Can it detect hardcoded API keys?

Yes, it includes specific detection patterns and commands to identify exposed secrets, tokens, and private keys within your codebase and git history.

Is this suitable for production environments?

Yes, it is specifically designed to be used during the verification phase of the software development lifecycle to block deployments containing critical security flaws.

Does it provide remediation advice?

For every identified vulnerability, the skill provides secure code examples and best practices to help developers implement immediate and effective fixes.

How does this skill help with OWASP compliance?

It provides a structured checklist and code examples for all 10 OWASP categories, including injection, broken access control, and cross-site scripting (XSS).

What programming languages are supported?

While many examples are in JavaScript/Node.js, the security principles, checklists, and scanning patterns are applicable across most modern programming languages and frameworks.

Security Reviewer

Name: Security Reviewer
Author: mnthe

bymnthe

•

Security & Testing

Analyzes code for OWASP Top 10 vulnerabilities, secrets exposure, and insecure implementation patterns to ensure production-grade security.

The Security Reviewer skill provides a comprehensive security audit framework for Claude Code, enabling agents to detect and remediate critical vulnerabilities. It follows the OWASP Top 10 guidelines to identify issues such as SQL injection, broken authentication, and sensitive data exposure. By providing standardized checklists, secure code patterns, and severity-based classification, it helps developers harden their applications, secure API endpoints, and prevent credential leakage before code reaches production.

Key Features

01Vulnerability severity classification and emergency response protocols

022 GitHub stars

03Secure authentication and authorization implementation reviews

04OWASP Top 10 compliance checklists and remediation guidance

05Input validation, sanitization, and injection prevention patterns

06Automated secrets, API key, and credential exposure detection

Use Cases

01Reviewing authentication logic and API endpoints for broken access control

02Scanning repositories for hardcoded secrets and sensitive environment variables

03Performing pre-deployment security audits for production-ready releases

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mnthe/hardworker-marketplace security-review

For use in Claude.ai and ChatGPT

Download Skill