What tools does the Security skill use for scanning?

The skill utilizes industry-standard tools including Bandit for Python code analysis, Semgrep for pattern matching, and pip-audit or safety for dependency checking.

Is this skill specific to Python projects?

While it includes specific support for Python tools like Bandit and uv, the security principles and checklist items are applicable to a wide range of software projects.

How does it handle secret management?

It provides workflows for encrypting secrets and ensures pre-commit checks are in place to prevent secrets from being pushed to version control.

Does this skill help with OWASP compliance?

Yes, it includes specific considerations and checklists for the OWASP Top 10, covering risks like injection, broken access control, and sensitive data exposure.

Can I use this for GPG and SSH key management?

Absolutely. The skill provides automated workflows to validate your GPG keys, SSH identities, and Git signing configurations.

Security & Compliance Validator

Name: Security & Compliance Validator
Author: williaby

bywilliaby

0•

Security & Testing

Protects applications by automating security audits, vulnerability scanning, and environment compliance checks.

The Security Skill empowers Claude to proactively identify and mitigate risks within your development environment and codebase. It provides a robust framework for validating GPG/SSH keys, scanning for vulnerabilities using tools like Bandit and Semgrep, and auditing dependencies for known security flaws. By integrating OWASP Top 10 considerations directly into the workflow, it helps developers maintain high security standards, manage secrets safely, and ensure that every release meets rigorous compliance requirements.

Key Features

010 GitHub stars

02Secure secret management and encryption workflows

03Automated vulnerability scanning using Bandit and Semgrep

04Comprehensive OWASP Top 10 compliance checklists

05Dependency auditing for known security flaws with pip-audit and safety

06Environment validation for GPG and SSH signing keys

Use Cases

01Scanning Python-based RAG applications for injection risks and sensitive data exposure

02Configuring and verifying Git commit signing and SSH access for secure contributions

03Performing a pre-release security audit to identify and remediate vulnerabilities

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add williaby/image-preprocessing-detector security

For use in Claude.ai and ChatGPT

Download Skill