tokenized2027/security-scanner
claude-code-framework/essential/skills/quality/security-scanner/SKILL.md
Scans code for common security vulnerabilities including hardcoded secrets, SQL injection, XSS, and dependency CVEs. Use when user says "check security", "scan for vulnerabilities", "security review", or mentions security concerns.
development
Updated Apr 16, 2026
$ install --global
skillsauthnpx skillsauth add tokenized2027/claude-initilization-v7 security-scannerInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 3:28 PM4.2s1 file scanned
SKILL.md
- name:
- security-scanner
- description:
- Scans code for common security vulnerabilities including hardcoded secrets, SQL injection, XSS, and dependency CVEs. Use when user says "check security", "scan for vulnerabilities", "security review", or mentions security concerns.
- author:
- Mastering Claude Code
- version:
- 1.0.0
- category:
- quality
Security Scanner
Quick Checks
Hardcoded Secrets
# Search for common secret patterns
grep -r "password\|secret\|api_key\|token" . --exclude-dir=node_modules
# Check for keys in code
grep -r "sk-\|pk-\|AIza" . --exclude-dir=node_modules
SQL Injection Risk
// ❌ Vulnerable
db.query(`SELECT * FROM users WHERE id = ${userId}`)
// ✅ Safe - Use parameterized queries
db.query('SELECT * FROM users WHERE id = ?', [userId])
XSS Risk
// ❌ Vulnerable
<div dangerouslySetInnerHTML={{__html: userInput}} />
// ✅ Safe - Sanitize first
import DOMPurify from 'dompurify'
<div dangerouslySetInnerHTML={{__html: DOMPurify.sanitize(userInput)}} />
Automated Scans
# Check dependencies for CVEs
npm audit
# Fix vulnerabilities
npm audit fix
# Check for secrets
npx secretlint "**/*"
Related Skills
tokenized2027/systematic-debugging
development
VerifiedTrustedCommunity
Methodical debugging using reproducible steps, instrumentation, and root-cause analysis. Use when something is broken and you don't know why. Triggers on "bug", "broken", "not working", "error", "fails intermittently", "regression", "unexpected behavior".
SKILL.mdUpdated Apr 16, 2026
tokenized2027/prompt-engineering
development
VerifiedTrustedCommunity
Optimize prompts for Claude Code agents, API calls, and multi-agent orchestration. Use when writing system prompts, agent instructions, or refining LLM interactions. Triggers on "improve prompt", "write a prompt", "agent instructions", "system prompt", "prompt not working", "LLM output quality".
SKILL.mdUpdated Apr 16, 2026
tokenized2027/brainstorming
tools
VerifiedTrustedCommunity
Structured ideation and design review before any creative or constructive work. Use before building features, components, architecture, dashboards, or automation workflows. Triggers on "plan this", "design this", "brainstorm", "think through", "what should we build", "how should I approach".
SKILL.mdUpdated Apr 16, 2026
tokenized2027/test-scaffold
testing
VerifiedTrustedCommunity
Generates test files for components and functions with setup, basic tests, and mocks. Use when user says "add tests", "create test", "test this component", or mentions testing.
SKILL.mdUpdated Apr 16, 2026