Does this skill check for OWASP Top 10 vulnerabilities?

Yes, it specifically covers major categories like injection, broken access control, cryptographic failures, and insecure design.

How does it handle third-party dependency risks?

The skill guides you through checking for known vulnerabilities in libraries using tools like npm audit or snyk, and identifies significantly outdated packages.

What kind of output can I expect from a security review?

It provides a systematic report categorizing findings by severity (Critical, High, Medium, Low) along with clear remediation steps and positive security practices.

Is this skill suitable for auditing authentication systems?

Absolutely. It verifies credential management, secure session handling (like HttpOnly and SameSite flags), and the implementation of MFA/2FA.

Can it identify hardcoded secrets in my repository?

Yes, it includes specialized checks to confirm that API keys, secrets, and credentials are not committed to the repository and suggests using environment variables.

Security Audit

Name: Security Audit
Author: s-hiraoku

bys-hiraoku

0•

セキュリティとテスト

Conducts comprehensive security reviews and vulnerability assessments following OWASP standards and industry best practices.

The Security Audit skill provides a structured framework for auditing codebases, focusing on the OWASP Top 10, dependency vulnerabilities, and secure data handling. It helps developers identify critical flaws such as SQL injection, broken access control, and plaintext credential storage while offering actionable remediation steps. Ideal for pre-deployment reviews or periodic security assessments, it ensures that applications meet modern security requirements for authentication, authorization, and secret management.

主な機能

01Secret management checks to prevent credential exposure

02Comprehensive authentication and session management validation

03Automated dependency vulnerability and outdated package scanning

040 GitHub stars

05OWASP Top 10 vulnerability identification and analysis

06Severity-based reporting with clear remediation instructions

ユースケース

01Auditing third-party dependencies for known security vulnerabilities

02Validating that sensitive data handling and storage follow encryption standards

03Performing a comprehensive security review before merging major feature branches

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add s-hiraoku/synapse-a2a security-audit

For use in Claude.ai and ChatGPT

Download Skill