Can this skill detect hardcoded secrets in my code?

Yes, it includes specialized patterns to identify hardcoded API keys, private keys, and tokens across various programming languages and environment files.

What tools does this skill use for auditing?

The skill leverages industry-standard tools including testssl.sh, openssl, sslyze, hashcat, and custom grep patterns for deep source code analysis.

Is this tool meant for penetration testing?

It is intended for authorized security assessments and internal audits to help developers find and fix vulnerabilities before they can be exploited.

Does it support the latest encryption standards?

Absolutely. It checks for TLS 1.3 support, high-entropy ECC curves, and modern password hashing algorithms like Argon2id and Scrypt.

Cryptographic Security Audit

Name: Cryptographic Security Audit
Author: plurigrid

byplurigrid

•

Seguridad y Pruebas

Audits cryptographic implementations for vulnerabilities, weak algorithms, and improper key management using industry-standard security tools.

The Cryptographic Audit skill provides a comprehensive framework for assessing the security of encryption implementations, TLS configurations, and sensitive data handling within your codebase and infrastructure. It automates the detection of common cryptographic anti-patterns—such as hardcoded secrets, weak PRNGs, and insecure cipher suites—while providing actionable remediation guidance based on modern security standards. Designed for developers and security engineers, this skill facilitates thorough authorized assessments to ensure data protection and compliance across web services and applications.

Características Principales

01Source code pattern matching for hardcoded secrets and insecure algorithms

02Password hash auditing and entropy assessment for authentication security

03Deep inspection of certificate chains, expiry, and key strengths

04Automated TLS/SSL configuration scanning and protocol version testing

057 GitHub stars

06Standardized audit reporting with severity ratings and remediation steps

Casos de Uso

01Auditing key management practices to ensure secure storage and rotation policies

02Reviewing application source code for cryptographic flaws like ECB mode usage

03Validating production TLS configurations and verifying certificate transparency

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add plurigrid/asi cryptographic-audit

For use in Claude.ai and ChatGPT

Download Skill