Which languages are supported for dependency scanning?

The skill currently supports major package managers for Python (requirements.txt, pyproject.toml, setup.py) and Node.js (package.json, package-lock.json).

Where are the security findings saved?

By default, security findings and documentation are saved to a 'security-notes/' directory in your project root, though custom locations can be specified.

What types of vulnerabilities does it detect?

It scans for a wide range of issues including SQL injection, command injection, path traversal, sensitive data exposure, and insecure deserialization.

Is the PoC generation safe to use?

PoC generation is an experimental feature intended for research and remediation testing; it should always be used responsibly within controlled, non-production environments.

Can I use this for CI/CD workflows?

Yes, the skill includes specialized commands like 'analyze-github-pr' designed to work with GitHub Actions for automated pull request security reviews.

Security Reviewer

Name: Security Reviewer
Author: KvFxKaido

byKvFxKaido

Security & Testing

Performs comprehensive security audits, vulnerability scans, and proof-of-concept generation using the Gemini security extension.

About

This skill empowers Claude to conduct deep security analysis of your codebase by leveraging Gemini's specialized security tools. It can scan project dependencies for known CVEs, analyze branch diffs for injection flaws or privacy violations, and generate experimental proof-of-concept scripts to validate findings. Ideal for developers wanting to shift security left, it documents all vulnerabilities in a structured format and integrates seamlessly into both local development workflows and automated GitHub PR reviews.

Key Features

0 GitHub stars
Automated security reviews for GitHub Pull Requests via CI/CD
Dependency scanning for known CVEs in Python and Node.js projects
Structured security documentation and automated finding logs
Branch analysis to identify injection flaws and authentication issues
Experimental Proof-of-Concept (PoC) generation for vulnerability validation

Use Cases

Validating potential path traversal or command injection risks with PoC scripts
Scanning third-party dependencies for high-risk security flaws and CVEs
Auditing a new feature branch for vulnerabilities before merging a Pull Request

About

Key Features

0 GitHub stars
Automated security reviews for GitHub Pull Requests via CI/CD
Dependency scanning for known CVEs in Python and Node.js projects
Structured security documentation and automated finding logs
Branch analysis to identify injection flaws and authentication issues
Experimental Proof-of-Concept (PoC) generation for vulnerability validation

Use Cases

Validating potential path traversal or command injection risks with PoC scripts
Scanning third-party dependencies for high-risk security flaws and CVEs
Auditing a new feature branch for vulnerabilities before merging a Pull Request