What security scanners are supported by this skill?

The skill supports popular security tools including Bandit for Python code analysis, Semgrep for general static analysis, and pip-audit or safety for dependency scanning.

Does this skill help with OWASP compliance?

Yes, it includes built-in guidance and checklists for the OWASP Top 10, helping developers mitigate risks like injection, broken access control, and sensitive data exposure.

How does this skill handle secret management?

It provides specific workflows for encrypting secrets and checking for leaked credentials in the codebase using tools like gitleaks during pre-commit checks.

When does the Security skill activate?

It auto-activates whenever security-related keywords are used, such as 'vulnerability', 'audit', 'encryption', 'OWASP', or when performing environment validations.

Security Compliance & Vulnerability Scanner

Name: Security Compliance & Vulnerability Scanner
Author: ByronWilliamsCPA

byByronWilliamsCPA

보안 및 테스팅

Automates security validation, vulnerability scanning, and compliance auditing to ensure secure software development cycles.

소개

This skill empowers Claude to perform deep security audits by integrating industry-standard tools directly into the development workflow. It provides automated workflows for environment validation, GPG/SSH key management, and secret encryption, while leveraging scanners like Bandit, Semgrep, and pip-audit to identify code-level vulnerabilities and dependency risks. By incorporating OWASP Top 10 considerations and rigorous pre-commit checklists, it ensures that security is a first-class citizen from the first line of code to the final release.

주요 기능

Dependency auditing with pip-audit and safety check for known CVEs
Secret encryption and management workflows to prevent data exposure
0 GitHub stars
Automated vulnerability scanning using Bandit and Semgrep static analysis
GPG and SSH environment validation for secure git signing
OWASP Top 10 compliance checking and remediation guidance

사용 사례

Conducting automated pre-commit security scans to catch vulnerabilities early
Configuring and validating secure development environments and key signing
Auditing project dependencies for security risks before a production release

소개

주요 기능

Dependency auditing with pip-audit and safety check for known CVEs
Secret encryption and management workflows to prevent data exposure
0 GitHub stars
Automated vulnerability scanning using Bandit and Semgrep static analysis
GPG and SSH environment validation for secure git signing
OWASP Top 10 compliance checking and remediation guidance

사용 사례

Conducting automated pre-commit security scans to catch vulnerabilities early
Configuring and validating secure development environments and key signing
Auditing project dependencies for security risks before a production release