Security scan for injection and crypto risks
java-security-checkskillsetup L1★0
limited-grisaille833/claude-java-plugins ↗What it does
Scan for OWASP security vulnerabilities
Best for
Finding hardcoded secrets, SQL/command injection, weak crypto, insecure deserialization, and Spring Security misconfigs in Java code.
Inputs
- · Java file or class (optional scope)
Outputs
- · Severity-grouped findings (CRITICAL/HIGH/MEDIUM/LOW)
- · Vulnerability category + location
- · Fix code examples
Requires
- · mvn dependency-check:check (optional)
- · mvn spotbugs:check with find-sec-bugs (optional)
Preconditions
Java code accessible; optional: Maven/Gradle for automated checks
Failure modes
- · Requires source code access (not compiled bytecode)
- · False positives on safe reflection/serialization patterns