Security Scanner

Comprehensive security analysis for your codebase — detect vulnerabilities, audit dependencies, and enforce security best practices before they reach production.

Features

• Dependency Vulnerability Scan — Checks all packages against CVE databases with severity scoring
• Secret Detection — Finds hardcoded API keys, tokens, and credentials across your entire repo
• OWASP Top 10 Audit — Scans for injection, XSS, CSRF, and other common web vulnerabilities
• Supply Chain Analysis — Evaluates transitive dependency risks and license compliance
• Fix Recommendations — Provides actionable remediation steps with code patches

Quick Start

claude skill install security-scanner

Usage

# Run a full security audit on the current project
/security-scanner audit

# Scan for hardcoded secrets only
/security-scanner secrets --path ./src

How It Works

Performs static analysis on source code and dependency manifests to identify known vulnerabilities and insecure patterns. Cross-references findings with CVE databases and generates prioritized reports. Each finding includes a severity rating, affected code location, and suggested fix.

Compatibility

Works with Claude Code, Codex, Gemini CLI, Cursor, Windsurf, and Aider.