Which languages are supported for dependency scanning?

The skill currently supports major package managers for Python (requirements.txt, pyproject.toml, setup.py) and Node.js (package.json, package-lock.json).

Where are the security findings saved?

By default, security findings and documentation are saved to a 'security-notes/' directory in your project root, though custom locations can be specified.

What types of vulnerabilities does it detect?

It scans for a wide range of issues including SQL injection, command injection, path traversal, sensitive data exposure, and insecure deserialization.

Is the PoC generation safe to use?

PoC generation is an experimental feature intended for research and remediation testing; it should always be used responsibly within controlled, non-production environments.

Can I use this for CI/CD workflows?

Yes, the skill includes specialized commands like 'analyze-github-pr' designed to work with GitHub Actions for automated pull request security reviews.

Security Reviewer

Name: Security Reviewer
Author: KvFxKaido

byKvFxKaido

0•

Seguridad y Pruebas

Performs comprehensive security audits, vulnerability scans, and proof-of-concept generation using the Gemini security extension.

This skill empowers Claude to conduct deep security analysis of your codebase by leveraging Gemini's specialized security tools. It can scan project dependencies for known CVEs, analyze branch diffs for injection flaws or privacy violations, and generate experimental proof-of-concept scripts to validate findings. Ideal for developers wanting to shift security left, it documents all vulnerabilities in a structured format and integrates seamlessly into both local development workflows and automated GitHub PR reviews.

Características Principales

010 GitHub stars

02Automated security reviews for GitHub Pull Requests via CI/CD

03Dependency scanning for known CVEs in Python and Node.js projects

04Structured security documentation and automated finding logs

05Branch analysis to identify injection flaws and authentication issues

06Experimental Proof-of-Concept (PoC) generation for vulnerability validation

Casos de Uso

01Validating potential path traversal or command injection risks with PoC scripts

02Scanning third-party dependencies for high-risk security flaws and CVEs

03Auditing a new feature branch for vulnerabilities before merging a Pull Request

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add kvfxkaido/sentinel security

For use in Claude.ai and ChatGPT

Download Skill