What is included in the security report?

The skill generates a markdown report containing an executive summary, a breakdown of findings by severity (Critical to Low), and prioritized remediation recommendations.

Can it identify specific web vulnerabilities?

Yes, the manual audit protocol is designed to detect OWASP Top 10 risks such as SQL injection, XSS, broken access control, and insecure deserialization.

How does the secret detection mechanism work?

The skill uses PreToolUse hooks to automatically scan content for API keys, tokens, and private keys using regex patterns before any file is written or edited.

Which files are protected by this skill?

The skill monitors and warns against the modification of critical files including package-lock.json, poetry.lock, .env files, and Git internal directories.

Auditing & Security

Name: Auditing & Security
Author: Git-Fg

byGit-Fg

•

Security & Testing

Scans code for sensitive secrets and performs comprehensive security audits to prevent vulnerabilities and data leaks.

The Auditing & Security skill transforms Claude into a proactive security auditor, providing essential safeguards during the development lifecycle. It features automated hooks that scan for exposed API keys, tokens, and private keys whenever code is edited, while simultaneously protecting sensitive files like environment variables and dependency lock files from accidental modification. Beyond automated checks, it implements a rigorous manual audit protocol to detect OWASP Top 10 vulnerabilities, command injection vectors, and security anti-patterns, culminating in a structured report with prioritized remediation steps.

Key Features

01Automated secret detection for API keys, tokens, and private keys

02Detection of security anti-patterns and unsafe code execution

031 GitHub stars

04Protective warnings for sensitive files like .env and lock files

05Structured security reporting with severity-ranked findings

06Comprehensive OWASP Top 10 vulnerability scanning

Use Cases

01Auditing legacy projects for hardcoded credentials and outdated practices

02Verifying the security of code changes before committing to a repository

03Protecting critical configuration files from accidental corruption or exposure

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add git-fg/thecattoolkit auditing-security

For use in Claude.ai and ChatGPT

Download Skill