What types of vulnerabilities does this skill detect?

The skill covers the OWASP Top 10 (including SQL injection and XSS), hardcoded secrets (like AWS or GitHub tokens), dependency CVEs, and infrastructure misconfigurations in Docker or Terraform.

How does it handle secrets detection?

It scans all files—including code, configs, docs, and test fixtures—for high-entropy strings and known patterns matching common API keys and private tokens.

Can I use this for infrastructure-as-code (IaC)?

Yes, it specifically includes checks for Terraform, Ansible, and Docker to ensure least privilege, encryption, and image hardening.

Does it provide remediation advice?

Every finding includes a description of the risk, its impact, and specific remediation steps with code examples to fix the issue.

Security Audit & Hardening

Name: Security Audit & Hardening
Author: lgbarn

bylgbarn

•

セキュリティとテスト

Performs comprehensive security reviews of code, dependencies, and infrastructure to identify vulnerabilities and prevent data leaks.

The Security Audit skill transforms Claude into a proactive security engineer, providing systematic oversight across your entire project lifecycle. It enforces rigorous checks for OWASP Top 10 vulnerabilities, identifies hardcoded secrets across all file types, and audits dependencies for known CVEs. Beyond application code, it evaluates infrastructure-as-code templates—including Terraform, Docker, and Ansible—to ensure cloud environments and containers are hardened against attack. By categorizing findings by severity and providing actionable remediation steps, it ensures security is a non-negotiable gate in your development workflow.

主な機能

01Dependency auditing to identify and mitigate known CVE risks.

02Infrastructure-as-Code hardening for Docker, Terraform, and Ansible.

03Automated secrets detection for API keys, tokens, and sensitive credentials.

04Standardized security reporting with clear severity levels and remediation paths.

05Systematic OWASP Top 10 vulnerability assessment for all code changes.

0638 GitHub stars

ユースケース

01Scanning configuration files and CI/CD pipelines for exposed secrets or insecure permissions.

02Conducting pre-merge security reviews to catch vulnerabilities before they reach production.

03Auditing container images and cloud infrastructure templates for security best practices.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add lgbarn/shipyard security-audit

For use in Claude.ai and ChatGPT

Download Skill