How does it handle the OWASP Top 10?

It provides specific code patterns, detection scripts, and secure alternatives for major vulnerabilities like SQL Injection, XSS, and Broken Access Control.

Can it audit my server configurations?

Yes, it includes checklists for security headers (HSTS, CSP, X-Frame-Options) and common web framework misconfigurations.

Does this skill support multiple programming languages?

Yes, it includes detection patterns and tool configurations for JavaScript, Python, Java, PHP, and Ruby on Rails.

Can it help me find hardcoded secrets?

Yes, it provides methodologies for using tools like Gitleaks and TruffleHog to detect API keys, tokens, and PEM files in your repository.

Vulnerability Detection & Security Audit

Name: Vulnerability Detection & Security Audit
Author: cyperx84

bycyperx84

•

安全与测试

Identifies and remediates security vulnerabilities across application code, dependencies, and infrastructure using systematic assessment methodologies.

This skill transforms Claude into a security expert focused on comprehensive vulnerability detection and risk assessment. It provides a structured framework for auditing applications, covering everything from initial reconnaissance and automated scanning with tools like Semgrep and Snyk to deep manual code reviews based on the OWASP Top 10. Whether you are securing authentication flows, preventing SQL injection, or scanning for hardcoded secrets, this skill provides the specific detection patterns and remediation strategies necessary to harden production environments and prevent exploits.

主要功能

01Secret detection for hardcoded API keys and credentials

02OWASP Top 10 identification including SQLi, XSS, and CSRF

032 GitHub stars

04Static Analysis Security Testing (SAST) integration patterns

05Security configuration auditing for CORS and HSTS headers

06Automated dependency scanning workflows for Node.js and Python

使用场景

01Conducting a comprehensive security audit of a legacy codebase

02Remediating broken access control and insecure direct object references

03Automating security checks within a CI/CD pipeline or PR review

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add cyperx84/claude-code-plugin-examples vulnerability-detection

For use in Claude.ai and ChatGPT

主要功能

01Secret detection for hardcoded API keys and credentials

02OWASP Top 10 identification including SQLi, XSS, and CSRF

032 GitHub stars

04Static Analysis Security Testing (SAST) integration patterns

05Security configuration auditing for CORS and HSTS headers

06Automated dependency scanning workflows for Node.js and Python

使用场景

01Conducting a comprehensive security audit of a legacy codebase

02Remediating broken access control and insecure direct object references

03Automating security checks within a CI/CD pipeline or PR review

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add cyperx84/claude-code-plugin-examples vulnerability-detection

For use in Claude.ai and ChatGPT