security-audit

Scan code for security vulnerabilities and secrets. Detects exposed API keys, passwords, insecure patterns, and common vulnerabilities.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "security-audit" with this command: npx skills add winsorllc/upgraded-carnival/winsorllc-upgraded-carnival-security-audit

Security Audit

Scan code for security vulnerabilities and secrets. Detects exposed API keys, passwords, insecure patterns, and common vulnerabilities.

Setup

No additional setup required.

Usage

Scan for Secrets

{baseDir}/security-audit.js --scan --path /path/to/code

Check for Vulnerabilities

{baseDir}/security-audit.js --vulns --path /path/to/code

Full Audit

{baseDir}/security-audit.js --full --path /path/to/code

Options

Option Description Required

--scan

Scan for secrets No

--vulns

Check for vulnerabilities No

--full

Full security audit No

--path

Path to scan Yes

--output

Output format (json, text) No

Detected Patterns

Secrets

  • AWS keys: AKIA...

  • GitHub tokens: ghp_... , gho_...

  • Generic API keys

  • Private keys (RSA, DSA, EC)

  • Database connection strings

  • JWT tokens

Vulnerabilities

  • SQL injection patterns

  • Command injection patterns

  • Path traversal

  • Hardcoded passwords

  • Weak cryptographic algorithms

  • Insecure random

Output Format

{ "secrets": [ { "file": "config.js", "line": 10, "type": "api_key", "context": "apiKey = '..." } ], "vulnerabilities": [ { "file": "app.js", "line": 25, "type": "sql_injection", "message": "Potential SQL injection" } ] }

When to Use

  • Pre-commit security checks

  • CI/CD security scanning

  • Code review assistance

  • Detecting accidental secret exposure

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

security scanner

No summary provided by upstream source.

Repository SourceNeeds Review
3-winsorllc
Security

git-security

No summary provided by upstream source.

Repository SourceNeeds Review
3-winsorllc
General

vector-memory

No summary provided by upstream source.

Repository SourceNeeds Review
35-winsorllc
General

model-router

No summary provided by upstream source.

Repository SourceNeeds Review
19-winsorllc