Which programming languages are supported?

While the skill includes specific optimized patterns for Python, JavaScript, TypeScript, and Go, its core security principles and patch generation capabilities apply to most modern programming languages.

What types of vulnerabilities can this skill fix?

Security Fixer specializes in remediating common security issues including SQL injection, cross-site scripting (XSS), path traversal, CSRF, hardcoded secrets, and weak cryptography.

Does the skill produce production-ready code?

Yes, it generates patches following 'secure by default' principles and minimal change rules, although developers should always review and test AI-generated security fixes before deployment.

Can I use the patches with my current Git workflow?

Absolutely. The skill outputs patches in the standard unified diff format, making them fully compatible with 'git apply' and standard pull request reviews.

Security Fixer

Name: Security Fixer
Author: jpoley

byjpoley

•

安全与测试

Generates high-quality security patches and remediates vulnerabilities like SQL injection, XSS, and hardcoded secrets using secure coding patterns.

The Security Fixer skill empowers Claude to act as an expert security engineer, specializing in automated vulnerability remediation and secure code generation. It analyzes security findings (CWE, severity, and data flows) to generate minimal, backward-compatible patches in unified diff format while adhering to 'secure by default' principles. This skill is ideal for development teams looking to automate the remediation of common security flaws like cross-site scripting, path traversal, and weak cryptography without compromising code quality or introducing regressions.

主要功能

01Automated remediation for common CWEs including SQLi, XSS, and CSRF

02Root cause analysis based on data flows and attack vector identification

03Generation of standard unified diff patches for seamless Git integration

04Secure-by-design patterns for Python, JavaScript, and Go frameworks

055 GitHub stars

06Security validation checklist to ensure logic and syntax integrity

使用场景

01Upgrading legacy codebases from unsafe APIs to secure framework alternatives

02Remediating static analysis (SAST) findings and vulnerability reports automatically

03Securing sensitive data by replacing hardcoded secrets with environment variable logic

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jpoley/flowspec security-fixer

For use in Claude.ai and ChatGPT

Download Skill