Can this skill automatically fix security vulnerabilities?

Yes, if a critical or high-severity issue is found, the skill enters a self-correction loop to identify the cause, apply a fix, and re-run the scan.

Does it support OWASP Top 10 compliance?

Yes, the agent is configured to be aware of and actively avoid the OWASP Top 10 vulnerabilities during the code generation and auditing phases.

What scanning tools does the Security Auditor skill use?

The skill utilizes npm audit and Semgrep for Node.js projects, and pip-audit and Bandit for Python environments to provide comprehensive coverage.

Where does this skill fit in a standard workflow?

It is designed to run as a dedicated gate (Gate 2.5) after automated testing but before final browser verification or deployment.

Security Auditor

Name: Security Auditor
Author: kimhons

bykimhons

•

セキュリティとテスト

Integrates a mandatory security verification gate into the development pipeline to detect and remediate vulnerabilities autonomously.

The Security Auditor skill establishes a non-negotiable security gate within the Claude Code verification pipeline, ensuring that no code is committed with critical or high-risk vulnerabilities. By leveraging industry-standard tools like Semgrep, Bandit, and dependency auditors for both Node.js and Python environments, it automatically scans for security flaws and enforces OWASP Top 10 compliance. When issues are detected, the skill initiates a self-correction loop, attempting to fix the code or upgrade dependencies before proceeding, making it essential for production-level AI development.

主な機能

01Real-time dependency auditing for Node.js and Python projects

021 GitHub stars

03Native awareness of OWASP Top 10 security principles

04Mandatory security gates that block critical and high-severity issues

05Automated SAST scanning using Semgrep and Bandit

06Autonomous self-correction loop for fixing detected vulnerabilities

ユースケース

01Identifying and fixing common web vulnerabilities like SQL injection and SSRF

02Preventing the introduction of vulnerable dependencies into production environments

03Enforcing secure coding standards automatically during agentic development

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add kimhons/ralph-loop-ultra security-auditor

For use in Claude.ai and ChatGPT

Download Skill