Does this skill perform live penetration testing?

No, this skill performs Static Application Security Testing (SAST) by analyzing the source code. While it identifies many vulnerabilities, it should be complemented with DAST (dynamic testing) for full coverage.

How does the skill handle vulnerability prioritization?

Findings are categorized into Critical, High, Medium, and Low priorities based on exploitability and potential impact, including a detailed remediation plan with time estimates.

Which frameworks are best supported by the PHP Security Auditor?

The skill is specifically optimized for Laravel, Kirby CMS, Livewire, Blade templates, and vanilla PHP environments.

Can it detect vulnerabilities in third-party packages?

Yes, it inspects your composer.json file to identify outdated dependencies and known CVEs associated with the libraries your project uses.

PHP Security Auditor

Name: PHP Security Auditor
Author: benjaminhaeberli

bybenjaminhaeberli

0•

Security & Testing

Analyzes PHP codebases and frameworks to identify security vulnerabilities and ensure compliance with OWASP standards.

The PHP Security Auditor skill enables Claude to conduct professional-grade static security audits on PHP applications. It is specifically optimized for modern frameworks like Laravel, Kirby CMS, and Livewire, as well as vanilla PHP projects. By scanning for OWASP Top 10 vulnerabilities—including SQL injection, XSS, and CSRF—the skill identifies critical risks such as hardcoded secrets, insecure file uploads, and misconfigured middleware. It concludes each audit with a comprehensive Markdown report featuring a global security score and a prioritized, time-estimated action plan for remediation.

Key Features

010 GitHub stars

02Comprehensive OWASP Top 10 (2021) compliance auditing

03Detection of SQL injection, XSS, CSRF, and mass assignment risks

04Deep analysis for Laravel, Kirby CMS, Livewire, and Blade patterns

05Generation of structured security reports with prioritized action plans

06Identification of dangerous PHP functions and hardcoded secrets

Use Cases

01Validating Kirby CMS configurations and content API exposure risks

02Auditing legacy PHP codebases for insecure functions and outdated dependencies

03Performing a pre-deployment security review for a Laravel web application

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add benjaminhaeberli/claude-plugins php-security-audit

For use in Claude.ai and ChatGPT

Download Skill