security-auditor

by zhaono1

security-auditor is a lightweight OWASP-focused skill for code audits, vulnerability triage, secret checks, and structured security reporting with helper scripts and references.

Stars0

Favorites0

Comments0

AddedMar 31, 2026

CategorySecurity Audit

Install Command

npx skills add zhaono1/agent-playbook --skill security-auditor

Curation Score

This skill scores 68/100, which means it is acceptable to list for directory users who want a lightweight security-review aid, but they should expect a mostly checklist-and-grep driven workflow rather than a deeply operational audit system.

68/100

Strengths

Strong triggerability: SKILL.md clearly says to use it for security audits, vulnerability reviews, and OWASP-related requests.
Provides real reusable artifacts: OWASP/checklist/remediation references plus two runnable scripts for secret scanning and audit report generation.
Gives concrete audit starting points with category-based grep commands across OWASP Top 10 areas, reducing guesswork versus a generic prompt.

Cautions

Operational depth is limited: the included scripts are lightweight and one mainly generates a report template rather than performing substantive analysis.
Install/adoption clarity is only moderate: no install command in SKILL.md and little guidance on how to adapt checks beyond generic src/ grep patterns.

Claude Code Security Audit Python Cli Workflow

Overview

Overview of security-auditor skill

What security-auditor does

The security-auditor skill is a focused security review aid for code audits and vulnerability triage. It is built around OWASP Top 10 coverage, lightweight repository checks, and a simple reporting workflow rather than deep automated scanning. If you want an AI assistant to inspect application code for common security weaknesses, suggest likely findings, and structure an audit report, this skill is a practical starting point.

Who should use the security-auditor skill

Best fit readers are developers, security-minded reviewers, tech leads, and agent users who need a fast first-pass audit on an existing codebase. The security-auditor skill is especially useful when you want more structure than a generic “review this code for vulnerabilities” prompt, but do not need a full SAST platform.

Real job-to-be-done

Most users are not looking for a theory lesson on OWASP. They want to answer questions like:

What should I check first in this repo?
Are there obvious auth, secret, injection, or configuration risks?
Can I get findings in a report format I can hand to a team?
What concrete evidence should I gather before calling something a vulnerability?

This skill helps with that workflow.

What makes this skill different

The main differentiator is that security-auditor combines:

activation rules for security-review requests
OWASP-oriented checklists and grep-style inspection patterns
helper scripts for secret finding and report generation
reference files for checklist, OWASP categories, and remediation steps

That makes it more usable than a bare prompt, even though it is still lightweight and analyst-driven.

What it does not replace

This is not a substitute for:

dependency scanners
DAST tools
infrastructure and cloud posture review
manual exploit validation
language-specific secure coding expertise for every stack

Use security-auditor for Security Audit when you need a guided review layer, not a complete security program.

How to Use security-auditor skill

security-auditor install options

If your skills workflow supports GitHub installs, the practical install path is:

npx skills add https://github.com/zhaono1/agent-playbook --skill security-auditor

If you already use the repository locally, review the skill under skills/security-auditor/.

Read these files first

For fastest adoption, read in this order:

SKILL.md
README.md
references/checklist.md
references/owasp.md
references/remediation.md
scripts/find_secrets.py
scripts/security_audit.py

This reading order tells you scope first, then the audit checklist, then remediation expectations, then the helper automation.

What inputs the skill needs

The security-auditor usage quality depends heavily on scope. Give it:

repository path or target files
app type and stack
trust boundaries
sensitive assets
auth model
deployment context
what “done” means for this audit

A weak request is: Audit this repo for security issues.

A stronger request is: Audit the API service in ./backend for OWASP Top 10 issues. Focus on auth, IDOR, secrets exposure, SSRF, and unsafe deserialization. Assume this service handles customer billing data and uses JWT auth. Return findings with severity, file evidence, exploit path, and remediation.

How the skill activates in practice

The repository indicates the skill activates on requests involving:

security audit
vulnerabilities
security review
OWASP-related checks

In practice, be explicit. Mention the target, risk areas, and desired output format so the agent does not stay at a generic advice level.

Turn a rough goal into a better prompt

Use this pattern for better security-auditor guide results:

Scope: which service, folder, or PR
Risk focus: auth, secrets, injection, SSRF, crypto, logging
Evidence standard: cite files, routes, config, or commands
Output: table of findings with severity and fixes
Constraints: no speculative issues without code evidence

Example:
Use security-auditor on ./src and ./config. Check for OWASP Top 10 issues, especially broken access control, hardcoded secrets, weak hashing, and unsafe external requests. For each finding, cite the exact file and code path, explain the impact, and propose the smallest safe fix.

Use the included scripts

The repository includes two practical helpers:

Run the secret scanner:

python scripts/find_secrets.py .

Generate an audit report template:

python scripts/security_audit.py --name "payments-api" --owner "platform-security"

These scripts are simple, but useful. find_secrets.py catches a few common credential patterns. security_audit.py gives you a structured report so findings are easier to hand off.

