← Back to Skills

Security Review 2

🌐Community
by zackkorman · vlatest · Repository

Helps with security, code review as part of implementing security and authentication workflows.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add security-review-2 npx -- -y @trustedskills/security-review-2
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "security-review-2": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/security-review-2"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

This skill enables AI agents to perform comprehensive security reviews of codebases, configurations, and infrastructure. It identifies vulnerabilities, misconfigurations, and potential attack vectors to ensure robust system protection.

When to use it

  • Before deploying new applications or microservices to production environments.
  • During the integration phase when adding third-party libraries or dependencies.
  • To audit cloud infrastructure setups for compliance with security best practices.
  • When preparing code for open-source publication to mitigate external risks.

Key capabilities

  • Scans source code for common vulnerabilities and errors (CVEs).
  • Analyzes configuration files for insecure settings or exposed secrets.
  • Evaluates dependency chains for known malicious packages.
  • Generates detailed reports with remediation steps for identified issues.

Example prompts

  • "Review the attached Python application code for SQL injection vulnerabilities."
  • "Scan this Docker Compose file for security misconfigurations and hardcoded credentials."
  • "Audit the provided NPM package dependencies to identify any known exploits."

Tips & gotchas

Ensure the AI agent has access to all relevant files, including hidden configuration directories. While powerful, the tool may produce false positives; always verify findings against your specific threat model before applying fixes.

View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
zackkorman
Installs
109
Repository (canonical source) →

🌐 Community

Passed automated security scans.