How does the skill prioritize findings?

Findings are mapped to a unified severity scale (Critical, High, Medium, Low) based on CVSS scores and industry-standard classifications from tools like Semgrep and npm audit.

Which languages does the Security Scan skill support?

It supports a wide range of languages including JavaScript, TypeScript, Python, Ruby, Go, Java, and .NET.

Can I scan specific parts of my project?

Yes, you can target specific directories, files, or even just changed files (git diff) to speed up the scanning process and focus on relevant code.

Do I need to install external tools to use this skill?

While the skill can perform basic manual reviews using pattern matching, it works best with installed tools like Semgrep, npm audit, or Bandit for comprehensive results.

Does it check for hardcoded secrets?

Yes, the skill includes configuration security checks that scan for hardcoded passwords, API keys, and insecure cryptographic implementations.

Security Scanner

Name: Security Scanner
Author: onesmartguy

byonesmartguy

0•

Security & Testing

Performs comprehensive security audits and vulnerability scans across multiple programming languages and frameworks.

The Security Scan skill provides an automated, multi-layered approach to securing your codebase by integrating industry-standard tools like Semgrep, npm audit, and Bandit. It identifies Static Application Security Testing (SAST) vulnerabilities, detects insecure dependency versions, and flags configuration issues against OWASP Top 10 and CWE Top 25 standards. By aggregating results into a unified severity-scored report, it helps developers prioritize critical fixes and maintain high security standards throughout the development lifecycle, whether scanning an entire repository or targeted files.

Key Features

01Multi-language SAST analysis for JS/TS, Python, Ruby, Go, Java, and .NET

02Unified results aggregation with severity scoring from Critical to Info

03Comprehensive mapping to OWASP Top 10 and CWE Top 25 classifications

04Security configuration auditing for hardcoded secrets and insecure headers

050 GitHub stars

06Automated dependency vulnerability scanning with integrated tool support

Use Cases

01Compliance reviews to ensure code follows secure coding standards and OWASP guidelines

02Pre-commit security audits to catch vulnerabilities before code is merged

03Periodic dependency health checks to identify and remediate CVEs

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add onesmartguy/raptor-claude-plugins scan

For use in Claude.ai and ChatGPT

Download Skill