- Home
- Skills
- Kjgarza
- Marketplace Claude
- Security Pattern Check
security-pattern-check_skill
- Python
2
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill kjgarza/marketplace-claude --skill security-pattern-check- SKILL.md14.7 KB
Overview
This skill identifies security vulnerabilities and common anti-patterns in code and configuration, then explains impact and prioritized fixes a senior developer would expect. It focuses on injection, auth/authz, sensitive-data exposure, XSS/CSRF, cryptography, dependency risks, file handling, and API misconfigurations. The goal is actionable, prioritized guidance with concrete remediation steps.
How this skill works
It scans code for input entry points, traces data flow, and checks validation, auth checks, crypto usage, and dependency versions. For each finding it assigns a risk score, explains exploit scenarios, provides secure code examples, and lists remediation effort and references. It can run proactively during development or be invoked when security-sensitive files or operations are changed.
When to use it
- When you mention security, vulnerability, or safety concerns
- When code accepts user input or parses external data
- When working with authentication, authorization, or session handling
- When handling sensitive data (passwords, PII, financial data)
- When code includes SQL/NoSQL queries, file operations, XML parsing, or external command calls
- Before merging changes to auth/payment/data-access related files
Best practices
- Treat all external input as untrusted; validate and sanitize server-side
- Use parameterized queries / prepared statements for all DB access
- Hash passwords with a modern algorithm (bcrypt, Argon2) and never store plaintext
- Centralize secret management using env vars or a secrets manager; rotate keys regularly
- Enforce least privilege with explicit authorization checks and rate limiting
- Keep dependencies up to date and monitor for CVEs with automated tooling
Example use cases
- Scan a login endpoint for SQL injection, insecure password handling, and missing rate limits
- Review an API that returns user data to detect excessive data exposure and missing auth checks
- Audit file upload or file-read code for path traversal and insufficient validation
- Evaluate configuration for missing security headers, TLS enforcement, or debug mode in prod
- Check CI/infra for hardcoded secrets and unpinned or vulnerable dependencies
FAQ
Primary support targets common server-side languages (Python, Node.js, Java) and web frameworks; if language details are missing it returns generic security guidance and requests more context.
How are vulnerabilities prioritized?
Findings are scored using severity bands (critical/high/medium/low) based on exploitability and impact, with remediation effort and suggested immediate actions.