How does the skill minimize false positives?

After an initial grep-based scan, the skill delegates findings to a Security Unified Expert task that validates the context of each finding before including it in the final report.

Can I define custom security rules for the scan?

Yes, you can provide a custom security.md file in your Claude rules directory which the skill will merge with its built-in patterns during execution.

What languages does the Security Scan skill support?

The skill supports a wide range of environments including Python, JavaScript, TypeScript, Go, Java, Ruby, PHP, and configuration files like YAML and JSON.

Does the Security Scan skill modify my source code?

No, the skill is strictly read-only. it analyzes your code and provides recommendations but never makes changes to your files automatically.

Security Scan

Name: Security Scan
Author: eroslifestyle

byeroslifestyle

0•

安全与测试

Performs comprehensive OWASP-style security audits to identify vulnerabilities and provide actionable remediation steps within your codebase.

The Security Scan skill empowers developers to perform deep security analysis directly within their local workflow, scanning for critical vulnerabilities like hardcoded secrets, SQL injection, and XSS across multiple programming languages. By utilizing parallelized pattern matching and intelligent validation, it produces a prioritized report that categorizes findings by severity. This skill is essential for maintaining production-grade security standards, ensuring sensitive data isn't leaked, and providing developers with specific code examples for immediate remediation.

主要功能

01Deep analysis logic to filter false positives and assess severity

02Integration with custom security rules via local markdown configuration

03Prioritized Markdown reporting with actionable code fixes

04Automated project type detection for Python, JS/TS, Go, and more

050 GitHub stars

06Parallel multi-pattern scanning for secrets, SQLi, XSS, and path traversal

使用场景

01Conducting pre-deployment security audits to catch OWASP Top 10 vulnerabilities

02Scanning codebases for accidentally hardcoded API keys and credentials

03Evaluating third-party dependencies and input validation logic for security gaps

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add eroslifestyle/claude-orchestrator-plugin security-scan

For use in Claude.ai and ChatGPT

主要功能

01Deep analysis logic to filter false positives and assess severity

02Integration with custom security rules via local markdown configuration

03Prioritized Markdown reporting with actionable code fixes

04Automated project type detection for Python, JS/TS, Go, and more

050 GitHub stars

06Parallel multi-pattern scanning for secrets, SQLi, XSS, and path traversal

使用场景

01Conducting pre-deployment security audits to catch OWASP Top 10 vulnerabilities

02Scanning codebases for accidentally hardcoded API keys and credentials

03Evaluating third-party dependencies and input validation logic for security gaps

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add eroslifestyle/claude-orchestrator-plugin security-scan

For use in Claude.ai and ChatGPT