Which programming languages are supported?

The skill includes specialized security patterns for Node.js, Python, PHP, Go, Java, .NET, Rust, and React/Frontend frameworks.

How does it categorize security risks?

Vulnerabilities are classified using the standard CVSS (Common Vulnerability Scoring System) scale from Info and Low to High and Critical.

Can it detect logic-based vulnerabilities?

Yes, it includes processes for manual logic abusability checks, identifying race conditions, business logic flaws, and state manipulation errors.

Does it require external tools to run security audits?

It leverages native tools already in your environment (like npm audit or pip-audit) for speed and accuracy, but can also perform manual code analysis and web-based CVE lookups.

What is 'Taint Analysis' in this context?

Taint analysis traces user-controlled input (Sources) through the application to dangerous functions (Sinks) to identify unvalidated data paths that could lead to exploits.

Comprehensive Security Analysis

Name: Comprehensive Security Analysis
Author: d4rkNinja

byd4rkNinja

•

Seguridad y Pruebas

Performs deep security audits, vulnerability scanning, and risk assessments across multiple technology stacks.

This skill acts as a master framework for end-to-end security analysis within Claude Code. It automatically detects the project's technology stack—ranging from Node.js and Python to Rust and Java—and orchestrates a multi-phased security review. By combining native dependency audits (SCA), static code analysis (SAST), and advanced data flow tracing, it identifies critical vulnerabilities such as injections, broken authentication, and memory safety issues. Beyond simple detection, it provides context-aware risk assessments using CVSS standards and generates actionable remediation plans, including specific upgrade guidance and security hardening patches.

Características Principales

01Taint analysis and data flow tracing for injection detection

025 GitHub stars

03Native dependency auditing (npm audit, pip-audit, cargo audit, etc.)

04Detailed remediation templates with migration and upgrade paths

05Automated technology stack detection and attack surface mapping

06CVSS-based risk classification and severity assessment

Casos de Uso

01Automating the discovery of outdated and exploitable project dependencies

02Mapping complex data flows to prevent SQL injection and sensitive data exposure

03Performing pre-release security audits to identify and patch vulnerabilities

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add d4rkninja/code-guardian skills

For use in Claude.ai and ChatGPT

Download Skill