Security Vulnerability Scanner
Description
Scans code for common security vulnerabilities including OWASP Top 10 issues. Identifies SQL injection, XSS, CSRF, insecure dependencies, and hardcoded secrets.
Code
Skill Code
Check "keyword">for:
1. SQL Injection (string concatenation in queries)
2. XSS (unescaped user input in HTML)
3. CSRF (missing tokens)
4. Hardcoded secrets (API keys, passwords)
5. Insecure dependencies (outdated packages)
6. Path traversal (unsanitized file paths)
7. Insecure deserialization
8. Missing authentication/authorization
Usage Examples
Examples
User: scan src/ "keyword">for security issues Claude: *scans codebase* Found 4 security issues: [CRITICAL] src/db.js:23 - Hardcoded database password [HIGH] src/api/search.js:15 - SQL injection via user input [MEDIUM] src/views/profile.ejs:8 - XSS vulnerability [LOW] package.json - [email protected] has known vulnerability
Installation
Add the following to your CLAUDE.md file (project root or ~/.claude/CLAUDE.md for global):
CLAUDE.md
# Security Vulnerability Scanner Check for: 1. SQL Injection (string concatenation in queries) 2. XSS (unescaped user input in HTML) 3. CSRF (missing tokens) 4. Hardcoded secrets (API keys, passwords) 5. Insecure dependencies (outdated packages) 6. Path traversal (unsanitized file paths) 7. Insecure deserialization 8. Missing authentication/authorization
Comments (0)
No comments yet. Be the first to share your thoughts!
Leave a Comment