What vulnerability types can Security Fixer handle?

Security Fixer is designed to remediate common vulnerabilities including SQL injection, Cross-Site Scripting (XSS), Path Traversal, CSRF, hardcoded secrets, weak cryptography, and insecure deserialization.

Does it support Git workflows?

Yes, all patches are output in the standard unified diff format (--- a/ +++ b/), making them compatible with 'git apply' and standard code review tools.

Which programming languages are supported?

The skill provides specific secure coding patterns for Python, JavaScript, TypeScript, and Go, but its general security principles can be applied to most modern programming languages.

Can it help with secret management?

Yes, it can automatically identify hardcoded API keys or passwords and refactor code to use secure alternatives like environment variables or language-specific secret loaders.

Are the generated patches ready for production?

The skill generates high-quality patches in unified diff format and includes a validation checklist; however, developers should always run the suggested tests before deploying to production.

Security Fixer

Name: Security Fixer
Author: jpoley

byjpoley

•

安全与测试

Generates high-quality, automated security patches to remediate vulnerabilities like SQL injection, XSS, and hardcoded secrets.

The Security Fixer skill serves as an automated security engineer within Claude Code, specializing in the remediation of critical vulnerabilities across various programming languages and frameworks. It transforms security triage findings into production-ready patches using the unified diff format, ensuring that fixes are minimal, secure by default, and backward-compatible. By applying industry-standard patterns for SQL injection, cross-site scripting (XSS), and weak cryptography, this skill helps developers accelerate their remediation workflows while maintaining code quality and functional integrity through structured validation and testing guidance.

主要功能

01Defense-in-depth validation to ensure patches don't introduce new flaws

028 GitHub stars

03Comprehensive remediation patterns for SQLi, XSS, Path Traversal, and CSRF

04Cross-language support for Python, JavaScript/TypeScript, and Go

05Automated generation of unified diff patches for direct use with Git

06Refactoring support for moving hardcoded secrets to environment variables

使用场景

01Refactoring legacy code to use modern, secure APIs and frameworks

02Remediating vulnerabilities identified by SAST or DAST security scanners

03Standardizing security patch formats for team-wide code reviews

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jpoley/flowspec security-fixer

For use in Claude.ai and ChatGPT

Download Skill