Can I integrate this skill into my CI/CD pipeline?

Yes, the skill is designed for integration with GitHub Actions and other CI tools, allowing you to generate SARIF reports and block builds if critical vulnerabilities are detected.

Does it provide the actual code to fix the security issues?

Yes, every finding includes a detailed 'How' section that provides step-by-step fix instructions and specific code snippets to remediate the vulnerability.

How does it minimize false positives during secret detection?

It uses a multi-stage process involving regex pattern matching, entropy analysis to distinguish random strings from text, and context checking to ignore test keys or placeholder patterns.

Which package managers does the Security Scanner support?

The scanner supports a wide range of ecosystems including npm, yarn, pnpm (JavaScript/TypeScript), pip, poetry (Python), go (Golang), cargo (Rust), composer (PHP), and bundler (Ruby).

Security Scanner

Name: Security Scanner
Author: ialameh

byialameh

0•

Security & Testing

Performs comprehensive security audits, secret detection, and vulnerability scanning for modern codebases.

The Security Scanner skill is a powerful audit tool designed to safeguard your codebase by identifying high-risk vulnerabilities before they reach production. It combines multi-layer detection strategies including secret scanning for over 50 providers, dependency vulnerability analysis across major package managers, and deep static analysis for OWASP Top 10 risks. By providing automated security scoring and detailed remediation guidance—including specific code fixes and verification steps—this skill enables developers to proactively manage security debt and integrate automated safety gates into their CI/CD workflows.

Key Features

01Automated 0-100 security scoring with weighted deductions and bonuses.

020 GitHub stars

03Secret detection for 50+ providers including AWS, GCP, GitHub, and Stripe.

04Deep static analysis covering OWASP Top 10 risks like injection and SSRF.

05Actionable remediation guides with before-and-after code implementation examples.

06Cross-language dependency scanning for npm, pip, go, cargo, and more.

Use Cases

01Auditing third-party dependencies for known CVEs and identifying upgrade paths.

02Preventing sensitive credential leaks through automated git pre-commit hooks.

03Identifying and fixing SQL injection or XSS vulnerabilities in legacy codebases.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add ialameh/sift-coder security-scanner

For use in Claude.ai and ChatGPT

Download Skill