Which programming languages and frameworks are supported?

While it provides general security logic, it includes specialized commands and checks for Go (backend), Next.js (web), and Firebase (database/auth).

Can it detect leaked secrets?

Yes, it proactively checks for API keys, passwords, and other sensitive strings within your source code and ensures PII is not leaked into application logs.

Does it check for web-specific vulnerabilities like XSS or SQL injection?

Yes, the skill includes checks for injection attacks, cross-site scripting (XSS), and improper output encoding as part of its OWASP Top 10 assessment.

How are the security results formatted?

Results are delivered in a structured markdown report, categorizing issues by Critical, High, and Medium risk, followed by actionable security recommendations.

When does the Security Scan skill activate?

The skill triggers automatically whenever you modify security-sensitive code, such as authentication logic, new API endpoints, database queries, or file upload handlers.

Security Scan

Name: Security Scan
Author: muyen

bymuyen

•

Security & Testing

Performs proactive security audits and enforces best practices for authentication, data protection, and API integrity.

The Security Scan skill provides automated, real-time vulnerability assessment for full-stack applications, ensuring that code changes adhere to modern security standards. It automatically triggers when developers modify sensitive components such as authentication middleware, API endpoints, or database queries, cross-referencing implementations against the OWASP Top 10. By integrating platform-specific checks for Go and Next.js alongside Firebase security rule validation, it helps prevent common risks like injection, broken access control, and secret leakage before they reach production.

Key Features

01Automated OWASP Top 10 vulnerability auditing

02Real-time monitoring of authentication and authorization logic

0322 GitHub stars

04Firebase and Firestore security rule validation and testing

05Sensitive data leakage detection for logs and source code

06Specialized security scanning for Go backends and Next.js frontends

Use Cases

01Ensuring PII and sensitive user data are handled according to data protection standards

02Auditing new API endpoints for proper rate limiting and CORS configuration

03Validating input handling and file upload logic to prevent path traversal and injection

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add muyen/vibe-to-prod security-scan

For use in Claude.ai and ChatGPT

Download Skill