What languages does the Security Scanner support?

It supports a wide range of popular languages including Python, JavaScript, Java, and Go, along with specialized scanning for configuration files like YAML, Terraform, and Dockerfiles.

Can it detect hardcoded API keys?

Yes, it utilizes high-entropy detection and pattern matching to identify AWS keys, GitHub tokens, Slack webhooks, private keys, and other sensitive credentials.

How does this skill save on token costs?

By offloading the scanning logic to optimized local Python scripts, it reduces token consumption by approximately 70% compared to asking the LLM to manually analyze every file.

Does it provide remediation advice?

Yes, every vulnerability report includes CWE references and specific remediation guidance to help developers fix security issues immediately.

Does it integrate with CI/CD pipelines?

Absolutely. The skill features a dedicated CI mode that can be configured to fail builds based on specific severity thresholds, such as blocking releases with 'Critical' vulnerabilities.

Security Scanner

Name: Security Scanner
Author: nikhillinit

bynikhillinit

보안 및 테스팅

Performs automated security audits, secret detection, and vulnerability scanning across codebases, containers, and infrastructure.

소개

The Security Scanner skill empowers Claude to identify and mitigate critical security risks within your development workflow. It provides a multi-layered defense strategy by combining Static Application Security Testing (SAST), real-time secret detection, OWASP Top 10 compliance checks, and Infrastructure as Code (IaC) validation. Whether you are conducting a pre-commit audit, scanning Docker containers, or verifying cloud configurations, this skill automates the detection of vulnerabilities and hardcoded credentials, providing actionable remediation guidance to ensure production-grade security and compliance.

주요 기능

Comprehensive SAST and OWASP Top 10 vulnerability detection
High-entropy secret and credential scanning for API keys and tokens
Infrastructure as Code (IaC) validation for Terraform, CloudFormation, and K8s
Container security auditing for Dockerfiles and image configurations
Dependency vulnerability analysis with CVE matching and license checks
0 GitHub stars

사용 사례

Validating cloud infrastructure configurations against CIS benchmarks and compliance frameworks
Running automated security gates during CI/CD pipelines to block vulnerable code
Auditing legacy repositories for hardcoded secrets and outdated dependencies

소개

주요 기능

Comprehensive SAST and OWASP Top 10 vulnerability detection
High-entropy secret and credential scanning for API keys and tokens
Infrastructure as Code (IaC) validation for Terraform, CloudFormation, and K8s
Container security auditing for Dockerfiles and image configurations
Dependency vulnerability analysis with CVE matching and license checks
0 GitHub stars

사용 사례

Validating cloud infrastructure configurations against CIS benchmarks and compliance frameworks
Running automated security gates during CI/CD pipelines to block vulnerable code
Auditing legacy repositories for hardcoded secrets and outdated dependencies