Can Claude Code fix the security issues it finds?

While the security-scan skill focuses on detection and reporting, it is designed to delegate the remediation task to specialized agents like 'sniper' for automated code fixes.

Which programming languages are supported by Security Scan?

The skill supports a wide range of languages including JavaScript, TypeScript, PHP, Python, Swift/iOS, Go, and Rust by detecting standard project markers like package.json or go.mod.

How are the scan results reported?

The skill generates structured reports using built-in templates that map every finding to specific OWASP Top 10 categories for clear remediation guidance.

Does this skill detect hardcoded secrets?

Yes, one of the primary functions of the security-scan skill is to identify hardcoded secrets, API keys, and other sensitive credentials within the codebase.

Security Scan Expert

Name: Security Scan Expert
Author: fusengine

byfusengine

•

Seguridad y Pruebas

Orchestrates comprehensive security audits across multiple programming languages to identify OWASP Top 10 vulnerabilities and hardcoded secrets.

The Security Scan skill provides a specialized orchestration layer for Claude Code to perform deep security analysis across various tech stacks. It automatically detects project environments—such as JavaScript, Python, Go, and Swift—and applies hundreds of domain-specific patterns to uncover critical risks like XSS, SQL injection, and insecure deserialization. By mapping findings directly to OWASP Top 10 categories and generating structured reports, it enables developers to maintain high security standards and integrate automated remediation workflows through downstream agent delegation.

Características Principales

01Automatic project detection using language-specific marker files

02Multi-language support for JS/TS, PHP, Python, Swift, Go, and Rust

03Standardized security report generation using structured templates

04Automated identification of hardcoded secrets and sensitive credentials

05Advanced pattern matching for OWASP Top 10 vulnerability categories

064 GitHub stars

Casos de Uso

01Identifying and mapping legacy code vulnerabilities to OWASP risk categories

02Performing a comprehensive security audit before a production release

03Scanning repositories for leaked API keys, credentials, and weak cryptography

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add fusengine/agents security-scan

For use in Claude.ai and ChatGPT

Download Skill