Should I use this for general code reviews?

No, this skill is specialized for security. For general logic, style, and performance reviews, you should use the standard code-reviewer skill.

Can it detect vulnerabilities in project dependencies?

Yes, it integrates with tools like npm audit to analyze direct and transitive dependencies for known CVEs and recommends upgrade paths.

What security standards does this skill follow?

The Security Auditor skill primarily adheres to the OWASP Top 10 (2021+) standards, covering common web vulnerabilities like Injection, Broken Access Control, and SSRF.

How do I trigger a security scan in Claude Code?

You can trigger the skill by using phrases such as 'check security', 'security audit', 'find vulnerabilities', or 'проверь безопасность'.

Does it provide code to fix the issues it finds?

Yes, for every vulnerability identified, the skill provides a clear explanation of the attack vector and includes secure code snippets for implementation.

Security Auditor

Name: Security Auditor
Author: servitola

byservitola

•

セキュリティとテスト

Performs comprehensive security audits and vulnerability assessments based on OWASP Top 10 standards to secure application code.

The Security Auditor skill transforms Claude into an elite security consultant capable of conducting deep-dive vulnerability assessments. It systematically scans codebases for critical risks including SQL injection, cross-site scripting (XSS), broken authentication, and insecure cryptographic implementations. By analyzing data flows and trust boundaries, it provides a prioritized risk report with actionable remediation steps, secure code examples, and dependency analysis, making it an essential tool for hardening applications before they reach production.

主な機能

01OWASP Top 10 vulnerability scanning and mitigation

02Comprehensive data flow analysis and input validation checks

03Automated dependency analysis and npm audit integration

04Prioritized risk assessment from Critical to Low severity

0512 GitHub stars

06Detection of hardcoded secrets, API keys, and credentials

ユースケース

01Automated auditing of third-party dependencies for known CVEs

02Hardening authentication and authorization logic in sensitive modules

03Pre-deployment security reviews for web and API services

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add servitola/dotfiles security-auditor

For use in Claude.ai and ChatGPT

主な機能

01OWASP Top 10 vulnerability scanning and mitigation

02Comprehensive data flow analysis and input validation checks

03Automated dependency analysis and npm audit integration

04Prioritized risk assessment from Critical to Low severity

0512 GitHub stars

06Detection of hardcoded secrets, API keys, and credentials

ユースケース

01Automated auditing of third-party dependencies for known CVEs

02Hardening authentication and authorization logic in sensitive modules

03Pre-deployment security reviews for web and API services

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add servitola/dotfiles security-auditor

For use in Claude.ai and ChatGPT