What types of vulnerabilities does it detect?

It identifies OWASP Top 10 flaws, CWE weaknesses, exposed API keys/credentials, and known vulnerabilities (CVEs) in your software dependencies.

Does this replace manual security reviews?

While it provides comprehensive automated coverage and significantly speeds up the process, it is best used as a robust first line of defense alongside professional human oversight.

Can I run a security review on specific files or changes?

Yes, you can target specific directories, staged git changes using the --staged flag, or Pull Request diffs with the --pr flag.

How does the Security Review skill work?

It orchestrates three specialized agents—an Auditor, a Secrets Scanner, and a Dependency Checker—to run in parallel and provide a unified, synthesized security report.

Comprehensive Security Review

Name: Comprehensive Security Review
Author: melodic-software

bymelodic-software

•

Security & Testing

Conducts exhaustive security audits by orchestrating code analysis, secrets scanning, and dependency vulnerability checks in parallel.

This skill provides a centralized command for automated security validation within the Claude Code environment. By orchestrating three specialized security agents—the Security Auditor, Secrets Scanner, and Dependency Checker—it performs parallel analysis of source code for OWASP vulnerabilities, hardcoded credentials, and known CVEs. It is particularly effective for pre-commit checks, pull request reviews, and periodic security posture assessments, delivering a unified report with a prioritized remediation plan to ensure code safety and compliance.

Key Features

01Deep code analysis focusing on OWASP Top 10 and CWE weaknesses

02Synthesized reporting with executive summaries and prioritized remediation steps

0338 GitHub stars

04Automated identification of hardcoded secrets, API keys, and credentials

05Dependency auditing for known vulnerabilities and CVSS-scored CVEs

06Parallel orchestration of specialized security agents for maximum efficiency

Use Cases

01Periodic full-project security audits to maintain a high security posture

02Automated security reviews for Pull Requests to catch vulnerabilities before merging

03Pre-commit security scanning of staged changes to prevent sensitive data leaks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add melodic-software/claude-code-plugins review

For use in Claude.ai and ChatGPT

Download Skill