What the scripts can and cannot do

The secret scanner is intentionally lightweight. It searches text files for a small set of known patterns such as AWS-style keys, Google API keys, and sk- style tokens. It will miss many secret formats and may also flag non-production examples.

The report generator does not perform analysis. It creates a markdown audit skeleton with scope, ownership, threat model, findings, remediation, and evidence sections.

Suggested workflow for a real audit

A practical security-auditor usage flow looks like this:

Define audit scope and critical assets.
Ask the agent to inspect high-risk areas first: auth, routes, config, secrets, outbound calls.
Run scripts/find_secrets.py for a quick credential pass.
Use the checklist in references/checklist.md to avoid obvious omissions.
Map candidate findings to references/owasp.md categories.
Draft remediation using references/remediation.md.
Generate or fill security-audit.md with verified findings only.

This sequence keeps the audit grounded in evidence instead of generic warning lists.

High-value repo patterns to inspect first

This skill is most effective when you point it at likely security hotspots:

route handlers and controllers
auth middleware
config and environment loading
file upload logic
URL fetchers and webhook handlers
serialization and template rendering
dependency manifests
logging and monitoring code

If you ask the skill to review an entire monorepo at once, results usually get shallower.

Best use cases for security-auditor for Security Audit

Use security-auditor for Security Audit when you need:

a first-pass security review before merge or release
a structured audit of a small or medium codebase
an OWASP-oriented review of API or web app logic
evidence-backed findings for engineering follow-up
a lightweight complement to manual review

When ordinary prompting may be enough

If you only need a one-off explanation of a single suspicious function, a normal prompt may be enough. The value of security-auditor appears when you need repeatable coverage, repository guidance, checklists, and a documented report path.

security-auditor skill FAQ

Is security-auditor good for beginners

Yes, with one caveat: beginners benefit from the checklist and OWASP framing, but they still need to verify findings. The skill helps you ask better questions and inspect common failure points, but it does not guarantee exploitability or business impact by itself.

Does the security-auditor skill scan dependencies

Not directly. The references mention dependency vulnerability scanning as part of review, but the included scripts do not perform package audit work. You should pair this skill with ecosystem-native tools such as npm audit, pip-audit, cargo audit, or equivalent scanners.

Is it only for web applications

Mostly, that is the strongest fit. The repository is centered on OWASP Top 10 categories like broken access control, injection, misconfiguration, and SSRF, which are most natural for web apps and APIs. It can still help on adjacent services, but its examples and checks are web-oriented.

How is this different from a generic security prompt

A generic prompt depends on the model to invent a method. The security-auditor skill gives the agent a clearer audit frame, explicit OWASP categories, supporting references, and scripts for common tasks. That reduces setup guesswork and makes outputs more consistent.

When should I not use security-auditor

Skip this skill if you need:

binary analysis
cloud IAM assessment
container hardening review
exploit development
compliance-only documentation without code review
a high-confidence automated scanner replacement

It is also a weak fit for teams expecting deep language-specific static analysis out of the box.

Does security-auditor provide remediation help

Yes, but at a light level. references/remediation.md gives a basic fix flow: reproduce, identify impact, patch, add tests, and document the change. The skill is better at structuring remediation than at providing framework-specific secure code patches for every stack.

How to Improve security-auditor skill

Give sharper scope to security-auditor

The biggest quality lever is scope definition. Tell security-auditor:

which folders matter
what data is sensitive
who can access what
which external systems are trusted
which findings deserve priority

Without this, the skill may default to generic OWASP commentary.

Ask for evidence, not just findings

A better prompt asks for:

exact file paths
code snippets or line references
attack preconditions
realistic impact
confidence level
minimal remediation

This reduces false positives and makes the output usable by engineers.

Use severity and exploitability filters

Not every code smell is worth escalation. Ask the skill to separate:

confirmed vulnerability
likely weakness needing validation
hardening suggestion
non-issue after context review

That keeps your audit report from becoming a noisy list of theoretical concerns.

Pair the skill with repository-native tools

security-auditor install is only the first step. To improve output quality, combine it with:

test suites
dependency audit tools
framework security linters
secret managers and config review
runtime logs or request traces when available

The skill becomes more valuable when it can reason over real project evidence.

Common failure modes

The main failure modes are:

auditing too broad a scope at once
reporting generic OWASP issues without code proof
missing business logic context around authorization
overtrusting the lightweight secret scanner
treating report templates as completed analysis

Most of these are solved by tighter prompts and narrower review targets.

Iterate after the first pass

A good workflow is:

Ask for candidate findings.
Challenge each finding for evidence and exploit path.
Request remediation options with tradeoffs.
Ask for missing test cases.
Re-run on patched files only.

That iterative loop improves precision far more than a single broad audit prompt.

Strengthen prompts with examples of acceptable output

If you want a usable report, say so explicitly. Example:

Use security-auditor to review ./api. Return a table with Severity, OWASP Category, File, Evidence, Impact, Remediation, and Confidence. Only include findings tied to concrete code or config. Add a short "needs manual validation" section for suspicious patterns that are not yet proven.

This usually produces a better audit artifact than simply asking whether the code is secure.

