHub stars

05Multi-tool static analysis using Codacy CLI v2 (Semgrep, Trivy, ESLint, etc.)

06Comprehensive security report generation with severity grading

Casos de Uso

01Validating third-party dependency safety and infrastructure-as-code configurations

02Scanning legacy repositories for hidden vulnerabilities and hardcoded secrets

03Pre-production security auditing of new features and microservices

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jaimefjorge/codacy-plugin security-review

For use in Claude.ai and ChatGPT