Does this skill require the GitHub CLI?

Yes, this skill utilizes the 'gh' CLI to fetch alerts directly from the GitHub API and to verify CI/CD status.

Can I use this for bulk remediation?

Absolutely. The skill includes logic to group alerts by rule ID and severity, allowing Claude to apply batch fixes for recurring issues across the entire repository.

What types of alerts can this skill handle?

It is designed to address a variety of CodeQL alerts, specifically focusing on stack trace exposure, SQL injection vulnerabilities, empty exception blocks, and unused local variables in Python and JavaScript/TypeScript.

Does it support structured logging?

Yes, it specifically promotes the use of structured logging (like structlog) to replace dangerous practices such as returning raw exception strings to users.

How does it ensure that security fixes don't break the build?

The workflow includes mandatory local verification steps, such as running 'pnpm build --force', 'pytest', and 'ruff check', to ensure all changes pass existing quality gates before committing.

GitHub Security Fixer

Name: GitHub Security Fixer
Author: bigandslow

bybigandslow

0•

보안 및 테스팅

Automates the identification, analysis, and remediation of GitHub CodeQL security alerts to maintain high code quality and security standards.

The GitHub Security Fixer skill enables Claude to systematically manage and resolve security vulnerabilities identified by GitHub's CodeQL analysis. It automates the end-to-end remediation workflow—from fetching open alerts via the GitHub API and grouping them by severity, to applying production-ready fixes for common issues like stack trace exposure, SQL injection patterns, and unused variables. By integrating automated linting with Ruff, structured logging with structlog, and rigorous local testing, this skill ensures that security patches are not only effective but also compliant with CI/CD requirements and documentation best practices.

주요 기능

01Standardized remediation patterns for Python, TypeScript, and JavaScript vulnerabilities

02Pre-commit verification workflows to ensure CI/CD pipeline success

03Automated GitHub CodeQL alert fetching and severity-based grouping

04Integration with Ruff and Mypy for automated linting and type-checking

05Structured logging implementation to prevent sensitive stack trace exposure

060 GitHub stars

사용 사례

01Rapidly resolving a backlog of security alerts during maintenance cycles

02Applying standardized error handling and logging across large monorepos

03Automating security debt reduction before major production releases

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add bigandslow/cproj github-security-fixer

For use in Claude.ai and ChatGPT

Download Skill