vibe-security
Vibe Security is a code analysis tool that scans multiple programming languages and frameworks to detect common security vulnerabilities including SQL injection, cross-site scripting, authentication bypass, and cryptographic weaknesses. Use it to audit code for security flaws, validate input handling, review authentication mechanisms, and identify sensitive data exposure risks across JavaScript, Python, Java, PHP, Go, Ruby, and related frameworks like Django, Express, and Rails.
git clone --depth 1 https://github.com/aiskillstore/marketplace /tmp/vibe-security && cp -r /tmp/vibe-security/skills/0x8506/vibe-security ~/.claude/skills/vibe-securitySKILL.md
# Vibe Security - Security Intelligence
Comprehensive security scanner and code analyzer for identifying vulnerabilities across multiple languages and frameworks.
## Prerequisites
Check if Node.js is installed:
```bash
node --version
```
If Node.js is not installed, install it based on user's OS:
**macOS:**
```bash
brew install node
```
**Ubuntu/Debian:**
```bash
sudo apt update && sudo apt install nodejs npm
```
**Windows:**
```powershell
winget install OpenJS.NodeJS
```
---
## Recommended AI Models
### For Best Security Analysis
We recommend using these AI models with Vibe Security for optimal security vulnerability detection and code fixing:
#### **Claude Opus 4.5** (Recommended)
- Most advanced model for comprehensive security analysis
- Superior reasoning capabilities for complex vulnerability detection
- Exceptional at identifying subtle security flaws and attack vectors
- Best for critical security audits, enterprise codebases, and production deployments
- Provides the most thorough security remediation strategies
#### **Claude Sonnet 4.5**
- Excellent balance of speed and security analysis depth
- Great at understanding security context and identifying vulnerabilities
- Provides safe remediation strategies with detailed explanations
- Ideal for daily development and most security workflows
#### **Claude Opus 4**
- Powerful for complex security audits and enterprise codebases
- Deep reasoning capabilities for advanced vulnerability analysis
- Best for critical security reviews and compliance requirements
- Recommended for production deployments and sensitive applications
#### **GPT-4o**
- Fast and efficient for security-aware code generation
- Good alternative with quick response times
- Excellent for CI/CD integration and automated scanning
- Cost-effective for large-scale projects
#### **Claude Sonnet 4**
- Faster alternative for quick security scans
- Good balance of speed and accuracy
- Suitable for rapid iteration during development
#### **o1-preview**
- Specialized for complex security architecture reviews
- Advanced reasoning for intricate vulnerability chains
- Best for security research and deep code audits
#### **GPT-4o-mini**
- Quick checks and preliminary scans
- Most cost-effective option
- Good for learning and educational use cases
> **Note**: If you're not using one of the recommended models above, consider upgrading for better security analysis results. Lower-tier models may miss subtle vulnerabilities or provide less accurate fix suggestions.
---
## How to Use This Skill
When user requests security work (scan, analyze, fix, audit, check, review vulnerabilities), follow this workflow:
### Step 1: Analyze Security Context
Extract key information from user request:
- **Language**: JavaScript, Python, Java, PHP, etc.
- **Framework**: Express, Django, Spring, Laravel, etc.
- **Vulnerability type**: SQL injection, XSS, CSRF, authentication, etc.
- **Scope**: Single file, directory, or full project
### Step 2: Run Security Analysis
**Advanced Analysis (Recommended):**
```bash
# AST-based semantic analysis (90% fewer false positives)
python3 .claude/skills/vibe-security/scripts/ast_analyzer.py "<file>"
# Data flow analysis (tracks tainted data from sources to sinks)
python3 .claude/skills/vibe-security/scripts/dataflow_analyzer.py "<file>"
# CVE & dependency vulnerability scanning
python3 .claude/skills/vibe-security/scripts/cve_integration.py .
