How does the security scanner find hardcoded secrets?

It uses advanced pattern matching and Grep-based regex searches to identify common API key formats for services like AWS, GitHub, Slack, and Stripe, as well as private keys and database strings.

Which programming languages does this skill support?

It is largely language-agnostic, using pattern matching for source code and standard package manager audit tools like npm audit, pip-audit, and cargo audit for dependency checks.

Does this replace manual security reviews?

While highly effective at catching common flaws and patterns, it is best used as an automated first line of defense within your SDLC alongside professional security audits.

Can it fix the vulnerabilities it finds?

Yes, the skill provides specific auto-fix suggestions and code refactors for common issues like SQL injection, XSS, and insecure cryptographic implementations.

Security Scanner & Vulnerability Auditor

Name: Security Scanner & Vulnerability Auditor
Author: GLINCKER

byGLINCKER

•

보안 및 테스팅

Conducts automated security audits to identify vulnerabilities, hardcoded secrets, and OWASP Top 10 risks in your codebase.

The Security Scanner skill empowers Claude to act as an automated security engineer within your development environment. It systematically scans your repository for critical security flaws including exposed API keys, SQL injection points, and cross-site scripting (XSS) vulnerabilities. By leveraging integrated tools like Grep and shell-based dependency auditors, it provides a comprehensive report of risks—categorized by severity—alongside actionable auto-fix suggestions and secure coding patterns to ensure your application meets production-grade security standards.

주요 기능

01Integration with dependency audit tools like npm, pip, and cargo

0214 GitHub stars

03Actionable auto-fix suggestions and secure refactoring patterns

04Deep scanning for SQL, OS Command, and XSS injection vulnerabilities

05Comprehensive OWASP Top 10 compliance reporting with severity categorization

06Automated detection of hardcoded secrets and API keys (AWS, GitHub, Slack, etc.)

사용 사례

01Running a pre-commit security check to prevent sensitive data leaks in repositories

02Performing a comprehensive OWASP Top 10 audit before a production release

03Identifying and remediating vulnerable third-party dependencies in legacy projects

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add glincker/claude-code-marketplace security

For use in Claude.ai and ChatGPT

Download Skill