How does it handle Python dependency security?

It utilizes industry-standard tools like pip-audit and safety check to scan your environment for packages with known security vulnerabilities.

What types of secrets can this skill detect?

The skill scans for a wide range of sensitive data including API keys, AWS credentials, database passwords, and private keys like .pem or .key files.

When should I run a security scan?

It is best practice to run the scan before every commit, during peer code reviews, and as part of a pre-release security audit.

Can this skill help prevent SQL injection?

Yes, it identifies unsafe string concatenation in database queries and suggests secure, parameterized alternatives to prevent injection attacks.

Quality Security Scan

Name: Quality Security Scan
Author: mvillmow

bymvillmow

•

Security & Testing

Identifies security vulnerabilities, hardcoded secrets, and unsafe coding patterns to ensure code integrity and prevent data leaks.

The Quality Security Scan skill empowers Claude to perform comprehensive security audits within your development environment. It specializes in detecting exposed secrets like API keys and private keys, identifying vulnerable Python dependencies via pip-audit, and flagging risky code patterns such as SQL injection or path traversal vulnerabilities. By integrating automated scripts and best practice guidance, this skill helps developers maintain a rigorous security posture, ensuring that sensitive data remains protected and codebases comply with modern security standards before every commit.

Key Features

01Identification of unsafe code patterns including SQL injection and path traversal

02Guidance on refactoring hardcoded credentials into secure environment variables

0312 GitHub stars

04Dependency vulnerability scanning using pip-audit and safety check

05Automated secret detection for API keys, AWS credentials, and private keys

06Validation of .gitignore configurations to prevent accidental sensitive file commits

Use Cases

01Auditing legacy codebases for hardcoded credentials and unvalidated user inputs

02Reviewing third-party Python dependencies for known security vulnerabilities

03Performing a comprehensive security audit before committing sensitive code to a repository

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mvillmow/projectodyssey quality-security-scan

For use in Claude.ai and ChatGPT

Download Skill