Does it scan for exposed secrets?

Yes, it identifies exposed .env files and potential hardcoded secrets, flagging them for rotation without logging the actual sensitive values.

What is the TDD validation feature?

For every vulnerability, the skill generates three tests: one to prove the vulnerability exists, one to verify the remediation logic, and one to confirm the issue is resolved.

Can it fix the vulnerabilities it finds?

Yes, it generates actual code patches, version bump commands, and configuration fixes rather than just providing general recommendations.

What types of reports are generated?

It produces two distinct reports: a detailed technical report for developers and a high-level executive summary for project stakeholders.

How does this skill detect vulnerabilities?

It scans manifest files, container definitions, and IaC templates, then cross-references findings with live security databases like OSV.dev, CISA KEV, and NVD.

Security Analyzer

Name: Security Analyzer
Author: Cornjebus

byCornjebus

•

Security & Testing

Performs deep security vulnerability scans and provides automated, test-driven remediation plans for dependencies and infrastructure.

About

The Security Analyzer skill empowers Claude to identify and mitigate vulnerabilities across your entire stack, from package dependencies and secrets exposure to container configurations and Infrastructure as Code (IaC). By integrating real-time threat intelligence from OSV.dev and CISA KEV, it calculates sophisticated risk scores and moves beyond mere reporting by generating actual code patches accompanied by Test-Driven Development (TDD) validation tests to ensure every security fix is effective and production-ready.

Key Features

IaC and container security analysis for Terraform, CloudFormation, and Docker
TDD validation scripts for verifying vulnerabilities and their fixes
Real-time CVE data integration from OSV.dev and CISA KEV
Full-stack dependency scanning for npm, pip, go, cargo, and gem
3 GitHub stars
Automated risk scoring based on exploitability, exposure, and criticality

Use Cases

Hardening cloud infrastructure configurations against common security misalignments
Performing a comprehensive pre-deployment security audit on microservices
Identifying and patching zero-day vulnerabilities in open-source libraries

About

Key Features

IaC and container security analysis for Terraform, CloudFormation, and Docker
TDD validation scripts for verifying vulnerabilities and their fixes
Real-time CVE data integration from OSV.dev and CISA KEV
Full-stack dependency scanning for npm, pip, go, cargo, and gem
3 GitHub stars
Automated risk scoring based on exploitability, exposure, and criticality

Use Cases

Hardening cloud infrastructure configurations against common security misalignments
Performing a comprehensive pre-deployment security audit on microservices
Identifying and patching zero-day vulnerabilities in open-source libraries