Summary
This is a shift-left security workflow that runs SAST, SCA, and secrets detection on your PR diffs before merge. It scans only the changed code (not the entire repo), delegates heavy lifting to specialized ASPM and security reviewer agents, and returns actionable fixes as exact code diffs rather than generic advice. The whole thing is designed to stay under 2 minutes so it doesn't kill your CI pipeline. It's opinionated about blocking P0s like hardcoded secrets and SQL injection, but surfaces lower severity stuff as warnings. If you're tired of security findings showing up in prod because nobody ran Semgrep until Thursday, this automates the boring parts and actually tells you what to fix.
Install to Claude Code
npx -y skills add hoangnguyen0403/agent-skills-standard --skill security-test --agent claude-codeInstalls into .claude/skills of the current project.
Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →Files
SKILL.md
Select a file.
Featured
Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →Categories
First SeenJun 11, 2026
