intent-solutions-io/performing-security-code-review
010-archive/backups-20251108/skill-structure-cleanup-20251108-073936/plugins/examples/security-agent/skills/security-agent/SKILL.md
This skill enables Claude to conduct a security-focused code review using the security-agent plugin. It analyzes code for potential vulnerabilities like SQL injection, XSS, authentication flaws, and insecure dependencies. Claude uses this skill when the user explicitly requests a security audit, asks for a code review with a focus on security, or mentions security concerns related to code. The security-agent plugin then provides structured security findings with severity ratings, code locations, impact assessments, and remediation guidance.
$ install --global
skillsauthnpx skillsauth add intent-solutions-io/plugins-nixtla performing-security-code-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 3, 2026, 6:12 AM256.9s4 files scanned
SKILL.md
- name:
- performing-security-code-review
- description:
- |
- allowed-tools:
- Read, Write, Edit, Grep, Glob, Bash
- version:
- 1.0.0
Overview
This skill empowers Claude to act as a security expert, identifying and explaining potential vulnerabilities within code. It leverages the security-agent plugin to provide detailed security analysis, helping developers improve the security posture of their applications.
How It Works
- Receiving Request: Claude identifies a user's request for a security review or audit of code.
- Activating Security Agent: Claude invokes the security-agent plugin to analyze the provided code.
- Generating Security Report: The security-agent produces a structured report detailing identified vulnerabilities, their severity, affected code locations, and recommended remediation steps.
When to Use This Skill
This skill activates when you need to:
- Review code for security vulnerabilities.
- Perform a security audit of a codebase.
- Identify potential security risks in a software application.
Examples
Example 1: Identifying SQL Injection Vulnerability
User request: "Please review this database query code for SQL injection vulnerabilities."
The skill will:
- Activate the security-agent plugin to analyze the database query code.
- Generate a report identifying potential SQL injection vulnerabilities, including the vulnerable code snippet, its severity, and suggested remediation, such as using parameterized queries.
Example 2: Checking for Insecure Dependencies
User request: "Can you check this project's dependencies for known security vulnerabilities?"
The skill will:
- Utilize the security-agent plugin to scan the project's dependencies against known vulnerability databases.
- Produce a report listing any vulnerable dependencies, their Common Vulnerabilities and Exposures (CVE) identifiers, and recommendations for updating to secure versions.
Best Practices
- Specificity: Provide the exact code or project you want reviewed.
- Context: Clearly state the security concerns you have regarding the code.
- Iteration: Use the findings to address vulnerabilities and request further reviews.
Integration
This skill integrates with Claude's code understanding capabilities and leverages the security-agent plugin to provide specialized security analysis. It can be used in conjunction with other code analysis tools to provide a comprehensive assessment of code quality and security.
Related Skills
intent-solutions-io/managing-test-environments
testing
VerifiedTrustedCommunity
This skill enables Claude to manage isolated test environments using Docker Compose, Testcontainers, and environment variables. It is used to create consistent, reproducible testing environments for software projects. Claude should use this skill when the user needs to set up a test environment with specific configurations, manage Docker Compose files for test infrastructure, set up programmatic container management with Testcontainers, manage environment variables for tests, or ensure cleanup after tests. Trigger terms include "test environment", "docker compose", "testcontainers", "environment variables", "isolated environment", "env-setup", and "test setup".
6SKILL.mdUpdated Jun 5, 2026
intent-solutions-io/generating-test-doubles
tools
VerifiedTrustedCommunity
This skill uses the test-doubles-generator plugin to automatically create mocks, stubs, spies, and fakes for unit testing. It analyzes dependencies in the code and generates appropriate test doubles based on the chosen testing framework, such as Jest, Sinon, or others. Use this skill when you need to generate test doubles, mocks, stubs, spies, or fakes to isolate units of code during testing. Trigger this skill by requesting test double generation or using the `/gen-doubles` or `/gd` command.
6SKILL.mdUpdated Jun 5, 2026
intent-solutions-io/generating-test-data
tools
VerifiedTrustedCommunity
This skill enables Claude to generate realistic test data for software development. It uses the test-data-generator plugin to create users, products, orders, and custom schemas for comprehensive testing. Use this skill when you need to populate databases, simulate user behavior, or create fixtures for automated tests. Trigger phrases include "generate test data", "create fake users", "populate database", "generate product data", "create test orders", or "generate data based on schema". This skill is especially useful for populating testing environments or creating sample data for demonstrations.
6SKILL.mdUpdated Jun 5, 2026
intent-solutions-io/analyzing-test-coverage
development
VerifiedTrustedCommunity
This skill analyzes code coverage metrics to identify untested code and generate comprehensive coverage reports. It is triggered when the user requests analysis of code coverage, identification of coverage gaps, or generation of coverage reports. The skill is best used to improve code quality by ensuring adequate test coverage and identifying areas for improvement. Use trigger terms like "analyze coverage", "code coverage report", "untested code", or the shortcut "cov".
6SKILL.mdUpdated Jun 5, 2026