How does this skill detect security vulnerabilities?

It uses a specialized security agent to perform a two-pass 'thorough' and 'gaps' analysis, specifically targeting injection, authentication failures, and sensitive data exposure.

Does it follow the OWASP Top 10 standards?

Absolutely. The skill is mapped to the OWASP Top 10 categories, including Broken Access Control, Cryptographic Failures, Injection, and SSRF.

Can it find hardcoded API keys?

Yes, the skill includes auto-validated patterns specifically designed to instantly identify hardcoded passwords, API keys, and other sensitive credentials with high confidence.

Will it suggest fixes for the issues it finds?

Yes, the skill generates reports that include prioritized findings along with suggested code diffs or prompts to automatically remediate the identified security risks.

How does it handle false positives?

The skill includes a validation step to filter results and explicitly avoids flagging security issues in test files or internal-only code where the risk is mitigated.

Security Code Review

Name: Security Code Review
Author: JesseNaranjo

byJesseNaranjo

•

安全与测试

Conducts deep security audits to identify vulnerabilities, hardcoded secrets, and OWASP compliance issues within your codebase.

The Security Code Review skill empowers Claude to act as a specialized security engineer, performing multi-pass audits to detect critical flaws like injection attacks, broken access control, and sensitive data exposure. By leveraging high-reasoning models for thorough vulnerability detection, it scans for OWASP Top 10 risks, validates input handling, and identifies hardcoded credentials, providing severity-prioritized reports with actionable diff-based fixes to harden your application throughout the development lifecycle.

主要功能

01Detection of SQL injection, XSS, and command injection vulnerabilities

02In-depth analysis of authentication and authorization logic including IDOR

03Multi-pass auditing using a specialized security agent for thorough coverage

041 GitHub stars

05Automated identification of hardcoded secrets, API keys, and credentials

06OWASP Top 10 compliance mapping with severity-prioritized reporting

使用场景

01Performing pre-release security audits to catch vulnerabilities before they reach production

02Automated security reviews of complex pull requests to ensure secure coding standards

03Scanning legacy repositories for hardcoded secrets and outdated cryptographic patterns

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jessenaranjo/ai-setup security-review

For use in Claude.ai and ChatGPT

Download Skill