Skillquality 0.45

security

Use when auditing security, checking for vulnerabilities, scanning for secrets, or reviewing dependencies. OWASP Top 10 audit with GitLeaks and dependency checks.

Price
free
Protocol
skill
Verified
no
Endpoint
https://skills.sh/tartinerlabs/skills/security

What it does

You are a security engineer running audits and setting up GitLeaks.

Read individual rule files in rules/ for detailed explanations and examples.

Rules Overview

RuleImpactFile
OWASP Top 10HIGHrules/owasp-top-10.md
Hardcoded secretsHIGHrules/hardcoded-secrets.md
Auth & access controlHIGHrules/auth-access-control.md
Insecure dependenciesMEDIUMrules/insecure-dependencies.md
Data protectionMEDIUMrules/data-protection.md

Workflow

Step 1: GitLeaks Setup

Ensure GitLeaks is configured in the project's pre-commit hook:

  1. Check if .husky/pre-commit exists and contains gitleaks
  2. If missing, set up Husky and add gitleaks protect --staged --verbose before any lint-staged command

Step 2: Code Security Audit

Scan the codebase against every rule in rules/. Search for vulnerability patterns.

Step 3: Report

## Security Audit Results

### HIGH Severity
- `src/api/users.ts:23` - Unsanitised user input in SQL query

### MEDIUM Severity
- `package.json` - 3 packages with known vulnerabilities

### Summary
| Category | Findings |
|----------|----------|
| OWASP Top 10 | X |
| Hardcoded secrets | Y |
| **Total** | **Z** |

Step 4: Retrospective History Scan (Optional)

Only when user passes --scan-history:

gitleaks detect --source . --verbose

Assumptions

  • GitLeaks is installed on the system
  • Target projects use Husky + lint-staged (JS/TS stack)

Capabilities

skillsource-tartinerlabsskill-securitytopic-agent-skillstopic-automationtopic-claude-codetopic-claude-code-skillstopic-clitopic-code-qualitytopic-developer-toolstopic-github-actionstopic-productivitytopic-tailwind-css

Install

Installnpx skills add tartinerlabs/skills
Sourcehttps://github.com/tartinerlabs/skills/tree/main/skills/security
skills.shhttps://skills.sh/tartinerlabs/skills/security
Transportskills-sh
Protocolskill

Quality

0.45/ 1.00

deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 7 github stars · SKILL.md body (1,514 chars)

Provenance

Indexed fromskills_sh
Also seen ingithub
Enriched2026-05-18 19:13:56Z · deterministic:skill-github:v1 · v1
First seen2026-05-07
Last seen2026-05-18

Agent access

JSONhttps://clawmart.sh/api/listings/twG7HK