AI Agent Skill HUB

fix

Fix or guide remediation for a specific security finding from the latest scan report

6 stars
byZate
View on GitHubInstallation ↓

Best use case

fix is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Fix or guide remediation for a specific security finding from the latest scan report

Teams using fix should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/fix/SKILL.md --create-dirs "https://raw.githubusercontent.com/Zate/cc-plugins/main/plugins/security/skills/fix/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/fix/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How fix Compares

Feature / AgentfixStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Fix or guide remediation for a specific security finding from the latest scan report

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Security Fix

Remediate one finding from `.security/triaged.json` or `.security/report.md`.

## Step 1: Load Finding

Read `.security/triaged.json`. If it does not exist, tell the user to run `/security:scan` first.

Resolve `$ARGUMENTS` as:

- exact finding ID, e.g. `finding-003`
- CWE plus file/line, e.g. `CWE-89 src/db.py:42`
- if omitted, ask the user to select from CRITICAL/HIGH `TRUE_POSITIVE` findings.

If the finding verdict is `FALSE_POSITIVE`, stop and suggest suppressing it with `/security:scan --suppress <id>`.

## Step 2: Load Remediation Skill

Route by CWE/category:

| CWE/category | Skill |
|--------------|-------|
| CWE-78, CWE-79, CWE-89, injection, XSS | `remediation-injection` |
| CWE-798, CWE-287, CWE-502, auth, authorization, deserialization | `remediation-auth` |
| CWE-327, CWE-330, TLS, crypto, randomness | `remediation-crypto` |
| CWE-22, CWE-489, headers, deployment, config | `remediation-config` |
| Other | `remediation-library` |

Use the selected remediation skill for the fix pattern.

## Step 3: Inspect Minimal Context

Read the affected file around the finding and only nearby helper code needed to make a safe edit. Do not broaden into unrelated security work.

## Step 4: Fix or Dry Run

If `--dry-run` is present, report the proposed change without editing.

Otherwise:

1. Apply the minimal secure change.
2. Preserve existing behavior.
3. Add or adjust focused tests only when the project already has a clear test pattern.
4. Run the narrowest relevant verification command available.

## Step 5: Update User

Report:

- Finding fixed.
- File changed.
- Verification run.
- Recommended follow-up: `/security:scan --diff`.

Related Skills

Example Skill

6
from Zate/cc-plugins

Brief description of what this skill does and the domain expertise it provides.

vulnerability-patterns

6
from Zate/cc-plugins

Index of vulnerability detection pattern skills. Routes to core patterns (universal) and language-specific patterns for security scanning.

vuln-patterns-languages

6
from Zate/cc-plugins

Language-specific vulnerability detection patterns for JavaScript/TypeScript, Python, Go, Java, Ruby, and PHP. Provides regex patterns and grep commands for common security vulnerabilities.

vuln-patterns-core

6
from Zate/cc-plugins

Universal vulnerability detection patterns applicable across all programming languages. Includes hardcoded secrets, SQL/command injection, path traversal, and configuration file patterns.

scan

6
from Zate/cc-plugins

Run a security assessment using deterministic static analysis tools with LLM-powered triage

results

6
from Zate/cc-plugins

View the most recent security scan results without re-running the scan

remediation-library

6
from Zate/cc-plugins

Index of security remediation skills. Routes to specialized skills for injection, cryptography, authentication, and configuration vulnerabilities.

remediation-injection

6
from Zate/cc-plugins

Security fix patterns for injection vulnerabilities (SQL, Command, XSS). Provides language-specific code examples showing vulnerable and secure implementations.

remediation-crypto

6
from Zate/cc-plugins

Security fix patterns for cryptographic vulnerabilities (weak algorithms, insecure randomness, TLS issues). Provides language-specific secure implementations.

remediation-config

6
from Zate/cc-plugins

Security fix patterns for configuration and deployment vulnerabilities (path traversal, debug mode, security headers). Provides language-specific secure implementations.

remediation-auth

6
from Zate/cc-plugins

Security fix patterns for authentication and authorization vulnerabilities (credentials, JWT, deserialization, access control). Provides language-specific secure implementations.

baseline

6
from Zate/cc-plugins

Create or update the project security baseline, profile, suppressions file, and gitignore entries for security scans