How do I install security?

Run `npx skills add https://github.com/parcadei/continuous-claude-v3 --skill security` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does security support?

security works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is security free to use?

Yes. security is free to install and use. It is available from the open explainx.ai skill registry published by parcadei.

Where can I read ratings and reviews for security?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

Productivity

security▌

parcadei/continuous-claude-v3 · updated Apr 8, 2026

$npx skills add https://github.com/parcadei/continuous-claude-v3 --skill security

0 commentsdiscussion

summary

Dedicated security analysis for sensitive code.

skill.md

/security - Security Audit Workflow

Dedicated security analysis for sensitive code.

When to Use

"Security audit"
"Check for vulnerabilities"
"Is this secure?"
"Review authentication code"
"Check for injection attacks"
Before handling auth, payments, user data
After adding security-sensitive features

Workflow Overview

┌─────────┐    ┌───────────┐
│  aegis  │───▶│ arbiter  │
│         │    │           │
└─────────┘    └───────────┘
  Security       Verify
  audit          fixes

Agent Sequence

#	Agent	Role	Output
1	aegis	Comprehensive security scan	Vulnerability report
2	arbiter	Verify fixes, run security tests	Verification report

Why Dedicated Security?

The /review workflow focuses on code quality. Security needs:

Specialized vulnerability patterns
Dependency scanning
Secret detection
OWASP Top 10 checks
Authentication/authorization review

Execution

Phase 1: Security Audit

Task(
  subagent_type="aegis",
  prompt="""
  Security audit: [SCOPE]

  Scan for:

  **Injection Attacks:**
  - SQL injection
  - Command injection
  - XSS (Cross-Site Scripting)
  - LDAP injection

  **Authentication/Authorization:**
  - Broken authentication
  - Session management issues
  - Privilege escalation
  - Insecure direct object references

  **Data Protection:**
  - Sensitive data exposure
  - Hardcoded secrets/credentials
  - Insecure cryptography
  - Missing encryption

  **Configuration:**
  - Security misconfigurations
  - Default credentials
  - Verbose error messages
  - Missing security headers

  **Dependencies:**
  - Known vulnerable packages
  - Outdated dependencies
  - Supply chain risks

  Output: Detailed report with:
  - Severity (CRITICAL/HIGH/MEDIUM/LOW)
  - Location (file:line)
  - Description
  - Remediation steps
  """
)

Phase 2: Verification (After Fixes)

Task(
  subagent_type="arbiter",
  prompt="""
  Verify security fixes: [SCOPE]

  Run:
  - Security-focused tests
  - Dependency audit (npm audit, pip audit)
  - Re-check reported vulnerabilities
  - Verify fixes don't introduce regressions

  Output: Verification report
  """
)

Security Scopes

Full Codebase

User: /security
→ Scan entire codebase

Specific Area

User: /security authentication
→ Focus on auth-related code

Single File

User: /security src/api/auth.py
→ Deep dive on one file

Dependencies Only

User: /security --deps
→ Only dependency vulnerabilities

Example

User: /security the payment processing code

Claude: Starting /security audit for payment code...

Phase 1: Security audit...
[Spawns aegis]

┌─────────────────────────────────────────────────────────────┐
│ Security Audit Report                                       │
├─────────────────────────────────────────────────────────────┤
│ Scope: src/services/payment/                                │
│ Files scanned: 12                                           │
│ Lines analyzed: 2,847                                       │
├─────────────────────────────────────────────────────────────┤
│ CRITICAL (1)                                                │
│ ──────────                                                  │
│ [C1] SQL Injection in payment.py:89                         │
│      query = f"SELECT * FROM orders WHERE id = {order_id}"  │
│      Fix: Use parameterized queries                         │
│                                                             │
│ HIGH (2)                                                    │
│ ────────                                                    │
│ [H1] Hardcoded API key in stripe_client.py:12               │
│      STRIPE_KEY = "sk_live_..."                             │
│      Fix: Move to environment variable                      │
│                                                             │
│ [H2] Missing input validation in refund.py:45               │
│      amount = request.json['amount']  # No validation       │
│      Fix: Validate amount is positive number                │
│                                                             │
│ MEDIUM (1)                                                  │
│ ──────────                                                  │
│ [M1] Verbose error messages in error_handler.py:23          │
│      return {"error": str(e)}  # Leaks internal details     │
│      Fix: Return generic message, log details internally    │
│                                                             │
│ LOW (0)                                                     │
│ ───────                                                     │
│ None                                                        │
├─────────────────────────────────────────────────────────────┤
│ Summary: 1 critical, 2 high, 1 medium, 0 low                │
│ Status: BLOCKING - Fix critical issues before release       │
└─────────────────────────────────────────────────────────────┘

Fix the critical and high issues, then run:
/security --verify

After Fixes

User: /security --verify

Claude: Phase 2: Verifying fixes...
[Spawns arbiter]

✅ C1: SQL injection fixed - using parameterized queries
✅ H1: API key moved to environment variable
✅ H2: Input validation added
✅ M1: Error messages sanitized

All security tests passing.
Security audit: PASSED

OWASP Top 10 Coverage

Risk	Checked
A01 Broken Access Control	✅
A02 Cryptographic Failures	✅
A03 Injection	✅
A04 Insecure Design	✅
A05 Security Misconfiguration	✅
A06 Vulnerable Components	✅
A07 Auth Failures	✅
A08 Data Integrity Failures	✅
A09 Logging Failures	✅
A10 SSRF	✅

Flags

--deps: Dependencies only
--verify: Re-run after fixes
--owasp: Explicit OWASP Top 10 report
--secrets: Focus on secret detection

Discussion

Product Hunt–style comments (not star reviews)

No comments yet — start the thread.

general reviews

Ratings

4.8★★★★★44 reviews

★★★★★Hana Rahman· Dec 28, 2024
security has been reliable in day-to-day use. Documentation quality is above average for community skills.
★★★★★Diya Ghosh· Dec 20, 2024
We added security from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
★★★★★Maya Gonzalez· Dec 4, 2024
security fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
★★★★★Aditi Gill· Nov 23, 2024
security has been reliable in day-to-day use. Documentation quality is above average for community skills.
★★★★★Aditi Dixit· Nov 19, 2024
security fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
★★★★★Meera Kim· Nov 11, 2024
Solid pick for teams standardizing on skills: security is focused, and the summary matches what you get after install.
★★★★★Kaira Bansal· Oct 14, 2024
Solid pick for teams standardizing on skills: security is focused, and the summary matches what you get after install.
★★★★★Aditi Sethi· Oct 10, 2024
We added security from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
★★★★★Naina Malhotra· Oct 2, 2024
security has been reliable in day-to-day use. Documentation quality is above average for community skills.
★★★★★Meera Perez· Sep 21, 2024
Keeps context tight: security is the kind of skill you can hand to a new teammate without a long onboarding doc.

showing 1-10 of 44

1 / 5