Does it support secrets scanning?

Yes, it includes specialized workflows for identifying hardcoded secrets, API keys, and sensitive credentials using patterns similar to Gitleaks and TruffleHog.

Can this skill replace manual security reviews?

No, it is designed to complement them. While it automates SAST and dependency scans, the skill also provides a framework for manual deep-dives into business logic and authorization patterns where automated tools often fail.

Which security standards does this skill follow?

The Security Reviewer aligns with industry-standard frameworks including the OWASP Top 10, CWE, and CIS benchmarks for cloud and infrastructure security.

How are security findings reported?

It generates structured reports including an executive summary, a findings table with severity counts (Critical to Low), and specific file/line locations with remediation steps.

Security Reviewer

Name: Security Reviewer
Author: piotroq

bypiotroq

0•

보안 및 테스팅

Conducts comprehensive security audits and vulnerability assessments to identify and remediate code and infrastructure risks.

The Security Reviewer skill transforms Claude into a senior security analyst capable of performing deep-dive code audits, Static Application Security Testing (SAST), and infrastructure reviews. It utilizes a structured workflow—from initial attack surface mapping to final reporting—to uncover vulnerabilities such as SQL injection, XSS, and hardcoded secrets. Ideal for DevSecOps workflows and compliance readiness, this skill ensures security is integrated into the development lifecycle with actionable severity ratings and remediation guidance.

주요 기능

01Comprehensive infrastructure and cloud security assessments

02Manual deep-dive code review for logic flaws and authorization issues

03Detailed reporting with CVSS-aligned severity ratings and fixes

04Secrets detection to prevent exposure of credentials and API keys

050 GitHub stars

06Automated SAST and dependency vulnerability scanning

사용 사례

01Performing a pre-release security audit of a web application or API

02Conducting penetration testing and reconnaissance on cloud infrastructure

03Scanning repositories for hardcoded secrets and vulnerable dependencies

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add piotroq/adwokat-trzebnica-html-to-php-com security-reviewer

For use in Claude.ai and ChatGPT

Download Skill