Does it provide specific fixes for the issues it finds?

Yes, every security finding includes a summary of the evidence, the potential impact, and a specific recommended fix.

How are the security findings categorized?

Findings are ranked using a severity model: critical (immediate impact), high (likely exploitable), medium (meaningful risk), and low (hardening recommendation).

What kind of vulnerabilities can this skill detect?

It scans for a wide range of issues including SQL injection, Cross-Site Scripting (XSS), SSRF, path traversal, and insecure authentication patterns.

Can it help with secret management?

Absolutely. It validates secrets handling to ensure no hardcoded keys exist and that environment variables are used correctly.

Is this skill suitable for supply-chain security?

Yes, the review checklist includes dedicated steps for evaluating dependency and supply-chain concerns.

ECC Security Review

Name: ECC Security Review
Author: oabdelmaksoud

byoabdelmaksoud

0•

安全与测试

Performs threat-focused security audits and provides severity-ranked findings to harden application codebases.

The ECC Security Review skill enables Claude to conduct rigorous security assessments, identifying vulnerabilities ranging from hardcoded secrets to sophisticated injection risks. By applying a structured checklist covering input validation, AuthN/AuthZ, and supply-chain concerns, it generates actionable reports that prioritize issues by severity. This skill is ideal for developers and security engineers looking to automate vulnerability detection and ensure their code meets production-grade hardening standards with evidence-based remediation steps.

主要功能

01Standardized severity model with actionable fix recommendations

02Automated secrets scanning to prevent hardcoded keys and credential leaks

030 GitHub stars

04Comprehensive vulnerability detection for Injection, XSS, SSRF, and Path Traversal

05AuthN/AuthZ validation ensuring least-privilege access control

06Supply-chain and dependency risk assessment

使用场景

01Hardening web applications by identifying data exposure in logs and headers

02Conducting automated security audits during the code review process

03Validating input sanitization and environment variable usage before deployment

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add oabdelmaksoud/agention ecc-security-review

For use in Claude.ai and ChatGPT

主要功能

01Standardized severity model with actionable fix recommendations

02Automated secrets scanning to prevent hardcoded keys and credential leaks

030 GitHub stars

04Comprehensive vulnerability detection for Injection, XSS, SSRF, and Path Traversal

05AuthN/AuthZ validation ensuring least-privilege access control

06Supply-chain and dependency risk assessment

使用场景

01Hardening web applications by identifying data exposure in logs and headers

02Conducting automated security audits during the code review process

03Validating input sanitization and environment variable usage before deployment

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add oabdelmaksoud/agention ecc-security-review

For use in Claude.ai and ChatGPT