Can it identify supply chain risks in my dependencies?

Yes, it includes specific patterns to detect typosquatting, dependency confusion, and red flags in install scripts for popular package managers like npm and pip.

What code quality metrics does it monitor?

The skill flags architectural issues such as high cyclomatic complexity (over 10), excessive nesting depth, and long functions to ensure the codebase remains maintainable.

How does this skill help with application security?

It uses the OWASP Top 10 framework to scan for vulnerabilities like SQL injection, XSS, and broken access control while providing 'Good vs Bad' code patterns for immediate remediation.

Does it cover infrastructure and container security?

Absolutely. The skill includes audits for Dockerfiles (root users, pinning), Docker Compose, and Cloud IAM policies to ensure least-privilege access and secure configurations.

Is it compatible with GitHub Actions?

Yes, it provides specific auditing patterns for GitHub Actions, focusing on pinning actions to commit SHAs and preventing secret leakage in logs.

Code Review Patterns & Security Audit

Name: Code Review Patterns & Security Audit
Author: Serendeep

bySerendeep

0•

보안 및 테스팅

Performs rigorous security audits and code quality reviews using OWASP standards, Clean Code principles, and supply chain integrity checks.

This skill equips Claude with a comprehensive framework for conducting high-quality code reviews, focusing on security vulnerabilities, maintainability, and infrastructure safety. It provides detailed reference materials for the OWASP Top 10, common injection patterns (SQL, XSS, Command), and software supply chain threats like typosquatting and dependency confusion. Beyond security, it enforces actionable metrics for cyclomatic complexity and Clean Code principles. Whether auditing Dockerfiles, IAM policies, or GitHub Actions, this skill ensures that every pull request meets enterprise-grade standards for safety, performance, and long-term maintainability.

주요 기능

01Infrastructure-as-Code (IaC) hardening for Docker and Cloud environments (AWS/GCP/Azure)

02Supply chain security audits for npm, PyPI, and Cargo dependencies

03CI/CD pipeline security checks for GitHub Actions and secret hygiene

04OWASP Top 10 vulnerability identification and remediation guidance

05Clean code metric analysis including cyclomatic and cognitive complexity thresholds

060 GitHub stars

사용 사례

01Hardening container and cloud configurations against common misconfigurations and SSRF

02Automated security auditing of new feature pull requests before deployment

03Refactoring legacy codebases to reduce technical debt and complexity

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add serendeep/dotfiles code-review-patterns

For use in Claude.ai and ChatGPT

주요 기능

01Infrastructure-as-Code (IaC) hardening for Docker and Cloud environments (AWS/GCP/Azure)

02Supply chain security audits for npm, PyPI, and Cargo dependencies

03CI/CD pipeline security checks for GitHub Actions and secret hygiene

04OWASP Top 10 vulnerability identification and remediation guidance

05Clean code metric analysis including cyclomatic and cognitive complexity thresholds

060 GitHub stars

사용 사례

01Hardening container and cloud configurations against common misconfigurations and SSRF

02Automated security auditing of new feature pull requests before deployment

03Refactoring legacy codebases to reduce technical debt and complexity