Can this skill replace a professional security audit?

While highly effective for identifying common vulnerabilities and following best practices during development, it is intended as a safety check and should complement, not replace, professional manual audits.

Does it detect hard-coded secrets?

Yes, one of its primary functions is to identify hard-coded credentials, API keys, and sensitive data that might be accidentally exposed in code or log files.

How does the skill prioritize security findings?

Findings are categorized into High, Medium, and Low severity based on their potential impact on system integrity and the ease of exploitation.

Which programming frameworks are supported?

The skill is language-agnostic and context-aware, providing specific guidance for popular frameworks like Express (Node.js), FastAPI (Python), Spring (Java), and Ruby on Rails.

Security Reviewer

Name: Security Reviewer
Author: k1lgor

byk1lgor

0•

Security & Testing

Identifies security vulnerabilities and provides practical, framework-specific remediation strategies to ensure code safety.

The Security Reviewer skill transforms Claude into a security-focused engineer capable of auditing codebases for critical vulnerabilities like SQL injection, broken authentication, and sensitive data exposure. It analyzes the specific context of your application—whether it's a public-facing API or an internal CLI tool—and provides prioritized risk assessments (High/Medium/Low). By offering minimal, actionable fixes and referencing industry standards like the OWASP Cheat Sheet, it helps developers secure their applications before they reach production.

Key Features

01Prioritized risk scoring with clear reasoning for every identified issue

02Scanning for sensitive data exposure, hard-coded secrets, and insecure logging

03Context-aware analysis for frameworks like Express, FastAPI, Spring, and Rails

04Automated vulnerability detection for injection, auth, and logic flaws

05Actionable remediation snippets and secure coding pattern suggestions

060 GitHub stars

Use Cases

01Reviewing authentication and authorization logic for potential bypasses

02Auditing input handling and file upload implementations against common exploits

03Performing a pre-deployment security sanity check on new feature branches

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add k1lgor/virtual-company 05-security-reviewer

For use in Claude.ai and ChatGPT

Download Skill