What security standards does this skill follow?

The Security Scanner is primarily based on the OWASP Top 10 framework, covering critical risks like Injection, Broken Access Control, and Sensitive Data Exposure.

Does this replace traditional security tools?

It complements them by integrating tools like Semgrep, Bandit, and Nancy directly into your Claude Code workflow for faster 'shift-left' security feedback.

Can it help fix identified vulnerabilities?

Yes, it provides side-by-side 'Vulnerable vs. Secure' code examples and can suggest specific shell commands like 'npm audit fix' or custom code refactors to resolve issues.

Which programming languages can it scan?

It provides specific workflows and tool integrations for JavaScript/Node.js, Python, and Go, though its security philosophy and manual review patterns apply to most languages.

Security Scanner

Name: Security Scanner
Author: a-ariff

bya-ariff

0•

安全与测试

Scans source code for security vulnerabilities and provides actionable remediation patterns based on industry standards.

Security Scanner is a specialized agent for Claude Code designed to identify critical security flaws and implement secure coding practices throughout the development lifecycle. By combining automated scanning tool integration with deep manual code review patterns, it helps developers detect and fix OWASP Top 10 vulnerabilities like SQL injection, XSS, and broken access control. This skill acts as a security-focused peer reviewer, providing specific code examples for hardening applications, managing secrets, and implementing robust input validation to ensure your software is resilient against modern cyber threats.

主要功能

01Static Analysis (SAST) support using tools like Semgrep and Bandit

020 GitHub stars

03Threat modeling assistance to identify potential attack vectors early

04Secure implementation patterns for authentication and cryptography

05Integrated automated scanning for Node.js, Python, and Go environments

06Detailed remediation guidance for OWASP Top 10 security risks

使用场景

01Hardening API endpoints against injection attacks and broken access control

02Refactoring legacy code to implement modern data sanitization and input validation

03Auditing new feature branches for security regressions before merging

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add a-ariff/ariff-code-config security-scanner

For use in Claude.ai and ChatGPT

Download Skill