How does the skill detect hardcoded secrets?

The skill includes a dedicated secrets scanning step that searches for high-impact patterns including AWS keys, GitHub tokens, database connection strings, and generic API keys.

Does this scan my entire repository every time?

No, the Quick Scan is designed for speed and efficiency, focusing only on specific files, staged changes, or individual commits to provide rapid feedback without the overhead of a full repo scan.

What are the prerequisites for using this skill?

You must have Codacy CLI v2 installed (typically at ~/.local/bin/codacy-cli-v2) and properly configured using the /codacy:setup command.

Which programming languages and frameworks are supported?

It supports a wide range of languages including JavaScript, TypeScript, Python, and Go, with specialized security patterns for frameworks like React, Express, Django, and Flask.

Can it automatically fix the security issues it identifies?

Yes, by using the --fix argument, the skill can attempt to automatically resolve supported security issues identified during the scan using Codacy's remediation engine.

Quick Security Scan for Codacy

Name: Quick Security Scan for Codacy
Author: jaimefjorge

byjaimefjorge

0•

セキュリティとテスト

Performs rapid security audits on specific files, staged changes, or pull requests using Codacy and AI-powered insights.

This skill provides a fast, targeted security analysis for developers looking for immediate feedback without running a full-scale review. By integrating Codacy CLI v2 with context-aware AI analysis, it identifies vulnerabilities like SQL injection, hardcoded secrets, and XSS in specific code changes. It is particularly effective for pre-commit checks and pull request reviews, utilizing project-specific profiles to apply language and framework-specific security patterns while offering automated remediation for supported issues.

主な機能

01Automated remediation support for supported issues via the --fix flag

02Context-aware analysis using project-specific security profiles

03Actionable reporting with severity levels and specific remediation steps

040 GitHub stars

05Targeted scans for specific files, git staged changes, or individual commits

06Comprehensive secret scanning for AWS keys, GitHub tokens, and API credentials

ユースケース

01Validating staged changes for security vulnerabilities before committing code

02Reviewing specific files or pull requests for security risks during the PR process

03Auditing specific historical commits for potential security regressions

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jaimefjorge/codacy-plugin quick-scan

For use in Claude.ai and ChatGPT

主な機能

01Automated remediation support for supported issues via the --fix flag

02Context-aware analysis using project-specific security profiles

03Actionable reporting with severity levels and specific remediation steps

040 GitHub stars

05Targeted scans for specific files, git staged changes, or individual commits

06Comprehensive secret scanning for AWS keys, GitHub tokens, and API credentials

ユースケース

01Validating staged changes for security vulnerabilities before committing code

02Reviewing specific files or pull requests for security risks during the PR process

03Auditing specific historical commits for potential security regressions

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jaimefjorge/codacy-plugin quick-scan

For use in Claude.ai and ChatGPT