Does it perform dynamic analysis or penetration testing?

It primarily focuses on static analysis, configuration review, and dependency scanning, though it can trigger Go's race detector and other CLI-based security tools.

Is this skill specific to the Tunnox project?

While originating from Tunnox Core, its methodology and security checks are highly effective for any Go-based backend service or network-related application.

Can it help with compliance reporting?

Yes, it includes professional templates for documenting high, medium, and low severity issues, making it easier to generate structured audit reports for stakeholders.

How does this skill detect security vulnerabilities?

It uses a combination of targeted grep commands, pattern analysis, and predefined security checklists to identify risks like hardcoded secrets, weak encryption, and improper input validation.

Can it automatically fix the vulnerabilities it finds?

The skill provides specific remediation suggestions and code examples. Once a vulnerability is identified, you can direct Claude to apply the suggested fixes directly to your files.

Security Audit & Hardening

Name: Security Audit & Hardening
Author: tunnox-net

bytunnox-net

•

セキュリティとテスト

Conducts comprehensive security audits for backend systems to identify vulnerabilities in authentication, encryption, and access control.

概要

This skill empowers Claude to perform deep-dive security assessments of codebase architectures, specifically optimized for networked tunnel systems and Go-based services. It provides structured workflows for auditing JWT implementations, TLS configurations, data encryption standards (like AES-256-GCM), and infrastructure safety. By combining automated grep-based vulnerability scanning with manual logic review, it helps developers detect hardcoded secrets, insecure random number generation, and potential injection points while providing actionable remediation templates and professional audit reports.

主な機能

Automated JWT and authentication mechanism verification
4 GitHub stars
Deep scanning for hardcoded credentials and sensitive data leaks
Input validation audit for SQL, Command, and Path injection risks
Cryptographic standards review including TLS and AES-GCM configurations
Standardized security report generation with CVSS-style prioritization

ユースケース

Pre-release security verification for networking or tunnel-based applications
Identifying and remediating weak cryptographic implementations in Go projects
Generating professional security audit reports for compliance or internal code reviews

概要

主な機能

Automated JWT and authentication mechanism verification
4 GitHub stars
Deep scanning for hardcoded credentials and sensitive data leaks
Input validation audit for SQL, Command, and Path injection risks
Cryptographic standards review including TLS and AES-GCM configurations
Standardized security report generation with CVSS-style prioritization

ユースケース

Pre-release security verification for networking or tunnel-based applications
Identifying and remediating weak cryptographic implementations in Go projects
Generating professional security audit reports for compliance or internal code reviews