What happens if I don't have security tools like Semgrep installed?

The skill checks for tool availability and will skip unavailable ones, falling back to Claude's internal analysis and manual grep patterns to identify security-sensitive code areas.

Does this skill require GitHub access?

Yes, it uses the GitHub CLI (gh) to automatically create and label issues based on the scan results, allowing your team to track and resolve security findings directly in your workflow.

How are the security findings categorized?

Findings are mapped to a standardized severity scale (Critical, High, Medium, Low, Info) based on tool output and CVSS scores, or based on how far a dependency has fallen behind the latest version.

Which programming languages does this security skill support?

It supports a wide range of ecosystems including Node.js, Python, Rust, Go, Java, Kotlin, and Ruby by automatically detecting manifest files like package.json, requirements.txt, or Cargo.toml.

DLC Security Scan

Name: DLC Security Scan
Author: rube-de

byrube-de

•

安全与测试

Performs automated security audits including dependency checks, SAST analysis, and secret detection with integrated GitHub issue reporting.

The DLC Security Scan skill transforms Claude into a proactive security engineer for your development workflow. It intelligently detects your project's technology stack—supporting Node.js, Python, Rust, Go, Java, and Ruby—to execute targeted dependency audits, staleness checks, and Static Application Security Testing (SAST). By consolidating results from industry-standard tools like Semgrep, Trivy, and Gitleaks, the skill classifies vulnerabilities by severity and automatically documents findings as structured GitHub issues, ensuring your codebase remains secure and up-to-date with minimal manual effort.

主要功能

01Comprehensive dependency vulnerability auditing and staleness checks

02Deep secret detection for leaked credentials and API keys

03Automatic project type detection for multi-language support

04Static Application Security Testing (SAST) using Semgrep and Trivy

055 GitHub stars

06Automated GitHub issue creation with severity-mapped reporting

使用场景

01Automating the detection of outdated or unmaintained dependencies

02Scanning repositories for accidentally committed secrets or hardcoded passwords

03Running a pre-release security audit to identify critical vulnerabilities

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add rube-de/cc-skills security

For use in Claude.ai and ChatGPT

Download Skill