Improve the skill with your own references

If you adopt this skill regularly, the easiest upgrade is to extend its references with:

stack-specific secure coding rules
org-approved severity definitions
remediation examples for your framework
internal review checklists
known risky modules and auth patterns

That turns security-auditor from a general OWASP helper into a workflow that matches your environment.

Ratings & Reviews

No ratings yet

Share your review

0/10000

Latest reviews

Saving...

more skill

supabase-postgres-best-practices

by supabase

supabase-postgres-best-practices is a Supabase Postgres optimization skill for query tuning, indexing, schema design, RLS performance, locking, and connection management.

Database Engineering

Favorites 0GitHub 1.7k

audit-website

by squirrelscan

The audit-website skill uses the squirrel CLI to audit websites and webapps across 230+ rules for SEO, technical, content, performance, security, links, and site health, then returns actionable LLM-ready reports.

UX Audit

Favorites 0GitHub 68

stride-analysis-patterns

by wshobson

stride-analysis-patterns helps agents run a structured STRIDE threat-modeling pass for architectures, APIs, and data flows. Install from the wshobson/agents repo, read the SKILL.md file, and use it to turn system descriptions into categorized threats and control-focused review output.

Threat Modeling

Favorites 0GitHub 32.6k

anti-reversing-techniques

by wshobson

anti-reversing-techniques is a reverse-engineering skill for authorized malware analysis, CTF work, packed binary triage, and security audits. It helps you identify anti-debugging, anti-VM, packing, and obfuscation patterns, then choose a practical analysis workflow using the core skill and advanced reference.

Security Audit

Favorites 0GitHub 32.6k

k8s-security-policies

by wshobson

k8s-security-policies helps teams draft Kubernetes NetworkPolicy, Pod Security Standards labels, and RBAC patterns using repo-backed templates and references for hardening and audit-ready rollout planning.

Security Audit

Favorites 0GitHub 32.6k

secure-linux-web-hosting

by xixu-me

secure-linux-web-hosting helps safely set up or review Linux web hosting with distro-aware routing, SSH hardening, firewall changes, Nginx static or reverse-proxy setup, HTTPS issuance, and validation-first sequencing for Deployment work.

Deployment

Favorites 0GitHub 6

attack-tree-construction

by wshobson

attack-tree-construction helps build structured attack trees for Threat Modeling with clear root goals, AND/OR branches, and testable leaf attacks. Use it to map attack paths, expose defense gaps, and support security review, testing, and mitigation planning.

Threat Modeling

Favorites 0GitHub 32.6k

sast-configuration

by wshobson

The sast-configuration skill helps configure Semgrep, SonarQube, and CodeQL for real SAST workflows. Use it to plan install steps, CI/CD integration, custom rules, quality gates, and false-positive tuning for Security Audit and repo-specific scanning.

Security Audit

Favorites 0GitHub 32.6k

threat-mitigation-mapping

by wshobson

The threat-mitigation-mapping skill helps map identified threats to preventive, detective, and corrective controls across layers, supporting defense-in-depth, remediation planning, and control coverage review.

Threat Modeling

Favorites 0GitHub 32.6k

memory-forensics

by wshobson

memory-forensics skill for RAM capture and dump analysis with Volatility 3. Covers install context, usage workflows, artifact extraction, and incident triage across Windows, Linux, macOS, and VM memory.

Incident Triage

Favorites 0GitHub 32.6k

solidity-security

by wshobson

solidity-security is a focused Solidity audit and secure-coding skill for reviewing reentrancy, access control, unsafe external calls, and remediation patterns. Use it to prepare contracts for Security Audit, improve prompts, and get more structured review output than a generic audit request.

Security Audit

Favorites 0GitHub 32.6k

pci-compliance

by wshobson

Use the pci-compliance skill to guide PCI DSS architecture reviews, scope reduction, gap analysis, and payment data handling decisions. Best for teams designing payment flows, preparing for assessments, or reviewing controls before a compliance review.

Compliance Review

Favorites 0GitHub 32.6k

protocol-reverse-engineering

by wshobson

protocol-reverse-engineering helps agents capture, inspect, and document unknown network protocols using Wireshark, tshark, tcpdump, and MITM workflows. Best for debugging custom client/server traffic, analyzing PCAPs, and mapping message structure, request flow, and field meanings.

Debugging

Favorites 0GitHub 32.6k

binary-analysis-patterns

by wshobson

binary-analysis-patterns is a reverse-engineering skill for interpreting x86-64 disassembly, calling conventions, stack frames, and control flow to support faster binary review and Security Audit work.

Security Audit

Favorites 0GitHub 32.6k

create-colleague

by titanwings

create-colleague turns coworker docs, chats, emails, screenshots, Feishu, and DingTalk data into an editable AI skill with separate work and persona outputs, plus update flows for ongoing refinement.

Skill Authoring

Favorites 0GitHub 747

skill-creator

by anthropics

skill-creator is a Skill Authoring meta-skill for drafting new skills, revising existing SKILL.md files, running evals, comparing variants, and improving trigger descriptions with repository scripts and review tools.

Skill Authoring

Favorites 0GitHub 105.1k