Does the skill provide suggestions on how to fix vulnerabilities?

Absolutely. Every finding in the generated report includes a description of the issue and clear, actionable remediation steps.

Can I run a specific type of security check instead of a full scan?

Yes, you can use specific flags such as --owasp for Top 10 risks, --secrets for credential leaks, or --deps for dependency auditing.

What specific security risks does this skill detect?

It detects major OWASP Top 10 risks such as SQL Injection and XSS, hardcoded secrets like API keys and passwords, and vulnerable dependencies in npm and pip ecosystems.

Where are the security audit results stored?

The skill automatically generates a detailed report saved in your project at .claude/docs/active/{feature}/security-review.md.

Security Auditor

Name: Security Auditor
Author: Wondermove-Inc

byWondermove-Inc

•

Seguridad y Pruebas

Performs comprehensive security audits including OWASP Top 10 checks, secret detection, and dependency vulnerability scanning.

The Security skill is a core component of the Code Assurance Layer (CALAB), providing automated security reviews directly within the Claude Code environment. It systematically analyzes codebases for the OWASP Top 10 vulnerabilities, scans for hardcoded secrets like API keys or credentials, and audits project dependencies for known CVEs. By generating structured markdown reports with severity rankings and actionable remediation advice, this skill enables developers to proactively identify and fix critical security flaws during the development lifecycle.

Características Principales

01Real-time detection of hardcoded secrets and environment variables

021 GitHub stars

03Detailed security reporting with severity-based categorization

04Targeted scanning for specific directories or full project scope

05Automated OWASP Top 10 vulnerability identification

06Dependency vulnerability analysis for npm and pip packages

Casos de Uso

01Preventing sensitive credential leaks by scanning for hardcoded API keys

02Performing pre-release security audits to ensure compliance with OWASP standards

03Identifying and updating vulnerable third-party libraries within a project

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add wondermove-inc/calab-claude-plugin security

For use in Claude.ai and ChatGPT

Download Skill