General-purpose application security auditing across Python, TypeScript, Go, and Rust. TRIGGER when: user asks for a security audit, vulnerability assessment, threat modeling, code security review, OWASP analysis, variant analysis, or asks about injection, XSS, SSRF, path traversal, deserialization, or crypto misuse in application code. DO NOT TRIGGER when: working with .sol files, smart contracts, or Solidity audits (use solidity-audit); when reviewing code for general quality without security focus (use code-review); when auditing dependencies only (use dependency-auditor).
This listing is imported from SkillsMP metadata and should be treated as untrusted until upstream source review is completed.
Install skill "security-audit" with this command: npx skills add DROOdotFOO/skillsmp-droodotfoo-droodotfoo-security-audit
This source entry does not include full markdown content beyond metadata.
This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.
Related by shared tags or category signals.
Structured code review with blast radius analysis, security scanning, quality scoring, and a 30+ item checklist. TRIGGER when: user asks to review a PR, diff, changeset, or code for quality/security/breaking changes; user runs /review or /code-review; reviewing staged or committed changes. DO NOT TRIGGER when: writing new code from scratch, refactoring without review context, general debugging.
Property-based and generative testing across the polyglot stack. TRIGGER when: user asks about property-based testing, generative testing, QuickCheck, Hypothesis, proptest, StreamData, fast-check, fuzzing test inputs, or finding edge cases that example tests miss. DO NOT TRIGGER when: user asks about TDD workflow (use tdd), mutation testing (use tdd), load testing (use performance-profiler), or security fuzzing (use security-audit).
Solidity development standards and security auditing. TRIGGER when: working with .sol files, foundry.toml, hardhat.config.*, smart contract auditing, security review, or vulnerability analysis. Covers Foundry-first development patterns, vulnerability taxonomies, and audit methodology. DO NOT TRIGGER when: general Ethereum tooling/ecosystem questions (use ethskills skill), or Noir/ZK circuits (use noir skill).
Automated tech debt scanning, classification, and cost-of-delay prioritization. TRIGGER when: user asks to find tech debt, audit code quality, prioritize refactoring, track debt trends, or assess code health; user runs /tech-debt or /debt-scan. DO NOT TRIGGER when: writing new features, doing code review (use code-review skill), debugging specific bugs.