Does this skill provide fixes for the security issues it finds?

Yes, for every detected pattern, the skill provides a detailed explanation of the risk and a code example of a safe alternative to implement.

Which programming languages and environments are supported?

It provides specific security patterns for JavaScript, TypeScript, Python, and YAML, with specialized checks for GitHub Actions and common web frameworks.

Is this skill a replacement for a professional security audit?

No. While it is highly effective at catching common developer mistakes during the coding process, it should be used as one layer of a defense-in-depth strategy that includes manual audits and penetration testing.

How does the Security Pattern Detector identify risks?

The skill monitors file edits in real-time, matching code against a comprehensive database of dangerous patterns including unsafe eval calls, unsanitized input in SQL, and risky DOM manipulations.

Security Pattern Detector

Name: Security Pattern Detector
Author: anton-abyzov

byanton-abyzov

•

Security & Testing

Identifies and prevents dangerous coding patterns in real-time to ensure application security during the development process.

The security-patterns skill acts as a proactive security auditor within Claude Code, scanning your codebase for critical vulnerabilities like SQL injection, XSS, and command injection as you write. Based on Anthropic's official security guidance, it provides instant warnings and suggests safe code alternatives before dangerous patterns are ever committed to your repository. This skill is essential for teams building production-grade software who need to maintain high security standards and adhere to OWASP best practices without sacrificing development velocity.

Key Features

01Real-time detection of SQL injection and Cross-Site Scripting (XSS) vulnerabilities

02Actionable remediation advice with safe code snippets for every detected risk

03Automatic integration with the Specweave autonomous development framework

0423 GitHub stars

05Identification of unsafe deserialization and dangerous dynamic code execution

06Proactive warnings for command injection in Node.js, Python, and GitHub Actions

Use Cases

01Automating security linting for GitHub Actions workflows and CI/CD configuration files

02Conducting security-focused code reviews and audits on legacy codebases

03Preventing common security vulnerabilities during rapid feature development and prototyping

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add anton-abyzov/specweave security-patterns

For use in Claude.ai and ChatGPT

Download Skill