What types of cryptographic failures can this skill detect?

This skill detects common vulnerabilities including the use of weak algorithms (MD5/SHA1), hardcoded encryption keys, insecure random number generation (PRNGs), and improper password hashing techniques.

Does this skill require external security scanners?

While it can perform manual code analysis using Grep patterns, it works best when integrated with tools like Semgrep, Bandit, Gosec, or Gitleaks which it can automatically detect and run.

Can it help fix the security issues it finds?

Yes, when a vulnerability is identified, the skill provides a concrete fix including a code diff showing the secure alternative implementation.

How does it map to the OWASP Top 10?

This skill specifically addresses the A02:2021 - Cryptographic Failures category, covering various CWEs related to insufficient entropy and broken encryption.

Crypto Security Auditor

Name: Crypto Security Auditor
Author: florianbuetow

byflorianbuetow

•

Security & Testing

Audits source code for cryptographic vulnerabilities, weak encryption algorithms, and insecure secret management based on OWASP standards.

The Crypto Security Auditor skill provides specialized security analysis for cryptographic implementations within your codebase, mapping directly to OWASP Top 10 A02:2021. It enables Claude to detect critical failures such as hardcoded encryption keys, weak hashing algorithms like MD5 or SHA1, insecure random number generation, and improper TLS configurations. By leveraging industry-standard scanners or performing deep manual data flow analysis, this skill helps developers ensure that sensitive data is protected using modern, secure cryptographic best practices.

Key Features

01Identifies weak or broken hashing algorithms used in security-sensitive contexts.

02Evaluates TLS/SSL configurations, certificate validation, and protocol versions.

03Integrates with specialized security tools including Semgrep, Bandit, Gosec, and Gitleaks.

046 GitHub stars

05Audits password storage logic to ensure the use of secure salts and modern hashing (bcrypt, argon2).

06Detects hardcoded encryption keys, API secrets, and initialization vectors (IVs).

Use Cases

01Migrating legacy cryptographic implementations to modern, secure standards.

02Identifying and remediating hardcoded secrets before a production release.

03Performing a security audit of a new authentication module or payment processing flow.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add florianbuetow/claude-code crypto

For use in Claude.ai and ChatGPT

Download Skill