How do I run a manual scan on my existing code?

The skill includes an automation script that can be run via the command line to perform a full project scan with optional JSON reporting and severity-based failure flags.

Does this skill interfere with my coding workflow?

No, it runs silently in the background during the code generation process and only alerts you if a critical security issue cannot be automatically fixed.

Can it fix security issues automatically?

Yes, it provides automated fixes for several common problems, such as converting raw SQL to parameterized queries and moving exposed secrets to environment variables.

What kind of vulnerabilities can it detect?

It checks for common OWASP Top 10 risks including SQL injection, hardcoded secrets, insecure authentication, lack of input validation, and missing security headers.

Automated OWASP Security Check

Name: Automated OWASP Security Check
Author: timequity

bytimequity

Security & Testing

Automates OWASP-aligned security audits and vulnerability remediation on all AI-generated code.

About

This skill acts as a silent guardian for your codebase, automatically performing comprehensive OWASP security validations every time Claude generates code. It proactively scans for common vulnerabilities such as SQL injection, hardcoded secrets, and improper authentication patterns, offering automated fixes for identified risks. By integrating directly into the generation pipeline, it ensures that security is never an afterthought, blocking only the most critical unfixable issues while silently hardening your application's security posture in the background.

Key Features

0 GitHub stars
Integrated CLI tool for manual project-wide security audits
Automated OWASP vulnerability scanning on every code generation
Comprehensive checks for authentication, authorization, and data exposure
Silent background execution for a seamless developer experience
Real-time remediation for issues like raw SQL and exposed secrets

Use Cases

Enforcing consistent security headers and session management patterns across microservices
Validating AI-generated backend logic to prevent SQL injection and unsafe code execution
Scanning new features for hardcoded API keys or sensitive data exposure before commits

About

Key Features

0 GitHub stars
Integrated CLI tool for manual project-wide security audits
Automated OWASP vulnerability scanning on every code generation
Comprehensive checks for authentication, authorization, and data exposure
Silent background execution for a seamless developer experience
Real-time remediation for issues like raw SQL and exposed secrets

Use Cases

Enforcing consistent security headers and session management patterns across microservices
Validating AI-generated backend logic to prevent SQL injection and unsafe code execution
Scanning new features for hardcoded API keys or sensitive data exposure before commits