Can it identify supply chain risks in my dependencies?

Yes, it includes specific patterns to detect typosquatting, dependency confusion, and red flags in install scripts for popular package managers like npm and pip.

What code quality metrics does it monitor?

The skill flags architectural issues such as high cyclomatic complexity (over 10), excessive nesting depth, and long functions to ensure the codebase remains maintainable.

How does this skill help with application security?

It uses the OWASP Top 10 framework to scan for vulnerabilities like SQL injection, XSS, and broken access control while providing 'Good vs Bad' code patterns for immediate remediation.

Does it cover infrastructure and container security?

Absolutely. The skill includes audits for Dockerfiles (root users, pinning), Docker Compose, and Cloud IAM policies to ensure least-privilege access and secure configurations.

Is it compatible with GitHub Actions?

Yes, it provides specific auditing patterns for GitHub Actions, focusing on pinning actions to commit SHAs and preventing secret leakage in logs.

Code Review Patterns & Security Audit

Name: Code Review Patterns & Security Audit
Author: Serendeep

bySerendeep

Security & Testing

Performs rigorous security audits and code quality reviews using OWASP standards, Clean Code principles, and supply chain integrity checks.

About

This skill equips Claude with a comprehensive framework for conducting high-quality code reviews, focusing on security vulnerabilities, maintainability, and infrastructure safety. It provides detailed reference materials for the OWASP Top 10, common injection patterns (SQL, XSS, Command), and software supply chain threats like typosquatting and dependency confusion. Beyond security, it enforces actionable metrics for cyclomatic complexity and Clean Code principles. Whether auditing Dockerfiles, IAM policies, or GitHub Actions, this skill ensures that every pull request meets enterprise-grade standards for safety, performance, and long-term maintainability.

Key Features

Infrastructure-as-Code (IaC) hardening for Docker and Cloud environments (AWS/GCP/Azure)
Supply chain security audits for npm, PyPI, and Cargo dependencies
CI/CD pipeline security checks for GitHub Actions and secret hygiene
OWASP Top 10 vulnerability identification and remediation guidance
Clean code metric analysis including cyclomatic and cognitive complexity thresholds
0 GitHub stars

Use Cases

Hardening container and cloud configurations against common misconfigurations and SSRF
Automated security auditing of new feature pull requests before deployment
Refactoring legacy codebases to reduce technical debt and complexity

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add serendeep/dotfiles code-review-patterns

For use in Claude.ai and ChatGPT

Download Skill

GitHub