Security Fixer

About

The Security Fixer skill serves as an automated security engineer within Claude Code, specializing in the remediation of critical vulnerabilities across various programming languages and frameworks. It transforms security triage findings into production-ready patches using the unified diff format, ensuring that fixes are minimal, secure by default, and backward-compatible. By applying industry-standard patterns for SQL injection, cross-site scripting (XSS), and weak cryptography, this skill helps developers accelerate their remediation workflows while maintaining code quality and functional integrity through structured validation and testing guidance.

Key Features

• Defense-in-depth validation to ensure patches don't introduce new flaws
• 8 GitHub stars
• Comprehensive remediation patterns for SQLi, XSS, Path Traversal, and CSRF
• Cross-language support for Python, JavaScript/TypeScript, and Go
• Automated generation of unified diff patches for direct use with Git
• Refactoring support for moving hardcoded secrets to environment variables

Use Cases

• Refactoring legacy code to use modern, secure APIs and frameworks
• Remediating vulnerabilities identified by SAST or DAST security scanners
• Standardizing security patch formats for team-wide code reviews