← Back to Skills

Security

🌐Community
by tartinerlabs · vlatest · Repository

Identifies and remediates potential vulnerabilities in code and infrastructure using advanced static analysis and threat modeling.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add tartinerlabs-security npx -- -y @trustedskills/tartinerlabs-security
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "tartinerlabs-security": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/tartinerlabs-security"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

This skill enables an AI agent to perform security audits and identify potential vulnerabilities in code and infrastructure using GitLeaks, a static analysis tool. It scans codebases against predefined rules covering areas like OWASP Top 10 vulnerabilities, hardcoded secrets, authentication issues, insecure dependencies, and data protection concerns. The skill also provides guidance on setting up GitLeaks within a project's pre-commit workflow.

When to use it

  • When performing regular security audits of code repositories.
  • To identify and remediate potential vulnerabilities before deployment.
  • During development to catch security issues early in the process.
  • To ensure compliance with security best practices by scanning for hardcoded secrets or insecure dependencies.

Key capabilities

  • Static Analysis: Scans codebase using predefined rules.
  • Vulnerability Identification: Detects patterns related to OWASP Top 10, hardcoded secrets, authentication issues, insecure dependencies, and data protection concerns.
  • GitLeaks Setup Guidance: Provides instructions for configuring GitLeaks in a project's pre-commit hook (requires Husky + lint-staged).
  • Reporting: Generates reports summarizing findings by severity level (HIGH, MEDIUM) and category.
  • Historical Scan (Optional): Can scan the commit history for vulnerabilities when using the --scan-history flag.

Example prompts

  • "Run a security audit on this repository."
  • "Scan this codebase for hardcoded secrets."
  • "Check for OWASP Top 10 vulnerabilities in src/api/users.ts."
  • "What are the potential data protection issues in my project?"

Tips & gotchas

  • This skill assumes GitLeaks is already installed on the system.
  • The workflow relies on Husky and lint-staged for pre-commit hooks (primarily applicable to JavaScript/TypeScript projects).
  • To perform a historical scan, you must explicitly pass the --scan-history flag during execution.
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
tartinerlabs
Installs
52
Repository (canonical source) →

🌐 Community

Passed automated security scans.