← Back to plugins

security-sweep

Skill by Onome-AJ · 6 stars

Comprehensive security scanner for codebases. Scans for hardcoded secrets (30+ API key formats), injection flaws (SQLi, XSS, command injection, SSRF), authentication issues (JWT misuse, weak password hashing)misconfigurations (CORS, debug mode, insecure TLS, Docker/K8s), dependency risks, AI-specific vulnerabilities (prompt injection, API key exposure, excessive agent permissions), mobile security issues (Android/iOS), and data exposure (PII in logs, weak crypto). Covers OWASP Top 10 (2025), Mobile Top 10 (2024), and LLM Top 10 (2025). Supports Python, JavaScript/TypeScript, Java/Kotlin, Go, Ruby, PHP, C#, Swift, and Dart with framework-aware checks that reduce false positives.

/plugin install security-sweep@claude-community