Is this suitable for production-grade security reviews?

While it is a powerful automated tool for identifying common patterns and vulnerabilities, it should be used as a complement to professional penetration testing and manual code reviews.

What types of vulnerabilities can this skill identify?

The skill identifies a wide range of issues including SQL injection, Cross-Site Scripting (XSS), broken authentication, sensitive data exposure, and insecure deserialization.

Does it detect hardcoded API keys and secrets?

Yes, it specifically scans for patterns related to API tokens, private keys, passwords, and environment variables across your source files.

Can it check my project dependencies?

Yes, it analyzes manifest files like package.json, requirements.txt, and Gemfiles to flag outdated or potentially vulnerable components.

How is the security report formatted?

The skill produces a standardized JSON report that includes an audit summary, risk level, specific findings with file paths, and recommended remediation steps.

Security Audit

Name: Security Audit
Author: DonTizi

byDonTizi

•

Seguridad y Pruebas

Conducts comprehensive codebase security reviews to identify OWASP vulnerabilities, exposed secrets, and dependency risks.

The Security Audit skill provides a automated, deep-dive analysis of your project's security posture by scanning for exposed credentials, OWASP Top 10 vulnerabilities, and insecure dependency patterns. It streamlines the auditing process by generating structured JSON reports that categorize risks by severity—from Low to Critical—providing actionable remediation steps and CWE mappings. This skill is ideal for developers and security engineers who need to proactively identify and fix vulnerabilities before they reach production.

Características Principales

012 GitHub stars

02Heuristic analysis of authentication, session management, and access control logic

03Structured JSON output including risk levels, file locations, and remediation advice

04Comprehensive scanning for OWASP Top 10 vulnerabilities like SQLi and XSS

05Automated secret and credential detection for API keys, tokens, and private keys

06Dependency analysis for package.json, requirements.txt, and other manifest files

Casos de Uso

01Auditing legacy projects or third-party code for known security weaknesses

02Pre-release security verification to prevent credential leakage and injection flaws

03Regular codebase health checks to maintain compliance with security best practices

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add dontizi/codegeass security-audit

For use in Claude.ai and ChatGPT

Download Skill