Does this skill scan for hardcoded API keys?

Yes, it specifically identifies hardcoded API keys, passwords, private keys, and other sensitive credentials within your source code to prevent accidental exposure.

Does it check for vulnerable third-party libraries?

Yes, the skill includes a dependency security scan to identify known CVEs and outdated components in your project's package manifest.

Which security standards does the audit follow?

The review is primarily based on the OWASP Top 10 framework, covering critical risks like injection, broken access control, and cryptographic failures.

Can it suggest fixes for the vulnerabilities it finds?

Yes, every security report includes specific remediation guidance, file and line number locations, and assessment of the overall security posture.

Security Audit & Code Review

Name: Security Audit & Code Review
Author: Yeachan-Heo

byYeachan-Heo

•

3,720

•

安全与测试

Conducts comprehensive security audits of codebases to identify OWASP vulnerabilities, hardcoded secrets, and unsafe implementation patterns.

The Security Review skill automates deep security analysis of your codebase by delegating to the high-intelligence Claude Opus model. It proactively identifies OWASP Top 10 risks, detects hardcoded credentials, validates input sanitization, and scans dependencies for known vulnerabilities. By integrating this into your development workflow—especially before deployment or after major architectural changes—you can ensure robust authentication logic and maintain a high security posture with prioritized remediation guidance for every finding.

主要功能

01Dependency vulnerability auditing with CVE references

02Severity-based prioritization from CRITICAL to LOW

03Comprehensive input validation and XSS prevention analysis

04Automated detection of hardcoded API keys and secrets

053,720 GitHub stars

06Full OWASP Top 10 vulnerability scanning and reporting

使用场景

01Auditing new API endpoints for injection risks before production deployment

02Identifying accidentally committed credentials or sensitive tokens in the repository

03Verifying authentication and authorization logic after major code refactors

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add yeachan-heo/oh-my-claudecode security-review

For use in Claude.ai and ChatGPT

Download Skill