Does it scan for exposed secrets?

Yes, it identifies exposed .env files and potential hardcoded secrets, flagging them for rotation without logging the actual sensitive values.

What is the TDD validation feature?

For every vulnerability, the skill generates three tests: one to prove the vulnerability exists, one to verify the remediation logic, and one to confirm the issue is resolved.

Can it fix the vulnerabilities it finds?

Yes, it generates actual code patches, version bump commands, and configuration fixes rather than just providing general recommendations.

What types of reports are generated?

It produces two distinct reports: a detailed technical report for developers and a high-level executive summary for project stakeholders.

How does this skill detect vulnerabilities?

It scans manifest files, container definitions, and IaC templates, then cross-references findings with live security databases like OSV.dev, CISA KEV, and NVD.

Security Analyzer

Name: Security Analyzer
Author: Cornjebus

byCornjebus

•

Security & Testing

Performs deep security vulnerability scans and provides automated, test-driven remediation plans for dependencies and infrastructure.

The Security Analyzer skill empowers Claude to identify and mitigate vulnerabilities across your entire stack, from package dependencies and secrets exposure to container configurations and Infrastructure as Code (IaC). By integrating real-time threat intelligence from OSV.dev and CISA KEV, it calculates sophisticated risk scores and moves beyond mere reporting by generating actual code patches accompanied by Test-Driven Development (TDD) validation tests to ensure every security fix is effective and production-ready.

Key Features

01IaC and container security analysis for Terraform, CloudFormation, and Docker

02TDD validation scripts for verifying vulnerabilities and their fixes

03Real-time CVE data integration from OSV.dev and CISA KEV

04Full-stack dependency scanning for npm, pip, go, cargo, and gem

053 GitHub stars

06Automated risk scoring based on exploitability, exposure, and criticality

Use Cases

01Hardening cloud infrastructure configurations against common security misalignments

02Performing a comprehensive pre-deployment security audit on microservices

03Identifying and patching zero-day vulnerabilities in open-source libraries

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add cornjebus/security-analyzer security-analyzer

For use in Claude.ai and ChatGPT

Download Skill