Claude Skill

utkusen/sast-skills

SAST Skills is a collection of agent skills that turn your AI coder into a SAST scanner for static application security testing within Claude Code.

Overview

Stars678
Forks31
LanguageUnknown
Last pushed2026-04-08
Last synced2026-07-02
View on GitHub

Repository

Ownerutkusen
Repositorysast-skills
Full nameutkusen/sast-skills
Repo ID1,196,248,606

Install this Skill

git clone https://github.com/utkusen/sast-skills.git

Registry

Typecodex_skill
Quality score70/100
Verificationreadme_parsed
Last verified2026-06-07
Platforms
ClaudeCodexCursor
Capabilities
workflowai-securityclaudeclaude-codesast
Detected files
README.md

Summary

A collection of agent skills that transform your AI coder into a SAST scanner, enabling static application security testing directly within Claude Code.

Chinese description

将您的AI编码器转变为SAST扫描器的代理技能集合

Key features

  • Turns Claude Code into a SAST scanner
  • Collection of reusable agent skills
  • Focuses on AI security and code analysis
  • Open-source and community-driven
  • Lightweight integration with existing workflows

Use cases

  • Static analysis of codebases during development
  • Automated security scanning in CI/CD pipelines
  • Enhancing AI coding assistants with security awareness
  • Teaching secure coding practices via agent feedback
  • Rapid vulnerability detection in open-source projects

README excerpt

# LLM SAST Skills A collection of agent skills that turn your LLM coding assistant into a fully functional SAST scanner to find vulnerabilities in your codebase. Works natively with Claude Code, Codex, Opencode, Cursor and any other assistant that supports agent skills. No third-party tools required. Claude Code with Opus model is recommended. But if the cost is a concern, use any IDE and model you trust. ![Process in Claude Code](demo.gif) ## How It Works `CLAUDE.md` (for Claude Code) or `AGENTS.md` (for Opencode and other IDEs) orchestrates the entire assessment workflow automatically. The assessment runs in three steps: 1. **Codebase Analysis** -- The `sast-analysis` skill maps the technology stack, architecture, entry points, data flows, and trust boundaries. It writes its findings to `sast/architecture.md`. 2. **Vulnerability Detection (parallel)** -- All 13 vulnerability detection skills run in parallel as subagents. Each skill follows a two-phase approach: first a recon/discovery phase to find candidate sections, then a verification phase to confirm exploitability. Results are written to `sast/*-results.md`. 3. **Report Generation** -- The `sast-report` skill consolidates all findings into a single `sast/final-report.md`, ranked by severity with full remediation guidance and dynamic test instructions. ## What It Detects | Skill | Vulnerability Class | |---|---| | sast-analysis | Codebase reconnaissance, architecture mapping, threat modeling | | sast-sqli | SQL Injection | | sast-graphql | GraphQL injection | | sast-xss | Cross-Site Scripting (XSS) | | sast-rce | Remote Code Execution (command injection, eval, unsafe deserialization) | | sast-ssrf | Server-Side Request Forgery | | sast-idor | Insecure Direct Object Reference | | sast-xxe | XML External E

Topics

Explore more

Data from GitHub. Synced on 2026-07-02