Stats
Actions
Tags
From fabrik
Performs security reviews by starting from a random file, tracing one deep path through imports and data flows, and reporting the single most significant issue or none found.
How this skill is triggered — by the user, by Claude, or both
Slash command
/fabrik:security-reviewThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Pick a random starting point by running the bundled script:
Pick a random starting point by running the bundled script:
bash scripts/random-file.sh
The scripts/ directory is part of this skill, not the project repository.
The random entry point is intentional: it forces exploration of parts of the codebase that might otherwise be overlooked. The idea is to run this skill multiple times over the life of a project, each time pulling one thread from a different starting point.
Read the file the script returned. From there, follow one promising path -- a single thread of connections (imports, callers, callees, data flow) that looks like it could harbor a security issue. Go deep on that one path rather than trying to survey everything.
Report exactly one finding -- the single most significant security issue you discovered along the path. Not two, not a list, just one. If nothing concerning was found, say so -- that's a valid outcome. Resist the temptation to pad the report with minor observations or informational notes.
npx claudepluginhub maragudk/fabrik --plugin fabrikRuns security audits on code, files, directories, staged git changes, or PRs for OWASP Top 10, CWE vulnerabilities, and anti-patterns. Generates structured reports with severity counts, remediation, and positives.
Performs systematic security code review for vulnerabilities including injection, XSS, authentication, authorization, and cryptography issues. Reports only high-confidence exploitable findings after tracing data flow and checking framework protections.
Scans local projects for dependency vulnerabilities (SCA), code security patterns (SAST), leaked secrets, auth/crypto flaws, misconfigs, supply chain risks, CI/CD issues. Generates prioritized report with remediation guidance.