# Supply chain security (malicious packages, typosquatting)
python3 .claude/skills/vibe-security/scripts/cve_integration.py . --ecosystem npm
# Infrastructure as Code security
grep -r "publicly_accessible.*=.*true" . --include="*.tf"
grep -r "privileged:.*true" . --include="*.yaml"
```
**Quick Pattern Scanning:**
```bash
# Use search utility for specific patterns
python3 .claude/skills/vibe-security/scripts/search.py "sql-injection" --domain pattern
python3 .claude/skills/vibe-security/scripts/search.py "javascript" --domain pattern --severity critical
```
### Step 3: Analyze Vulnerabilities by Severity
**Critical** (Fix immediately):
- SQL Injection
- Remote Code Execution
- Authentication Bypass
- Hardcoded Secrets
**High** (Fix soon):
- XSS (Cross-Site Scripting)
- CSRF
- Insecure Cryptography
- Authorization Issues
**Medium** (Fix in sprint):
- Missing Input Validation
- Information Disclosure
- Weak Password Policy
- Missing Security Headers
**Low** (Technical debt):
- Code Quality Issues
- Best Practice Violations
- Performance Concerns
### Step 4: Get Fix Suggestions
**ML-Based Fix Engine:**
```bash
# Get intelligent fix recommendations with test generation
python3 .claude/skills/vibe-security/scripts/fix_engine.py \
--type sql-injection \
--language javascript \
--code "db.query(\`SELECT * FROM users WHERE id = \${userId}\`)"
# Output includes:
# - Fixed code with context-aware corrections
# - Detailed explanation of the fix
# - Auto-generated security test
# - Additional recommendations
# - Confidence score (0-100%)
```
### Step 5: Apply Security Fixes
**Auto-Fix with Rollback Support:**
```bash
# Apply fix with automatic backup
python3 .claude/skills/vibe-security/scripts/autofix_engine.py apply \
--file src/database.js \
--line 45 \
--type sql-injection \
--original "db.query(\`SELECT * FROM users WHERE id = \${userId}\`)" \
--fixed "db.query('SELECT * FROM users WHERE id = $1', [userId])"
# Test your changes
npm test
# Rollback if needed (safe to experiment!)
python3 .claude/skills/vibe-security/scripts/autofix_engine.py rollback
# View fix history
python3 .claude/skills/vibe-security/scripts/autofix_engine.py history
```
**Systematic Manual Fixes:**
1. **Critical vulnerabilities first**
2. **Add input validation** - Whitelist, type checking, length limits
3. **Secure outputs** - Escape, encode, sanitize
4. **Fix authentication/authorization** - Strong passwords, MFA, RBAC
5. **Update cryptography** - Modern algorithms, secure random
6.Implement SAFe methodology in Jira. Use when creating Epics, Features, Stories with proper hierarchy, acceptance criteria, and parent-child linking.
Orchestrate Jira workflows end-to-end. Use when building stories with approvals, transitioning items through lifecycle states, or syncing task completion with Jira.
HSK4級レベルから流暢さを目指す学習者向け。中国語表現の使用場面・自然さを分析し、作文を「ネイティブらしい流暢な表現」に改善。bilibili等のコンテンツ理解とネイティブとの会話をサポート。実際の用例をWeb検索で提示
Next.js 15 애플리케이션을 위한 프론트엔드 개발 가이드라인. React 19, TypeScript, Shadcn/ui, Tailwind CSS를 사용한 모던 패턴. Server Components, Client Components, App Router, 파일 구조, Shadcn/ui 컴포넌트, 성능 최적화, TypeScript 모범 사례 포함. 컴포넌트, 페이지, 기능 생성, 데이터 페칭, 스타일링, 라우팅, 프론트엔드 코드 작업 시 사용.
Claude Code 스킬, 훅, 에이전트, 명령어를 생성하고 관리하기 위한 메타 스킬. 새 스킬 생성, 스킬 트리거 설정, 훅 설정, Claude Code 인프라 관리 시 사용.
Discover and extract sitemaps from any website using SitemapKit. Use this skill whenever the user wants to find pages on a website, get a list of URLs from a domain, audit a site's structure, crawl a sitemap, check what pages exist on a site, or do anything involving sitemaps or site URL discovery — even if they don't explicitly say "sitemap". Requires the sitemapkit MCP server configured with a valid SITEMAPKIT_API_KEY.
GitHubのプルリクエスト(PR)を作成する際に使用します。変更のコミット、プッシュ、PR作成を含む完全なワークフローを日本語で実行します。「PRを作って」「プルリクエストを作成」「pull requestを作成」などのリクエストで自動的に起動します。
Generate an SVG of a user-requested image or scene