Can this skill be used in CI/CD workflows?

While designed for Claude Code, its structured JSON output and script-based execution make it ideal for integration into automated security gates and deployment pipelines.

Does it provide actionable fixes?

Yes, every generated report includes a prioritized recommendation list to help developers address vulnerabilities based on their severity level.

What vulnerabilities does this skill detect?

It specifically scans for hardcoded secrets, credentials, command injection, path injection, and common security flaws aligned with the OWASP Top 10.

How is the security risk score calculated?

The skill uses a deterministic scoring system ranging from 0 to 10 based on the severity and exploitability of the detected patterns.

PopKit Security Assessment

Name: PopKit Security Assessment
Author: jrc1883

byjrc1883

0•

Security & Testing

Validates software security posture through automated secret scanning and OWASP-aligned vulnerability patterns.

The PopKit Security Assessment skill provides a comprehensive audit framework for identifying vulnerabilities within plugins and codebases. By leveraging automated scripts for secret detection and injection scanning, alongside machine-readable OWASP checklists, it offers a deterministic approach to software security. This skill is essential for developers who need to generate reproducible security reports, calculate risk scores, and ensure compliance with industry standards before code hits production.

Key Features

01JSON-based reporting with prioritized remediation steps

02Deterministic risk scoring and severity classification

03Automated secret and credential leak scanning

04OWASP Top 10 aligned security checklists

05Injection pattern detection for commands and paths

060 GitHub stars

Use Cases

01Benchmarking project security against OWASP standards

02Scanning source code for accidentally hardcoded API keys

03Performing a pre-release security audit on new plugins

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jrc1883/popkit-claude pop-assessment-security

For use in Claude.ai and ChatGPT

Download Skill