NovaCode37
UserProduction-ready Claude Code skills for cybersecurity — secret scanning, SAST, prompt-injection testing, HTTP/JWT/dependency auditing. Zero dependencies.
Categories
Indexed Skills (6)
jwt-inspector
Decode and security-audit a JSON Web Token — flag alg=none, missing/excessive expiry, symmetric-alg confusion risk, missing claims — and attempt an offline HMAC secret crack against a wordlist to detect weak signing keys. Use when the user asks to "decode this JWT", "is this token secure?", "audit a JWT", or "check if this token uses a weak secret".
prompt-injection-tester
Red-team an LLM application against prompt injection and jailbreaks using a curated, categorized payload library and canary-based detection, then produce a resilience score. Use when the user asks to "test my chatbot for prompt injection", "check if my AI app is jailbreakable", "red-team my LLM", "evaluate prompt-injection defenses", or audit a system prompt's guardrails.
sast-lite
Static security analysis for Python source via AST walking — finds command injection, insecure deserialization, eval/exec, weak crypto, SQL injection, disabled TLS verification, hardcoded secrets and more, each tagged with a CWE. Use when the user asks to "audit this code for vulnerabilities", "run a SAST scan", "security review this Python file", or before merging untrusted code.
secret-scanner
Scan a codebase for hardcoded secrets — API keys, tokens, private keys and passwords — using a custom regex + Shannon-entropy engine. Use when the user asks to "find secrets", "check for leaked credentials", "scan for API keys", do a pre-commit secret check, or audit a repo before making it public.
dependency-check
Audit project dependencies for known-vulnerable versions and risky pinning. Parses requirements.txt and package.json, matches a bundled offline advisory DB, optionally queries OSV.dev live, and warns about unpinned versions. Use when the user asks to "check dependencies for vulnerabilities", "audit my requirements.txt / package.json", "scan for vulnerable packages", or "is my dependency tree secure".
http-sec-audit
Audit a website's HTTP security headers and cookie flags — CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP/COEP, version-leaking banners, and Secure/HttpOnly/SameSite cookies. Use when the user asks to "check my site's security headers", "audit HTTP headers", "is my CSP/HSTS configured right", or "scan a URL for header misconfigs".
Bio shown is the top-scored skill's repo description as a fallback — real GitHub bios land in a future update.