← Back to Skills

Security Guardian

🌐Community
by caomeiyouren · vlatest · Repository

Proactively identifies and mitigates potential security threats using real-time analysis and automated response actions.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add security-guardian npx -- -y @trustedskills/security-guardian
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "security-guardian": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/security-guardian"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

The Security Guardian skill proactively identifies and mitigates potential security threats through real-time analysis and automated response actions. It focuses on detecting vulnerabilities like hardcoded secrets (API keys, tokens, passwords), SQL injection and XSS risks, authorization bypasses, and insecure dependencies within package.json files. This skill is designed to help ensure the security of server-side code and APIs.

When to use it

  • When making changes to servers or APIs, particularly when modifying server/utils/permission.ts.
  • Before deploying applications with sensitive data handling capabilities.
  • During audits of login logic or other critical operations.
  • For reviewing code that involves deletion or updates of sensitive data.
  • To proactively identify and address potential security vulnerabilities in dependencies.

Key capabilities

  • Secrets Scanning: Detects hardcoded API keys, tokens, and passwords.
  • Injection Detection: Identifies SQL injection and XSS risks.
  • Authorization Check: Verifies proper session and role validation for APIs.
  • Dependency Audit: Checks package.json files for insecure packages.
  • Double Auditing: Requires a second review for deletion or sensitive data update operations.

Example prompts

  • "Review this login logic." (The skill will check for secure hashing, rate limiting, and password logging.)
  • "Scan the codebase for hardcoded API keys."
  • "Audit package.json for vulnerable dependencies."

Tips & gotchas

  • For server/API changes, it's mandatory to check calls within server/utils/permission.ts.
  • If the skill is uncertain about a code segment’s security, it will report this so that a human can manually verify.
  • This skill focuses on identifying potential vulnerabilities; manual verification and remediation are often required.
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
caomeiyouren
Installs
30
Repository (canonical source) →

🌐 Community

Passed automated security scans.