security-audit

Systematic security review for application code, dependencies, and configuration.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "security-audit" with this command: npx skills add maxmiksa/auto-company/maxmiksa-auto-company-security-audit

Security Audit

Systematic security review for application code, dependencies, and configuration.

Not a replacement for professional penetration testing. Identifies common vulnerabilities within scope of code review.

Audit Types

Type Focus When to Use

Code Review OWASP Top 10, injection, auth New features, PRs, suspicious code

Dependency CVEs, outdated packages Before deploy, periodic, CI/CD

Configuration Secrets, permissions, hardening Infrastructure changes, new envs

Architecture Attack surface, data flow Design phase, major refactors

API Security Auth, authz, rate limiting New endpoints, public APIs

When NOT to Use

  • Designing new auth flows — Use api-design for designing OAuth2/JWT endpoints from scratch

  • Performance issues — Use performance-optimization even if caused by auth overhead

  • CI/CD pipeline security — Use ci-cd for pipeline hardening (secret management, permissions)

Key Principles

  • Scope first — Define audit area, depth, and constraints before scanning

  • Classify severity — Critical (24-48h), High (1 week), Medium (2-4 weeks), Low (backlog)

  • Remediate or track — Fix critical issues immediately, create ohno tasks for the rest

  • No secrets in code — Scan for hardcoded credentials, API keys, connection strings

Quick Start Checklist

  • Define audit scope and type (code, dependency, config, architecture, API)

  • Run automated scans (npm audit, grep patterns, secret detection)

  • Review findings and classify severity using decision tree in references

  • Remediate critical/high findings immediately

  • Create ohno tasks for medium/low findings with appropriate priority

  • Document findings in audit report

References

Reference Description

owasp-top-10.md OWASP vulnerabilities with detection and fixes

dependency-security.md npm audit, pip-audit, Snyk, CI/CD integration

auth-patterns.md Secure authentication and authorization patterns

api-security.md API-specific security concerns

secrets-management.md Handling sensitive configuration

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Codex Review

Three-tier code quality defense: L1 quick scan, L2 deep audit (via bug-audit), L3 cross-validation with adversarial testing. 三级代码质量防线。

Registry SourceRecently Updated
1650Profile unavailable
Security

Bug Audit

Comprehensive bug audit for Node.js web projects. Activate when user asks to audit, review, check bugs, find vulnerabilities, or do security/quality review o...

Registry SourceRecently Updated
2520Profile unavailable
Security

security-audit

No summary provided by upstream source.

Repository SourceNeeds Review
211-sickn33
Security

security-audit

No summary provided by upstream source.

Repository SourceNeeds Review
63-netresearch