Does this skill modify my code to fix vulnerabilities?

No, this is a read-only analysis tool. It identifies risks and provides remediation advice, but it never modifies your source code directly.

How does it handle false positives in security reports?

The skill includes a validation step where findings are analyzed in context to eliminate obvious false positives, such as dummy passwords found in test files.

Which programming languages does the Security Scan skill support?

The skill automatically detects and scans projects written in Python, JavaScript, TypeScript, Go, Java, PHP, and Ruby, adapting its patterns to the detected language.

Can I scan a specific subdirectory instead of the whole project?

Yes, you can limit the scan to a specific folder by providing an optional path, for example: /security-scan ./src/backend.

Security Scan

Name: Security Scan
Author: eroslifestyle

byeroslifestyle

0•

보안 및 테스팅

Conducts comprehensive OWASP-style security audits to identify and remediate vulnerabilities within your codebase.

The Security Scan skill empowers developers to proactively secure their applications by performing automated, multi-language vulnerability assessments based on OWASP guidelines. By scanning for critical issues like hardcoded secrets, SQL injection, and cross-site scripting (XSS), it provides a prioritized findings report with actionable remediation steps. It leverages parallel processing for efficiency and integrates with local security rules to ensure a thorough, context-aware analysis of your project's security posture without modifying your source code.

주요 기능

01Dependency analysis for insecure or unpinned package versions

02Parallelized Grep scanning for hardcoded secrets, SQLi, and XSS

03Customizable rules via local security.md configuration files

04Detailed reporting with severity levels and actionable code snippets

05Automated OWASP-style vulnerability detection across multiple languages

060 GitHub stars

사용 사례

01Automating routine security checks during the development lifecycle

02Auditing legacy repositories or third-party code for hidden risks

03Pre-release security audits to catch vulnerabilities before deployment

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add eroslifestyle/claude-orchestrator-plugin security-scan

For use in Claude.ai and ChatGPT

주요 기능

01Dependency analysis for insecure or unpinned package versions

02Parallelized Grep scanning for hardcoded secrets, SQLi, and XSS

03Customizable rules via local security.md configuration files

04Detailed reporting with severity levels and actionable code snippets

05Automated OWASP-style vulnerability detection across multiple languages

060 GitHub stars

사용 사례

01Automating routine security checks during the development lifecycle

02Auditing legacy repositories or third-party code for hidden risks

03Pre-release security audits to catch vulnerabilities before deployment

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add eroslifestyle/claude-orchestrator-plugin security-scan

For use in Claude.ai and ChatGPT