Can it detect leaked API keys in my code?

Yes, it specifically scans for exposed secrets, tokens, and API keys, providing immediate warnings and instructions on how to properly use environment variables or secret managers.

When is the best time to invoke this skill?

It should be used whenever you are handling user input, modifying authentication or payment logic, working with sensitive data, or performing database operations.

Is it based on industry security standards?

Absolutely. The skill maps its findings to specific CWE (Common Weakness Enumeration) identifiers and OWASP Top 10 categories to ensure professional-grade reporting.

Does it provide code fixes for the issues it finds?

Yes, for every vulnerability detected, the skill provides a 'Secure Fix' example, an explanation of the remediation approach, and an estimate of the effort required to fix it.

What types of vulnerabilities does this skill detect?

It identifies a wide range of issues including SQL and NoSQL injection, XSS, CSRF, insecure authentication, hardcoded secrets, cryptographic weaknesses, and API security misconfigurations.

Security Pattern Check

Name: Security Pattern Check
Author: kjgarza

bykjgarza

0•

Seguridad y Pruebas

Identifies security vulnerabilities and anti-patterns to provide senior-level feedback on code safety and compliance.

The Security Pattern Check skill acts as an automated security auditor within the Claude Code environment, scanning your codebase for critical vulnerabilities and architectural anti-patterns. It evaluates code against the OWASP Top 10 and CWE standards, identifying risks such as SQL injection, broken authentication, and hardcoded secrets. Designed for senior-level oversight, it provides not only immediate alerts but also detailed risk assessments, exploit scenarios, and actionable remediation steps with secure code examples to ensure production-grade safety.

Características Principales

01Actionable remediation guidance with secure code comparisons and fix-effort estimates.

020 GitHub stars

03Detailed risk assessments with severity levels, exploitability scores, and impact analysis.

04Real-time detection of hardcoded secrets, API keys, and insecure data storage practices.

05Automated compliance mapping to industry standards like CWE and PCI DSS.

06Comprehensive scanning for OWASP Top 10 vulnerabilities including SQLi, XSS, and CSRF.

Casos de Uso

01Reviewing authentication and authorization logic before merging sensitive PRs.

02Scanning legacy codebases for outdated cryptographic methods and hardcoded credentials.

03Auditing API endpoints for input validation, rate limiting, and data exposure risks.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add kjgarza/marketplace-claude security-pattern-check

For use in Claude.ai and ChatGPT

Características Principales

01Actionable remediation guidance with secure code comparisons and fix-effort estimates.

020 GitHub stars

03Detailed risk assessments with severity levels, exploitability scores, and impact analysis.

04Real-time detection of hardcoded secrets, API keys, and insecure data storage practices.

05Automated compliance mapping to industry standards like CWE and PCI DSS.

06Comprehensive scanning for OWASP Top 10 vulnerabilities including SQLi, XSS, and CSRF.

Casos de Uso

01Reviewing authentication and authorization logic before merging sensitive PRs.

02Scanning legacy codebases for outdated cryptographic methods and hardcoded credentials.

03Auditing API endpoints for input validation, rate limiting, and data exposure risks.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add kjgarza/marketplace-claude security-pattern-check

For use in Claude.ai and ChatGPT