What cryptographic issues does this skill detect?

It identifies a variety of risks including weak hashing (MD5/SHA1), deprecated encryption (mcrypt), hardcoded keys, insecure random numbers, and timing attack risks.

Does it check for SSL/TLS certificate validation issues?

Yes, it specifically flags instances where SSL verification is disabled in cURL options or stream contexts, which is a high-severity security oversight.

Does it suggest fixes for vulnerable PHP code?

Yes, it provides secure implementation patterns using modern PHP standards such as password_hash(), libsodium, and OpenSSL GCM modes.

Can it detect hardcoded keys in source code?

It scans PHP files for variable assignments and string patterns that indicate secrets, keys, or IVs stored directly in the code rather than environment variables.

PHP Cryptography Security Auditor

Name: PHP Cryptography Security Auditor
Author: dykyi-roman

bydykyi-roman

•

セキュリティとテスト

Analyzes PHP source code to detect and remediate cryptographic vulnerabilities, including weak algorithms and insecure key management.

The PHP Cryptography Security Auditor is a specialized skill for Claude Code designed to identify critical security flaws in PHP applications. It scans for a wide range of cryptographic anti-patterns such as the use of broken hashing algorithms like MD5, hardcoded secret keys, insecure random number generation, and deprecated mcrypt functions. By mapping findings to CWE standards and providing secure implementation alternatives using modern libraries like libsodium and OpenSSL GCM, it helps developers harden their applications against data breaches and timing attacks during the development lifecycle.

主な機能

01Detects weak hashing and encryption algorithms like MD5, SHA1, and ECB mode

02Identifies hardcoded sensitive data including encryption keys and IVs

03Flags insecure random number generation and predictable seeds

04Detects timing attack vulnerabilities and disabled SSL/TLS verification

05Audits key management practices and missing integrity protection (MAC)

0645 GitHub stars

ユースケース

01Migrating legacy PHP applications to modern, secure cryptographic standards

02Performing automated security audits during code reviews or architectural refactoring

03Ensuring compliance with security best practices and CWE-327 guidelines

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add dykyi-roman/awesome-claude-code check-crypto-usage

For use in Claude.ai and ChatGPT

Download Skill