← Back to Skills

Security

🌐Community
by parcadei · vlatest · Repository

Identifies and mitigates potential security threats, vulnerabilities, and unauthorized access attempts within digital environments.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add security npx -- -y @trustedskills/security
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "security": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/security"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

This skill, /security, performs dedicated security audits of code to identify and mitigate potential threats, vulnerabilities, and unauthorized access attempts. It utilizes a two-phase workflow involving aegis for initial scanning and arbiter for verification after fixes are implemented. The focus is on specialized vulnerability patterns, dependency scanning, secret detection, and authentication/authorization review – going beyond general code quality checks.

When to use it

This skill is valuable in the following scenarios:

  • Before handling sensitive data like user information or payment details.
  • After adding security-sensitive features to a codebase.
  • When reviewing authentication code for potential vulnerabilities.
  • To check for injection attacks (SQL, Command, XSS, LDAP).
  • As part of a regular security review process.

Key capabilities

  • Comprehensive Security Scanning: Identifies various vulnerability types including injection attacks, broken authentication, and insecure cryptography.
  • Dependency Scanning: Checks for known vulnerable packages and outdated dependencies.
  • Secret Detection: Identifies hardcoded secrets or credentials within the code.
  • OWASP Top 10 Checks: Performs checks aligned with the OWASP Top 10 security risks.
  • Authentication/Authorization Review: Specifically examines authentication and authorization mechanisms for weaknesses.
  • Verification of Fixes: arbiter verifies implemented fixes and ensures they don't introduce regressions.
  • Scoped Analysis: Allows users to specify the scope of the audit (full codebase, specific area, single file, or dependencies only).

Example prompts

  • /security authentication - Focus security review on authentication-related code.
  • /security src/api/auth.py - Perform a deep dive security audit of src/api/auth.py.
  • /security --deps - Check for vulnerabilities in project dependencies only.

Tips & gotchas

  • The skill is designed for sensitive code and provides more specialized analysis than general code review workflows.
  • After implementing fixes, rerun the skill with the same scope to verify the changes using arbiter.
  • Specify a clear scope (e.g., "the payment processing code") for targeted security audits.
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
parcadei
Installs
138
Repository (canonical source) →

🌐 Community

Passed automated security scans.