speckit-security-scan
CommunityComprehensive codebase security audit
Authora2mus
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Identifies common security weaknesses in a codebase and produces actionable remediation guidance so teams can remediate secrets, injection, authentication, and dependency risks before deployment.
Core Features & Use Cases
- Secrets & Credentials Discovery: Detects hardcoded keys, misused environment files, and leaked config values.
- Injection & Input Safety Checks: Flags non-parameterized SQL, unsafe shell usage, and dynamic evaluation patterns.
- XSS/CSRF and Auth Review: Reviews rendering of user input, CSRF protections for state-changing endpoints, and authentication/authorization coverage.
- Rate Limiting & Dependency Audits: Checks for absence of rate limits, payload constraints, and known vulnerable dependencies.
- Severity Classification & Remediation: Classifies findings as CRITICAL/HIGH/MEDIUM/LOW and recommends concrete fixes and testing steps.
- Use Case: Run as a pre-deploy or CI gate to catch secrets, injection points, and vulnerable libraries, and to generate a prioritized remediation plan.
Quick Start
Run the speckit-security-scan on this repository and produce a prioritized list of findings with specific remediation steps.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: speckit-security-scan Download link: https://github.com/a2mus/smart-da3m/archive/main.zip#speckit-security-scan Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.