Stats
Actions
Tags
From utopia-funds-dd
Audits repository security — hardcoded secrets, dependency vulnerabilities, environment variable management, and authentication patterns. Use when the user asks to "check security", "find secrets", "audit dependencies", or "secure my repo". Don't use for code review, deployment, or monitoring.
How this skill is triggered — by the user, by Claude, or both
Slash command
/utopia-funds-dd:security-auditorThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Finds and fixes common security issues in repositories built by solo founders and small teams.
Finds and fixes common security issues in repositories built by solo founders and small teams.
# Check for common secret patterns
grep -rn --include="*.ts" --include="*.tsx" --include="*.js" --include="*.jsx" --include="*.py" --include="*.env" \
-E "(sk-[a-zA-Z0-9]{20,}|api_key\s*=\s*['\"][^'\"]+|password\s*=\s*['\"][^'\"]+|secret\s*=\s*['\"][^'\"]+|AWS_ACCESS_KEY|PRIVATE_KEY)" . \
| grep -v node_modules | grep -v '.env.example' | head -30
If matches found: flag as critical and recommend moving to environment variables.
.env should be in .gitignore (if not: critical).env.example should exist listing all required variables.env files committed to git historyprocess.env. or os.environ usage without defaultsFor Node.js:
npm audit --production 2>/dev/null || echo "npm audit not available"
For Python:
pip-audit 2>/dev/null || echo "pip-audit not available"
Flag: critical and high severity vulnerabilities.
* in production? (flag as warning)## 🔒 Security Audit
### Critical Issues
- {issue}: {location} — {fix}
### Warnings
- {issue}: {location} — {recommendation}
### Good Practices Found
- {practice already in place}
.env + .env.example patternnpx claudepluginhub the-utopia-studio/skills --plugin utopia-funds-ddProvides CDSS development patterns for drug interaction checking, dose validation, clinical scoring (NEWS2, qSOFA), and alert classification integrated into EMR workflows.