Can it detect hardcoded API keys and secrets?

Yes, the skill uses advanced pattern matching to identify exposed credentials, including AWS keys, Stripe tokens, database strings, and JWT secrets.

Does it check for third-party library vulnerabilities?

Yes, it audits package managers like npm, yarn, go.mod, and requirements.txt for known CVEs and outdated dependencies.

How are the audit results formatted?

Results are delivered in a structured report categorized by severity (Critical to Info), including impact analysis and specific code fixes.

Can I run audits on specific directories?

Absolutely. You can request targeted audits for specific folders, individual files, or even just the changes made in a specific timeframe.

Which programming languages does the Audit skill support?

It provides comprehensive coverage for major technology stacks including React, TypeScript, JavaScript, Go, Rust, and Python.

Code Security & Quality Audit

Name: Code Security & Quality Audit
Author: MadAppGang

byMadAppGang

•

230

•

セキュリティとテスト

Performs comprehensive security scans and code quality assessments to identify vulnerabilities, exposed secrets, and technical debt.

The Audit skill provides a robust automated framework for evaluating codebase health across multiple dimensions, including OWASP Top 10 vulnerabilities, dependency security, hardcoded secrets, and maintainability metrics. It supports major ecosystems like JavaScript, Go, Rust, and Python, offering actionable reports with severity levels and specific remediation advice. Whether you are preparing for a production deployment or performing a routine compliance check, this skill helps ensure your software remains secure, compliant, and maintainable.

主な機能

01230 GitHub stars

02Real-time scanning for hardcoded API keys, tokens, and credentials

03Code quality analysis including cyclomatic complexity and duplication

04Automated OWASP Top 10 vulnerability detection and reporting

05Comprehensive audit reports with severity-based categorization and fix recommendations

06Dependency audit for known CVEs across npm, Go, Cargo, and Pip

ユースケース

01Verifying GDPR or SOC2 compliance by auditing data handling and encryption practices

02Conducting pre-deployment security reviews to block critical vulnerabilities from reaching production

03Identifying and refactoring technical debt by analyzing code complexity and architectural smells

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add madappgang/claude-code audit

For use in Claude.ai and ChatGPT

Download Skill