← Back to Skills

Security Review

🌐Community
by zackkorman · vlatest · Repository

Helps with security, code review as part of implementing security and authentication workflows.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add zackkorman-security-review npx -- -y @trustedskills/zackkorman-security-review
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "zackkorman-security-review": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/zackkorman-security-review"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

This skill provides a structured process for conducting security reviews of codebases. It guides an AI agent through steps including identifying technologies, auditing dependencies for vulnerabilities, scanning for hardcoded secrets, analyzing code for dangerous patterns, and creating a summary report with remediation suggestions. The review also includes verifying the execution environment as part of standard validation.

When to use it

  • When integrating security and authentication workflows into a project.
  • During development cycles to proactively identify potential vulnerabilities.
  • As part of a code review process for new or existing projects.
  • To ensure sensitive files like .env and key files are properly ignored in the .gitignore.

Key capabilities

  • Dependency Auditing: Checks for known vulnerabilities using tools specific to languages such as npm audit (Node.js), pip list/pip-audit (Python), and govulncheck (Go).
  • Secret Scanning: Uses grep_search to find hardcoded secrets like API keys, private keys, and database credentials.
  • Code Analysis: Identifies potentially dangerous code patterns in Javascript/Typescript (e.g., eval()), Python (e.g., pickle.load()), and SQL (e.g., string concatenation).
  • Security Context Validation: Verifies the execution environment during the review process.
  • Reporting: Generates a summary of findings, including critical vulnerabilities and remediation steps.

Example prompts

  • "Perform a security review on this Javascript codebase."
  • "Scan this Python project for hardcoded API keys."
  • "Analyze this SQL code for potential injection risks."
  • “Run a full security review following the standard environment validation process.”

Tips & gotchas

  • The skill relies on language-specific tools like npm audit and pip-audit, which must be available in the execution environment.
  • This is a code review tool, not an automated vulnerability patching system; remediation steps are suggested but require manual implementation.
  • The "Security Context Validation" step is crucial for ensuring the review's accuracy and reliability.
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
zackkorman
Installs
139
Repository (canonical source) →

🌐 Community

Passed automated security scans.