How does it handle the OWASP Top 10?

It provides specific code patterns, detection scripts, and secure alternatives for major vulnerabilities like SQL Injection, XSS, and Broken Access Control.

Can it audit my server configurations?

Yes, it includes checklists for security headers (HSTS, CSP, X-Frame-Options) and common web framework misconfigurations.

Does this skill support multiple programming languages?

Yes, it includes detection patterns and tool configurations for JavaScript, Python, Java, PHP, and Ruby on Rails.

Can it help me find hardcoded secrets?

Yes, it provides methodologies for using tools like Gitleaks and TruffleHog to detect API keys, tokens, and PEM files in your repository.

Vulnerability Detection & Security Audit

Name: Vulnerability Detection & Security Audit
Author: cyperx84

bycyperx84

•

セキュリティとテスト

Identifies and remediates security vulnerabilities across application code, dependencies, and infrastructure using systematic assessment methodologies.

概要

This skill transforms Claude into a security expert focused on comprehensive vulnerability detection and risk assessment. It provides a structured framework for auditing applications, covering everything from initial reconnaissance and automated scanning with tools like Semgrep and Snyk to deep manual code reviews based on the OWASP Top 10. Whether you are securing authentication flows, preventing SQL injection, or scanning for hardcoded secrets, this skill provides the specific detection patterns and remediation strategies necessary to harden production environments and prevent exploits.

主な機能

Secret detection for hardcoded API keys and credentials
OWASP Top 10 identification including SQLi, XSS, and CSRF
2 GitHub stars
Static Analysis Security Testing (SAST) integration patterns
Security configuration auditing for CORS and HSTS headers
Automated dependency scanning workflows for Node.js and Python

ユースケース

Conducting a comprehensive security audit of a legacy codebase
Remediating broken access control and insecure direct object references
Automating security checks within a CI/CD pipeline or PR review