What types of vulnerabilities does this skill detect?

The skill detects OWASP Top 10 vulnerabilities including XSS, SQL injection, broken access control, hardcoded secrets (API keys/AWS tokens), and unsafe Next.js configurations.

Does it support React and Next.js security patterns?

Yes, it specifically monitors for React-specific risks like dangerouslySetInnerHTML and ensures Next.js Server Actions use proper data validation.

Does it provide suggestions on how to fix security issues?

Yes, every detected vulnerability includes a risk explanation and a specific code snippet showing how to remediate the issue using best practices.

Is this a replacement for professional penetration testing?

No. This is a static analysis tool for rapid development cycles. While it catches common errors, it should be used alongside runtime testing and professional audits.

Can I scan specific parts of my project?

Absolutely. You can define the scan scope to include only the frontend, the backend, a specific file, or the entire project directory.

Security Scanner

Name: Security Scanner
Author: physics91

byphysics91

セキュリティとテスト

Identifies OWASP Top 10 vulnerabilities, hardcoded secrets, and XSS risks to ensure codebase security and compliance.

概要

The Security Scanner skill is a specialized auditing tool for Claude Code that automates the detection of critical web application vulnerabilities. By aligning with OWASP Top 10 standards, it systematically analyzes code for XSS injections, hardcoded API keys, authentication failures, and unsafe data handling. It provides developers with a structured vulnerability report categorized by severity, complete with actionable remediation steps and code examples to secure frontend and backend implementations before they reach production.

主な機能

Categorized security reports with CRITICAL to LOW severity levels
0 GitHub stars
Specific security rules for Next.js Server Actions and React components
Automated scanning for hardcoded secrets and API keys
OWASP Top 10 vulnerability detection including XSS and SQLi
Customizable scan scopes for frontend, backend, or full-project audits

ユースケース

Auditing pull requests for accidentally committed credentials or tokens
Hardening web applications against Cross-Site Scripting (XSS) and CSRF
Conducting pre-production security reviews to prevent data breaches

概要

主な機能

Categorized security reports with CRITICAL to LOW severity levels
0 GitHub stars
Specific security rules for Next.js Server Actions and React components
Automated scanning for hardcoded secrets and API keys
OWASP Top 10 vulnerability detection including XSS and SQLi
Customizable scan scopes for frontend, backend, or full-project audits

ユースケース

Auditing pull requests for accidentally committed credentials or tokens
Hardening web applications against Cross-Site Scripting (XSS) and CSRF
Conducting pre-production security reviews to prevent data breaches