Can it detect leaked API keys in my code?

Yes, it specifically scans for exposed secrets, tokens, and API keys, providing immediate warnings and instructions on how to properly use environment variables or secret managers.

When is the best time to invoke this skill?

It should be used whenever you are handling user input, modifying authentication or payment logic, working with sensitive data, or performing database operations.

Is it based on industry security standards?

Absolutely. The skill maps its findings to specific CWE (Common Weakness Enumeration) identifiers and OWASP Top 10 categories to ensure professional-grade reporting.

Does it provide code fixes for the issues it finds?

Yes, for every vulnerability detected, the skill provides a 'Secure Fix' example, an explanation of the remediation approach, and an estimate of the effort required to fix it.

What types of vulnerabilities does this skill detect?

It identifies a wide range of issues including SQL and NoSQL injection, XSS, CSRF, insecure authentication, hardcoded secrets, cryptographic weaknesses, and API security misconfigurations.

Security Pattern Check

Name: Security Pattern Check
Author: kjgarza

bykjgarza

Security & Testing

Identifies security vulnerabilities and anti-patterns to provide senior-level feedback on code safety and compliance.

About

The Security Pattern Check skill acts as an automated security auditor within the Claude Code environment, scanning your codebase for critical vulnerabilities and architectural anti-patterns. It evaluates code against the OWASP Top 10 and CWE standards, identifying risks such as SQL injection, broken authentication, and hardcoded secrets. Designed for senior-level oversight, it provides not only immediate alerts but also detailed risk assessments, exploit scenarios, and actionable remediation steps with secure code examples to ensure production-grade safety.

Key Features

Actionable remediation guidance with secure code comparisons and fix-effort estimates.
0 GitHub stars
Detailed risk assessments with severity levels, exploitability scores, and impact analysis.
Real-time detection of hardcoded secrets, API keys, and insecure data storage practices.
Automated compliance mapping to industry standards like CWE and PCI DSS.
Comprehensive scanning for OWASP Top 10 vulnerabilities including SQLi, XSS, and CSRF.

Use Cases

Reviewing authentication and authorization logic before merging sensitive PRs.
Scanning legacy codebases for outdated cryptographic methods and hardcoded credentials.
Auditing API endpoints for input validation, rate limiting, and data exposure risks.

About

Key Features

Actionable remediation guidance with secure code comparisons and fix-effort estimates.
0 GitHub stars
Detailed risk assessments with severity levels, exploitability scores, and impact analysis.
Real-time detection of hardcoded secrets, API keys, and insecure data storage practices.
Automated compliance mapping to industry standards like CWE and PCI DSS.
Comprehensive scanning for OWASP Top 10 vulnerabilities including SQLi, XSS, and CSRF.

Use Cases

Reviewing authentication and authorization logic before merging sensitive PRs.
Scanning legacy codebases for outdated cryptographic methods and hardcoded credentials.
Auditing API endpoints for input validation, rate limiting, and data exposure risks.