Can it detect hardcoded API keys?

Yes, it includes specific detection patterns and commands to identify exposed secrets, tokens, and private keys within your codebase and git history.

Is this suitable for production environments?

Yes, it is specifically designed to be used during the verification phase of the software development lifecycle to block deployments containing critical security flaws.

Does it provide remediation advice?

For every identified vulnerability, the skill provides secure code examples and best practices to help developers implement immediate and effective fixes.

How does this skill help with OWASP compliance?

It provides a structured checklist and code examples for all 10 OWASP categories, including injection, broken access control, and cross-site scripting (XSS).

What programming languages are supported?

While many examples are in JavaScript/Node.js, the security principles, checklists, and scanning patterns are applicable across most modern programming languages and frameworks.

Security Reviewer

Name: Security Reviewer
Author: mnthe

bymnthe

•

Security & Testing

Analyzes code for OWASP Top 10 vulnerabilities, secrets exposure, and insecure implementation patterns to ensure production-grade security.

About

The Security Reviewer skill provides a comprehensive security audit framework for Claude Code, enabling agents to detect and remediate critical vulnerabilities. It follows the OWASP Top 10 guidelines to identify issues such as SQL injection, broken authentication, and sensitive data exposure. By providing standardized checklists, secure code patterns, and severity-based classification, it helps developers harden their applications, secure API endpoints, and prevent credential leakage before code reaches production.

Key Features

Vulnerability severity classification and emergency response protocols
2 GitHub stars
Secure authentication and authorization implementation reviews
OWASP Top 10 compliance checklists and remediation guidance
Input validation, sanitization, and injection prevention patterns
Automated secrets, API key, and credential exposure detection

Use Cases

Reviewing authentication logic and API endpoints for broken access control
Scanning repositories for hardcoded secrets and sensitive environment variables
Performing pre-deployment security audits for production-ready releases

About

Key Features

Vulnerability severity classification and emergency response protocols
2 GitHub stars
Secure authentication and authorization implementation reviews
OWASP Top 10 compliance checklists and remediation guidance
Input validation, sanitization, and injection prevention patterns
Automated secrets, API key, and credential exposure detection

Use Cases

Reviewing authentication logic and API endpoints for broken access control
Scanning repositories for hardcoded secrets and sensitive environment variables
Performing pre-deployment security audits for production-ready releases