Which Python frameworks are supported?

The skill includes specialized, built-in security checks for Flask, Django, and FastAPI, in addition to general security patterns applicable to any Python codebase.

Does this skill scan production .env files?

By default, the scanner skips real .env files to protect sensitive data. It focuses on analyzing .env.example or .env.template files to ensure proper documentation and structure without exposing actual secrets.

Can I perform a quick scan for just one type of vulnerability?

Yes, you can run targeted scans using specific flags like --secrets, --injection, --deps, or --auth to focus on specific categories of security risks.

Is the security report compatible with CI/CD pipelines?

Yes, the skill can generate output compatible with SARIF for GitHub Code Scanning, JSON for custom integrations, and JUnit XML for standard CI/CD pipelines.

Python Security Scanner

Name: Python Security Scanner
Author: sugarforever

bysugarforever

•

セキュリティとテスト

Performs comprehensive security audits and vulnerability scans for Python web applications and scripts to identify OWASP risks and insecure patterns.

The Python Security Scan skill provides an automated, deep-dive auditing capability for Python projects, specifically optimized for Flask, Django, and FastAPI frameworks. It streamlines the identification of OWASP Top 10 vulnerabilities, such as SQL injection and insecure deserialization, while performing automated dependency checks for known CVEs. By analyzing code structures and configuration templates, it helps developers catch hardcoded secrets and framework-specific security misconfigurations before they reach production, providing clear severity classifications and actionable remediation guidance.

主な機能

01Automated dependency auditing for known CVEs using pip-audit and safety.

02Intelligent scanning for hardcoded secrets, credentials, and API keys.

03Automatic framework detection for Flask, Django, and FastAPI projects.

04Categorized severity reporting with actionable remediation advice and code snippets.

05Comprehensive OWASP Top 10 vulnerability mapping and reporting.

0619 GitHub stars

ユースケース

01Pre-deployment security audits for enterprise-grade Python web applications.

02Validating third-party dependencies and environment variable templates for security compliance.

03Automated code reviews to identify injection flaws and insecure deserialization patterns.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add sugarforever/01coder-agent-skills python-security-scan

For use in Claude.ai and ChatGPT

Download Skill