How does the dependency audit work?

The skill parses files like requirements.txt or package.json and runs them against known CVE databases using tools like pip-audit and npm audit.

Does it provide code fixes for identified issues?

Yes, every finding includes a description of the risk, specific remediation steps, and code examples for implementing the fix.

What languages are supported for security analysis?

While secrets detection is language-agnostic, the skill includes specialized logic and tools for Python and JavaScript/Node.js projects.

Can this skill find leaked API keys?

Yes, it uses advanced regex patterns to identify accidentally committed keys for AWS, Stripe, GCP, and other common service providers.

Security Scanning

Name: Security Scanning
Author: eyadsibai

byeyadsibai

Seguridad y Pruebas

Performs automated security audits to detect hardcoded secrets, OWASP vulnerabilities, and insecure dependency versions in codebases.

Acerca de

The Security Scanning skill transforms Claude into an automated security auditor, enabling deep analysis of codebases for critical risks such as exposed API keys, SQL injection, and vulnerable dependencies. It leverages specialized search patterns and dependency auditing tools to identify security anti-patterns and OWASP Top 10 vulnerabilities, providing developers with clear severity ratings and actionable remediation steps to strengthen their application's security posture before deployment.

Características Principales

Automated secrets and credential detection for API keys and tokens
0 GitHub stars
OWASP Top 10 vulnerability scanning (XSS, SQLi, Command Injection)
Identification of weak cryptographic patterns and insecure defaults
Comprehensive remediation guidance with severity classification
Dependency auditing for Python (pip-audit) and Node.js (npm audit)

Casos de Uso

Auditing third-party dependencies for known CVEs and outdated packages
Identifying cross-site scripting (XSS) or SQL injection risks in web application code
Scanning a repository for hardcoded credentials or private keys before a public release

Acerca de

Características Principales

Automated secrets and credential detection for API keys and tokens
0 GitHub stars
OWASP Top 10 vulnerability scanning (XSS, SQLi, Command Injection)
Identification of weak cryptographic patterns and insecure defaults
Comprehensive remediation guidance with severity classification
Dependency auditing for Python (pip-audit) and Node.js (npm audit)

Casos de Uso

Auditing third-party dependencies for known CVEs and outdated packages
Identifying cross-site scripting (XSS) or SQL injection risks in web application code
Scanning a repository for hardcoded credentials or private keys before a public release