Which programming languages are supported?

The skill includes specialized security patterns for Node.js, Python, PHP, Go, Java, .NET, Rust, and React/Frontend frameworks.

How does it categorize security risks?

Vulnerabilities are classified using the standard CVSS (Common Vulnerability Scoring System) scale from Info and Low to High and Critical.

Can it detect logic-based vulnerabilities?

Yes, it includes processes for manual logic abusability checks, identifying race conditions, business logic flaws, and state manipulation errors.

Does it require external tools to run security audits?

It leverages native tools already in your environment (like npm audit or pip-audit) for speed and accuracy, but can also perform manual code analysis and web-based CVE lookups.

What is 'Taint Analysis' in this context?

Taint analysis traces user-controlled input (Sources) through the application to dangerous functions (Sinks) to identify unvalidated data paths that could lead to exploits.

Comprehensive Security Analysis

Name: Comprehensive Security Analysis
Author: d4rkNinja

byd4rkNinja

•

安全与测试

Performs deep security audits, vulnerability scanning, and risk assessments across multiple technology stacks.

关于

This skill acts as a master framework for end-to-end security analysis within Claude Code. It automatically detects the project's technology stack—ranging from Node.js and Python to Rust and Java—and orchestrates a multi-phased security review. By combining native dependency audits (SCA), static code analysis (SAST), and advanced data flow tracing, it identifies critical vulnerabilities such as injections, broken authentication, and memory safety issues. Beyond simple detection, it provides context-aware risk assessments using CVSS standards and generates actionable remediation plans, including specific upgrade guidance and security hardening patches.

主要功能

Taint analysis and data flow tracing for injection detection
5 GitHub stars
Native dependency auditing (npm audit, pip-audit, cargo audit, etc.)
Detailed remediation templates with migration and upgrade paths
Automated technology stack detection and attack surface mapping
CVSS-based risk classification and severity assessment

使用场景

Automating the discovery of outdated and exploitable project dependencies
Mapping complex data flows to prevent SQL injection and sensitive data exposure
Performing pre-release security audits to identify and patch vulnerabilities

关于

主要功能

Taint analysis and data flow tracing for injection detection
5 GitHub stars
Native dependency auditing (npm audit, pip-audit, cargo audit, etc.)
Detailed remediation templates with migration and upgrade paths
Automated technology stack detection and attack surface mapping
CVSS-based risk classification and severity assessment

使用场景

Automating the discovery of outdated and exploitable project dependencies
Mapping complex data flows to prevent SQL injection and sensitive data exposure
Performing pre-release security audits to identify and patch vulnerabilities