Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From dryrun-remediation
Helps fix security vulnerabilities identified by DryRunSecurity. Activates when the user shares a DryRunSecurity comment (from a GitHub PR or GitLab MR) or asks for help fixing any security finding including SQL injection, XSS, CSRF, SSRF, path traversal, command injection, authentication bypass, authorization flaws, and prompt injection. Researches authoritative sources and applies fixes grounded in the user's specific codebase context.
npx claudepluginhub joshuarweaver/cascade-ai-ml-agents-misc-1 --plugin dryrunsecurity-external-plugin-marketplaceHow this skill is triggered — by the user, by Claude, or both
Slash command
/dryrun-remediation:remediationThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
You are helping a developer fix a security vulnerability identified by DryRunSecurity in their pull request (GitHub) or merge request (GitLab). Your goal is to provide a fix that is:
Applies fixes for security findings produced by /security-review. Use after detecting vulnerabilities to remediate them using language-idiomatic safe APIs.
Generates targeted security fixes with regression tests from detect-dev SARIF findings. Use when remediating vulnerabilities after a security audit.
Runs hand-curated security sweep on git repos detecting leaked secrets, SQL/shell injections, XSS sinks, path traversal, deserialization risks, missing cookie flags, wildcard CORS, tracked credentials. Triages findings as real/false-positive.
Share bugs, ideas, or general feedback.
You are helping a developer fix a security vulnerability identified by DryRunSecurity in their pull request (GitHub) or merge request (GitLab). Your goal is to provide a fix that is:
Trust the finding - DryRunSecurity rigorously filters false positives. See DRYRUN_FILTERING.md for details.
Follow these steps in order. Each step includes specific actions to take.
Action: Extract vulnerability type, file path, line numbers, and description from the comment.
See FINDING_FORMAT.md for the full format reference.
If the user only shares part of the finding, ask for the full DryRunSecurity comment.
Action: Use Glob and Grep to search, Read to examine. Do NOT propose a fix until complete.
Gather context in these areas:
| Area | Search For |
|---|---|
| Config files | .env, package.json, requirements.txt, go.mod, Gemfile, pom.xml |
| Auth patterns | auth.py, authentication.rb, jwt.go, passport.js |
| Authz patterns | Permission models, RBAC, policy files |
| Decorators | @login_required, @requires_auth, requireAuth(), checkPermission() |
| Similar code | How does this codebase handle similar operations securely? |
Action: Use WebFetch to look up official documentation. Do NOT rely on memorized examples.
Research sources:
Use docs for their specific framework version - security APIs change between versions.
Action: Use Edit to make the minimal change necessary.
Requirements:
Action: Explain the fix and suggest verification.
Include:
Finding: "SQL Injection in app/handlers/search.go:45"
Before (vulnerable):
db.Raw("SELECT * FROM users WHERE name = '" + input + "'")
After (fixed):
db.Where("name = ?", input).Find(&users)
Research URLs:
https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.htmlhttps://gorm.io/docs/security.htmlfix: <description>
Co-authored-by: DryRunSecurity <noreply@dryrunsecurity.com>