Is this skill a replacement for manual pentesting?

It serves as a powerful automated first-line of defense to catch common errors during development, though it should complement manual professional security audits.

Does it support modern web security checks?

Absolutely. It checks for XSS, CSRF, CORS settings, and secure session management to protect web applications.

How does the Security Review skill find vulnerabilities?

It uses advanced pattern matching and structural analysis via tools like Grep and Read to identify risky code patterns, missing validation, and insecure configurations.

Can it detect hardcoded secrets?

Yes, the skill specifically scans for hardcoded API keys, passwords, and tokens stored within the codebase.

Security Code Auditor

Name: Security Code Auditor
Author: Doarakko

byDoarakko

0•

安全与测试

Conducts comprehensive security audits and vulnerability checks to identify potential threats and compliance issues in source code.

The Security Code Auditor skill empowers Claude to perform deep-dive security reviews by systematically analyzing codebases for common vulnerabilities. It follows a rigorous set of criteria including authentication flows, injection risks (SQL, NoSQL, Command), input sanitization, and data protection. By leveraging tools like Grep and Glob, it identifies hardcoded secrets, insecure API configurations, and outdated dependencies, ensuring that your application adheres to modern security best practices and is resilient against exploits like XSS, CSRF, and SSRF.

主要功能

01Detects hardcoded credentials, API keys, and sensitive tokens

020 GitHub stars

03Analyzes authentication and authorization implementation flaws

04Identifies injection vulnerabilities including SQL, NoSQL, and XSS

05Scans for API risks like CSRF, CORS misconfigurations, and missing rate limits

06Evaluates data protection measures and encryption standards

使用场景

01Performing a pre-merge security audit on a pull request

02Validating input sanitization and validation logic in web controllers

03Scanning legacy codebases for hidden vulnerabilities and technical debt

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add doarakko/dotfiles security-review

For use in Claude.ai and ChatGPT

Download Skill