Does it provide actual code fixes?

Yes, every vulnerability report includes a 'Suggested Fix' section with actionable code snippets to replace the insecure implementation.

Can it find exposed API keys and passwords?

Yes, the skill specifically scans for hardcoded secrets, credentials, and tokens that should be managed via environment variables or secret managers.

What vulnerabilities does the Security Scanner detect?

It detects a wide range of issues including SQL injection, XSS, hardcoded secrets, insecure authentication, missing input validation, CSRF, and path traversal.

How are security issues prioritized?

Issues are categorized into three levels: Must-Fix (critical risks like injection), Should-Fix (high-risk vulnerabilities), and Nice-to-Have (medium-risk improvements).

Security Scanner

Name: Security Scanner
Author: lexicalninja

bylexicalninja

Security & Testing

Scans code for critical security vulnerabilities and generates structured remediation reports with actionable fixes.

About

The Security Scanner skill empowers developers to identify and mitigate common security risks like SQL injection, XSS, and hardcoded secrets directly within their workflow. It performs deep analysis of source code to verify input validation, authentication logic, and dependency safety, providing detailed reports that include exact file paths and severity levels. By offering specific, production-ready remediation steps for every detected issue, it helps teams maintain a high security posture and prevent data breaches before code reaches production.

Key Features

Evaluates authentication, authorization, and input validation
Generates production-ready secure code fixes for every issue
0 GitHub stars
Provides structured reports with file paths and line numbers
Detection of SQL injection, XSS, and CSRF vulnerabilities
Scans for hardcoded API keys, tokens, and credentials

Use Cases

Identifying and fixing security debt within legacy codebases
Automating security audits during the pull request and code review process
Verifying the safety of new API endpoints and database query logic

About

Key Features

Evaluates authentication, authorization, and input validation
Generates production-ready secure code fixes for every issue
0 GitHub stars
Provides structured reports with file paths and line numbers
Detection of SQL injection, XSS, and CSRF vulnerabilities
Scans for hardcoded API keys, tokens, and credentials

Use Cases

Identifying and fixing security debt within legacy codebases
Automating security audits during the pull request and code review process
Verifying the safety of new API endpoints and database query logic