Can it detect race conditions?

Yes, it specifically looks for TOCTOU (Time-of-Check to Time-of-Use) patterns which are common sources of race conditions in file-handling scripts.

Does it provide remediation advice?

Yes, every generated security audit report includes clear 'Before' and 'After' code examples to show you exactly how to fix the detected vulnerability.

What programming languages does this skill support?

While specifically optimized for shell scripts, it also provides scanning capabilities for Python code, dependency files (requirements.txt), and general environment configurations.

How are vulnerability severities determined?

The skill uses a severity mapper to categorize findings into Critical, High, and Medium buckets based on industry-standard CWE IDs and CVSS scores.

Security Auditor

Name: Security Auditor
Author: ribatshepo

byribatshepo

0•

Security & Testing

Audits shell scripts and Python code to identify and remediate security vulnerabilities and anti-patterns.

The Security Auditor skill provides a specialized automated workflow for scanning codebases—particularly shell scripts—for common security risks. It utilizes pattern-based detection to uncover critical vulnerabilities like TOCTOU race conditions, command injection, and symlink attacks, while offering remediation advice and severity mapping. By integrating this skill into your Claude Code workflow, you can ensure your scripts adhere to secure coding standards and protect against exploits like path traversal or unsafe environment variable usage.

Key Features

01Detection of TOCTOU (Time-of-Check to Time-of-Use) race conditions

02Identification of unsafe symlink following and temporary file creation

03Scanning for command and path injection vulnerabilities (CWE-78, CWE-22)

04Comprehensive audit reporting with actionable remediation steps

05Automated severity mapping with CVSS scores for prioritized fixing

060 GitHub stars

Use Cases

01Scanning Python dependencies for known CVEs and environment risks

02Performing a security review of legacy shell scripts before deployment

03Implementing a security-first audit pipeline for script-heavy repositories

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add ribatshepo/auto-orchestrate security-auditor

For use in Claude.ai and ChatGPT

Key Features

01Detection of TOCTOU (Time-of-Check to Time-of-Use) race conditions

02Identification of unsafe symlink following and temporary file creation

03Scanning for command and path injection vulnerabilities (CWE-78, CWE-22)

04Comprehensive audit reporting with actionable remediation steps

05Automated severity mapping with CVSS scores for prioritized fixing

060 GitHub stars

Use Cases

01Scanning Python dependencies for known CVEs and environment risks

02Performing a security review of legacy shell scripts before deployment

03Implementing a security-first audit pipeline for script-heavy repositories

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add ribatshepo/auto-orchestrate security-auditor

For use in Claude.ai and ChatGPT