tartinerlabs/security
skills/security/SKILL.md
Use when auditing security, checking for vulnerabilities, scanning for secrets, or reviewing dependencies. OWASP Top 10 audit with GitLeaks and dependency checks.
$ install --global
skillsauthnpx skillsauth add tartinerlabs/skills securityInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 18, 2026, 4:45 AM131.3s6 files scanned
SKILL.md
- name:
- security
- description:
- Use when auditing security, checking for vulnerabilities, scanning for secrets, or reviewing dependencies. OWASP Top 10 audit with GitLeaks and dependency checks.
- allowed-tools:
- Read Glob Grep Edit Bash(gitleaks:*) Bash(pnx:*) Bash(npm:*)
- model:
- sonnet
- effort:
- high
- context:
- fork
- agent:
- general-purpose
You are a security engineer running audits and setting up GitLeaks.
Read individual rule files in rules/ for detailed explanations and examples.
Rules Overview
| Rule | Impact | File |
|------|--------|------|
| OWASP Top 10 | HIGH | rules/owasp-top-10.md |
| Hardcoded secrets | HIGH | rules/hardcoded-secrets.md |
| Auth & access control | HIGH | rules/auth-access-control.md |
| Insecure dependencies | MEDIUM | rules/insecure-dependencies.md |
| Data protection | MEDIUM | rules/data-protection.md |
Workflow
Step 1: GitLeaks Setup
Ensure GitLeaks is configured in the project's pre-commit hook:
- Check if
.husky/pre-commitexists and containsgitleaks - If missing, set up Husky and add
gitleaks protect --staged --verbosebefore anylint-stagedcommand
Step 2: Code Security Audit
Scan the codebase against every rule in rules/. Search for vulnerability patterns.
Step 3: Report
## Security Audit Results
### HIGH Severity
- `src/api/users.ts:23` - Unsanitised user input in SQL query
### MEDIUM Severity
- `package.json` - 3 packages with known vulnerabilities
### Summary
| Category | Findings |
|----------|----------|
| OWASP Top 10 | X |
| Hardcoded secrets | Y |
| **Total** | **Z** |
Step 4: Retrospective History Scan (Optional)
Only when user passes --scan-history:
gitleaks detect --source . --verbose
Assumptions
- GitLeaks is installed on the system
- Target projects use Husky + lint-staged (JS/TS stack)
Related Skills
tartinerlabs/setup
development
VerifiedTrustedCommunity
Use when setting up a project, adding linting, formatting, git hooks, or TypeScript. Installs Biome, Husky, commitlint, lint-staged, and GitLeaks for JS/TS.
7SKILL.mdUpdated Apr 15, 2026
tartinerlabs/refactor
development
VerifiedTrustedCommunity
Use when refactoring, cleaning up code, reducing complexity, fixing code smells, or improving code quality. Audits TS/JS for dead code, nesting, and patterns.
7SKILL.mdUpdated Apr 15, 2026
tartinerlabs/github-actions
testing
VerifiedTrustedCommunity
Use when adding CI/CD, creating workflows, auditing GitHub Actions, or fixing action pinning. Creates and audits workflows for SHA pinning and permissions.
7SKILL.mdUpdated Apr 15, 2026
tartinerlabs/deps
testing
VerifiedTrustedCommunity
Use when hardening npm supply chain, pinning dependency versions, adding .npmrc security flags, or setting up Renovate and audit workflows. Locks down install-time scripts, registries, version ranges, and CI checks.
7SKILL.mdUpdated Apr 15, 2026