Can it check for vulnerabilities in my Node.js project?

Yes, the dependency auditor automatically detects package.json files and uses npm audit to identify and report known vulnerabilities.

Does it provide instructions on how to fix the security issues it finds?

Yes, every finding includes a technical explanation, risk severity, and specific remediation steps with code templates to help you fix the issue.

Is this skill safe to run on any website?

No, you must have explicit authorization from the target owner before performing any security scans. The skill requires confirmation of authorization before proceeding.

Which programming languages does the code scanner support?

It primarily supports Python via Bandit integration and uses high-performance regex patterns to identify secrets and vulnerabilities across various languages.

Security Penetration Tester

Name: Security Penetration Tester
Author: jeremylongshore

byjeremylongshore

•

1,613

•

安全与测试

Performs comprehensive security audits on web applications, APIs, and codebases to identify vulnerabilities, dependency risks, and exposed secrets.

This skill transforms Claude into a security auditing assistant, providing a suite of specialized scanners for real-time penetration testing and vulnerability assessment. It enables developers to analyze HTTP security headers, verify SSL/TLS configurations, audit project dependencies for known vulnerabilities, and perform static analysis on source code to detect hardcoded secrets or common injection flaws. By integrating automated scanning with expert remediation guidance, it helps development teams identify and mitigate security gaps efficiently throughout the software development lifecycle.

主要功能

01Dependency Auditing: Wraps npm audit and pip-audit to identify vulnerable packages in project environments.

02Automated Remediation: Provides specific code fix templates and technical remediation steps for every finding.

03Web Application Scanning: Analyzes HTTP headers, SSL/TLS certificates, and CORS configurations for misconfigurations.

04Static Code Analysis: Detects hardcoded secrets, SQL injection, and command injection risks using tools like Bandit.

051,613 GitHub stars

06Customizable Scopes: Allows targeting specific vulnerability classes like SSL checks, header analysis, or secret hunting.

使用场景

01Auditing project dependencies to ensure protection against known CVEs in the supply chain.

02Scanning a legacy codebase to identify and remove hardcoded API keys or sensitive credentials.

03Performing a pre-deployment security audit on a new web application or API endpoint.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills performing-penetration-testing

For use in Claude.ai and ChatGPT

Download Skill

主要功能

01Dependency Auditing: Wraps npm audit and pip-audit to identify vulnerable packages in project environments.

02Automated Remediation: Provides specific code fix templates and technical remediation steps for every finding.

03Web Application Scanning: Analyzes HTTP headers, SSL/TLS certificates, and CORS configurations for misconfigurations.

04Static Code Analysis: Detects hardcoded secrets, SQL injection, and command injection risks using tools like Bandit.

051,613 GitHub stars

06Customizable Scopes: Allows targeting specific vulnerability classes like SSL checks, header analysis, or secret hunting.

使用场景

01Auditing project dependencies to ensure protection against known CVEs in the supply chain.

02Scanning a legacy codebase to identify and remove hardcoded API keys or sensitive credentials.

03Performing a pre-deployment security audit on a new web application or API endpoint.