How does it handle sensitive information like API keys?

The skill includes strict constraints to redact secrets, tokens, credentials, and PII by default, ensuring raw environment values are never echoed.

Which programming languages are supported by this skill?

The skill currently supports Python, JavaScript, TypeScript, and Go.

Does it follow standard security frameworks?

Yes, it specifically maps web and API findings to the OWASP Top 10:2025 standards to ensure risk is reported consistently.

Does this skill automatically fix security vulnerabilities?

It generates a prioritized security report and offers scoped remediation plans, allowing the user to decide when and how to apply specific fixes.

Security Best Practices Review

Name: Security Best Practices Review
Author: jscraik

byjscraik

•

安全与测试

Reviews code and architecture against language-specific security standards and the OWASP Top 10:2025 framework.

This skill provides specialized domain expertise for performing security-focused audits and secure-by-default implementation guidance within Python, JavaScript, TypeScript, and Go projects. It goes beyond general code reviews by mapping vulnerabilities to the latest industry standards, generating prioritized security reports with severity ratings, and providing scoped remediation plans. Ideal for developers needing evidence-backed security advice, it emphasizes root-cause fixes and strictly adheres to privacy constraints by redacting secrets and PII during the analysis process.

主要功能

01Step-by-step remediation plans focused on root-cause fixes

02Mapping of web and API findings to OWASP Top 10:2025

032 GitHub stars

04Language-specific security audits for Python, Go, and JS/TS

05Generation of prioritized Markdown security reports

06Secure-by-default guidance for new feature implementation

使用场景

01Identifying and remediating high-impact vulnerabilities in existing code

02Implementing secure authentication patterns in a new project

03Performing a pre-deployment security audit on a web API

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jscraik/agent-skills security-best-practices

For use in Claude.ai and ChatGPT

主要功能

01Step-by-step remediation plans focused on root-cause fixes

02Mapping of web and API findings to OWASP Top 10:2025

032 GitHub stars

04Language-specific security audits for Python, Go, and JS/TS

05Generation of prioritized Markdown security reports

06Secure-by-default guidance for new feature implementation

使用场景

01Identifying and remediating high-impact vulnerabilities in existing code

02Implementing secure authentication patterns in a new project

03Performing a pre-deployment security audit on a web API

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jscraik/agent-skills security-best-practices

For use in Claude.ai and ChatGPT