Can this skill fix security issues automatically?

Yes, it provides auto-fix suggestions to convert plain-text values to secret references and adds missing scopes to sensitive components.

Does it support cloud-specific security features?

Yes, it specifically flags connection strings in favor of Azure Managed Identity and checks for mTLS and ACL compliance.

How does the Dapr Security Scanner identify hardcoded secrets?

It scans value fields in component YAMLs for patterns matching passwords, tokens, and keys, recommending the use of secretKeyRef instead.

When should I run the security scan?

It is best used whenever component files are modified, during code reviews, or as a final check before production deployment.

Dapr Security Scanner

Name: Dapr Security Scanner
Author: Sahib-Sawhney-WH

bySahib-Sawhney-WH

•

Security & Testing

Audits Dapr component configurations for security vulnerabilities, hardcoded secrets, and compliance with infrastructure best practices.

About

The Dapr Security Scanner skill empowers developers to proactively secure their distributed applications by identifying high-risk configurations in Dapr component YAML files. It automatically detects plain-text secrets, missing access control lists (ACLs), and unencrypted communication settings, while providing actionable recommendations like migrating to managed identities or secret store references. Whether used during local development or integrated into CI/CD pipelines, this skill ensures that microservices infrastructure remains resilient and compliant with production-grade security standards.

Key Features

Integrated auto-fix suggestions for common configuration errors
Validation of component scopes and secret store references
Audit of mTLS settings, ACL configurations, and resiliency policies
Recommendations for Azure Managed Identity and secure connection strings
Automated plain-text secret and hardcoded credential detection
3 GitHub stars

Use Cases

Automating security compliance checks in CI/CD pipelines
Pre-deployment security audits for Dapr microservices
Real-time configuration linting during component YAML modification

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add sahib-sawhney-wh/sahibs-claude-plugin-marketplace security-scanner

For use in Claude.ai and ChatGPT

Download Skill

GitHub