What tools does this Python security skill use?

This skill utilizes industry-standard tools including Bandit for static analysis, pip-audit for dependency checking, and detect-secrets for finding hardcoded credentials.

How does it assist with CI/CD integration?

It provides pre-configured YAML snippets and command-line instructions to integrate security scanning directly into GitHub Actions or other automated pipelines.

Can this skill help prevent SQL injection?

Yes, it specifically identifies patterns prone to SQL injection and provides secure, parameterized query alternatives to mitigate the risk.

Is this skill useful for remediation?

Beyond detection, the skill provides specific 'Secure Patterns' and code examples to help developers replace insecure code with robust, safe implementations.

Does it support scanning for vulnerable dependencies?

Yes, it uses pip-audit to check your project's requirements against known vulnerability databases and offers guidance on how to fix them.

Python Security Auditor

Name: Python Security Auditor
Author: wdm0006

bywdm0006

0•

Security & Testing

Audits Python codebases for security vulnerabilities, hardcoded secrets, and dependency risks using industry-standard tools and secure coding patterns.

The Python Security Auditor skill provides a comprehensive framework for identifying and mitigating security risks in Python applications. By leveraging powerful tools like Bandit, pip-audit, Semgrep, and detect-secrets, it helps developers perform deep static analysis, scan for vulnerable dependencies, and uncover hardcoded credentials. It is an essential companion for developers looking to harden their applications, prepare for security reviews, or implement automated security gates within CI/CD pipelines to prevent common exploits like SQL injection and path traversal.

Key Features

010 GitHub stars

02Automated detection of hardcoded secrets and API keys

03Guidance on secure coding patterns for SQL, shells, and cryptography

04Ready-to-use CI/CD integration configurations for automated scanning

05Static application security testing (SAST) with Bandit and Semgrep

06Dependency vulnerability scanning using pip-audit

Use Cases

01Implementing automated security linting in GitHub Actions or other CI pipelines

02Conducting a comprehensive security audit of existing Python libraries or applications

03Identifying and remediating OWASP Top 10 vulnerabilities in Python code

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add wdm0006/python-skills security-audit

For use in Claude.ai and ChatGPT

Download Skill