What languages does the Security Scanner support?

It supports a wide range of popular languages including Python, JavaScript, Java, and Go, along with specialized scanning for configuration files like YAML, Terraform, and Dockerfiles.

Can it detect hardcoded API keys?

Yes, it utilizes high-entropy detection and pattern matching to identify AWS keys, GitHub tokens, Slack webhooks, private keys, and other sensitive credentials.

How does this skill save on token costs?

By offloading the scanning logic to optimized local Python scripts, it reduces token consumption by approximately 70% compared to asking the LLM to manually analyze every file.

Does it provide remediation advice?

Yes, every vulnerability report includes CWE references and specific remediation guidance to help developers fix security issues immediately.

Does it integrate with CI/CD pipelines?

Absolutely. The skill features a dedicated CI mode that can be configured to fail builds based on specific severity thresholds, such as blocking releases with 'Critical' vulnerabilities.

Security Scanner

Name: Security Scanner
Author: nikhillinit

bynikhillinit

0•

セキュリティとテスト

Performs automated security audits, secret detection, and vulnerability scanning across codebases, containers, and infrastructure.

The Security Scanner skill empowers Claude to identify and mitigate critical security risks within your development workflow. It provides a multi-layered defense strategy by combining Static Application Security Testing (SAST), real-time secret detection, OWASP Top 10 compliance checks, and Infrastructure as Code (IaC) validation. Whether you are conducting a pre-commit audit, scanning Docker containers, or verifying cloud configurations, this skill automates the detection of vulnerabilities and hardcoded credentials, providing actionable remediation guidance to ensure production-grade security and compliance.

主な機能

01Comprehensive SAST and OWASP Top 10 vulnerability detection

02High-entropy secret and credential scanning for API keys and tokens

03Infrastructure as Code (IaC) validation for Terraform, CloudFormation, and K8s

04Container security auditing for Dockerfiles and image configurations

05Dependency vulnerability analysis with CVE matching and license checks

060 GitHub stars

ユースケース

01Validating cloud infrastructure configurations against CIS benchmarks and compliance frameworks

02Running automated security gates during CI/CD pipelines to block vulnerable code

03Auditing legacy repositories for hardcoded secrets and outdated dependencies

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add nikhillinit/updog_restore workflow-engine

For use in Claude.ai and ChatGPT

Download Skill