How does the dependency audit work?

The skill parses files like requirements.txt or package.json and runs them against known CVE databases using tools like pip-audit and npm audit.

Does it provide code fixes for identified issues?

Yes, every finding includes a description of the risk, specific remediation steps, and code examples for implementing the fix.

What languages are supported for security analysis?

While secrets detection is language-agnostic, the skill includes specialized logic and tools for Python and JavaScript/Node.js projects.

Can this skill find leaked API keys?

Yes, it uses advanced regex patterns to identify accidentally committed keys for AWS, Stripe, GCP, and other common service providers.

Security Scanning

Name: Security Scanning
Author: eyadsibai

byeyadsibai

0•

보안 및 테스팅

Performs automated security audits to detect hardcoded secrets, OWASP vulnerabilities, and insecure dependency versions in codebases.

The Security Scanning skill transforms Claude into an automated security auditor, enabling deep analysis of codebases for critical risks such as exposed API keys, SQL injection, and vulnerable dependencies. It leverages specialized search patterns and dependency auditing tools to identify security anti-patterns and OWASP Top 10 vulnerabilities, providing developers with clear severity ratings and actionable remediation steps to strengthen their application's security posture before deployment.

주요 기능

01Automated secrets and credential detection for API keys and tokens

020 GitHub stars

03OWASP Top 10 vulnerability scanning (XSS, SQLi, Command Injection)

04Identification of weak cryptographic patterns and insecure defaults

05Comprehensive remediation guidance with severity classification

06Dependency auditing for Python (pip-audit) and Node.js (npm audit)

사용 사례

01Auditing third-party dependencies for known CVEs and outdated packages

02Identifying cross-site scripting (XSS) or SQL injection risks in web application code

03Scanning a repository for hardcoded credentials or private keys before a public release

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add eyadsibai/ltk security-scanning

For use in Claude.ai and ChatGPT

Download Skill