What kind of cryptographic issues does it identify?

It scans source code for deprecated protocols like SSLv3 and TLS 1.0, weak ciphers like RC4 or DES, and instances where certificate verification has been insecurely disabled.

Can it detect secrets committed to Git history?

Yes, it specifically scans for tracked sensitive files like .pem keys, .env files, and credentials that have been accidentally added to version control.

What languages does the Audit skill support?

The skill provides specialized auditing for Node.js (npm) and Python environments, while also performing general security checks on Dockerfiles, shell scripts, and web server configurations.

Does it fix the security vulnerabilities automatically?

The skill generates a detailed report with exact remediation commands. Once identified, you can direct Claude to apply these fixes, such as running 'npm audit fix' or updating file permissions.

Does it audit container configurations?

Yes, it inspects Dockerfiles and Docker Compose files for security risks such as running as the root user, hardcoded secrets in ENV/ARG directives, and the use of non-deterministic 'latest' image tags.

Security & Dependency Audit

Name: Security & Dependency Audit
Author: LayerDynamics

byLayerDynamics

0•

安全与测试

Conducts comprehensive security audits of project dependencies, configurations, and sensitive files to identify and remediate vulnerabilities.

The Audit skill for the Lore framework provides a robust automated security scanner for Claude Code, designed to identify common development pitfalls before they reach production. It systematically inspects Node.js and Python dependencies for known CVEs, searches for accidentally committed secrets or environment variables, flags permissive file settings, and identifies weak cryptographic configurations. By generating a prioritized report with specific remediation steps, it enables developers to maintain a strong security posture through deterministic, repeatable AI-assisted workflows.

主要功能

01Validation of file system permissions and version control ignore rules

020 GitHub stars

03Deep secret detection for committed .env files, private keys, and certificates

04Static analysis of TLS/SSL settings and Docker configuration best practices

05Automated dependency scanning for Node.js (npm) and Python (pip) environments

06Prioritized reporting with severity levels and actionable remediation guidance

使用场景

01Hardening Docker containers and web server configurations against common security exploits

02Pre-commit security checks to prevent leaking API keys or credentials to version control

03Periodic project maintenance to identify and patch vulnerable third-party dependencies

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add layerdynamics/lore audit

For use in Claude.ai and ChatGPT