Which programming languages does this skill support?

This skill currently provides specialized security guidance for Python, JavaScript/TypeScript, and Go.

Does it automatically change my code?

No, it suggests fixes for identified vulnerabilities and asks for your permission before applying them to ensure no functional regressions occur.

Where does the skill save its security reports?

By default, it generates a markdown file named 'security_best_practices_report.md' in your project directory, unless you specify a different location.

How do I trigger a security review?

The skill triggers when you explicitly request a security review, a vulnerability report, or guidance on secure-by-default coding.

Security Best Practices Reviewer

Name: Security Best Practices Reviewer
Author: plurigrid

byplurigrid

•

Security & Testing

Performs language-specific security reviews and provides actionable improvements for Python, JavaScript, and Go projects.

This skill empowers Claude to act as a security auditor by analyzing project frameworks and languages against a curated set of security best practices. It can be used to write secure-by-default code from scratch, passively identify critical vulnerabilities during development, or generate comprehensive, prioritized security reports with clear severity ratings and line-number references. It covers both frontend and backend architectures, offering specific guidance for popular frameworks while providing general security advice for common pitfalls like ID generation and TLS configuration.

Key Features

01Generation of detailed, prioritized security reports with impact statements

02Passive vulnerability detection during the active development workflow

03Guidance on secure resource identification and production-ready TLS patterns

04Framework-specific security audits for Python, JS/TS, and Go

05Automated security fixes with concise explanations of associated risks

068 GitHub stars

Use Cases

01Generating a structured security compliance report for project stakeholders

02Auditing a legacy codebase for common vulnerabilities before a production release

03Bootstrapping a new web project using secure-by-default coding patterns

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add plurigrid/asi security-best-practices

For use in Claude.ai and ChatGPT

Download Skill