Will it help me find hardcoded passwords or API keys?

Yes, one of its primary functions is scanning for sensitive data exposure, including hardcoded secrets, credentials, and insecure data storage.

Does it automatically apply security fixes?

Yes, beyond identification, the skill can suggest and implement specific security improvements and patches directly to your source code.

What common attack vectors does this skill cover?

It specifically checks for SQL injection, Command injection, Cross-Site Scripting (XSS), LDAP injection, and Template injection, among others.

Can this skill identify vulnerabilities in third-party libraries?

Yes, the Security Auditor performs dependency security assessments to identify known vulnerabilities in the external packages and libraries used by your project.

How does the skill prioritize found issues?

Vulnerabilities are categorized into four severity levels: CRITICAL (immediate risk), HIGH (prompt attention needed), MEDIUM (concern to be addressed), and LOW (best practice violations).

Security Auditor

Name: Security Auditor
Author: ZhiruiFeng

byZhiruiFeng

•

Security & Testing

Reviews source code for vulnerabilities and provides actionable remediation steps to harden applications against cyber threats.

The Security Auditor skill transforms Claude into a specialized security agent capable of performing deep-dive code reviews within your development environment. It systematically scans for critical vulnerabilities like SQL injection, Cross-Site Scripting (XSS), and broken authentication patterns while providing severity-rated reports. By automating the identification of insecure configurations and vulnerable dependencies, this skill helps developers implement defensive coding practices and ensure production-grade security throughout the software development lifecycle.

Key Features

01Automated dependency assessment for known security risks

02Comprehensive vulnerability detection for SQLi, XSS, and injection attacks

03Direct implementation of security patches and hardening configurations

04In-depth analysis of authentication and authorization logic

051 GitHub stars

06Severity-based reporting from Critical to Low risk levels

Use Cases

01Securing API endpoints against unauthorized access and sensitive data leakage

02Identifying and removing hardcoded secrets or insecure default configurations

03Conducting a pre-production security audit to identify and fix exploitable code paths

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add zhiruifeng/localagentcrew security

For use in Claude.ai and ChatGPT

Download Skill