Detects code risks and security issues during review, risk scanning, or code evaluation. Writes findings to risks.md with impact level and file:line references.
From vibenpx claudepluginhub dukesmith0/vibe-frameworkThis skill uses the workspace's default tool permissions.
Scan using Grep with these patterns. Tag each finding with impact level and file:line.
Language-agnostic (all projects):
(api_key|password|secret|token|private_key)\s*=\s*["'][^"']+["'].env files committed to git (check .gitignore)JavaScript/TypeScript:
eval(), new Function()innerHTML, dangerouslySetInnerHTMLreq.params, req.query, req.bodyconsole.log in production code (not in debug/ or test files)Python:
exec(), eval()cursor.execute with string formatting (SQL injection)except: (swallows all errors)print() in production code (not in debug/ or test files)Write findings to risks.md using sequential IDs (#R1, #R2...). One line per risk, max two lines.
Format: #RN [IMPACT] Description. file:line (found DATE)
Compare against existing risks.md baseline. Report delta: added (list), resolved (list), net change per impact level.
Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.