Can it handle multiple vulnerability findings at once?

Yes, it can process multiple findings by creating separate, consistently formatted patches for each occurrence to ensure clean version control history.

How does it ensure the fixes don't break existing functionality?

The skill follows core principles of minimal changes and backward compatibility, ensuring API contracts are maintained and providing testing guidance for regression verification.

Which programming languages are supported?

The skill includes specific expertise and library recommendations for Python, JavaScript/TypeScript, and Go, though it can apply general secure coding principles to most languages.

Does the skill provide patches in a standard format?

Yes, it generates patches in the unified diff format, making them fully compatible with 'git apply' and standard code review workflows.

What types of vulnerabilities can this skill fix?

It can remediate a wide range of common security issues including SQL injection, Cross-Site Scripting (XSS), Path Traversal, CSRF, hardcoded secrets, and weak cryptography.

Security Fixer

Name: Security Fixer
Author: jpoley

byjpoley

•

Security & Testing

Generates production-grade security patches and remediates vulnerabilities like SQL injection, XSS, and hardcoded secrets using secure coding patterns.

The Security Fixer skill empowers Claude to act as an expert security engineer, automating the remediation of critical vulnerabilities while maintaining code integrity. It specializes in generating minimal, backward-compatible unified diff patches that adhere to defense-in-depth principles. By utilizing framework-specific secure patterns and industry-standard libraries, it ensures that codebases are protected against common threats like SQL injection, cross-site scripting (XSS), and insecure deserialization without introducing regressions or leaking sensitive information in error logs.

Key Features

01Upgrading weak cryptographic algorithms to modern, high-entropy standards

02Automated generation of unified diff patches for seamless Git integration

035 GitHub stars

04Remediation of OWASP Top 10 vulnerabilities including SQLi, XSS, and CSRF

05Secure replacement of hardcoded secrets with environment variable patterns

06Language-specific security pattern implementation for Python, JavaScript, and Go

Use Cases

01Generating verified security patches during rapid incident response cycles

02Remediating security findings from SAST/DAST tools or bug bounty reports

03Refactoring legacy code to use modern, secure framework-specific APIs

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jpoley/flowspec security-fixer

For use in Claude.ai and ChatGPT