Does it provide remediation advice?

Yes, the skill generates a detailed report including exact file paths, line numbers, and before-and-after code examples to help you fix identified vulnerabilities.

Where are the security audit reports saved?

Reports are automatically saved to your project directory under /docs/security/ with a unique timestamp to prevent overwriting previous scans.

Can I target specific files or URLs with this command?

The /security-audit command is designed to be interactive and analyzes the current codebase context automatically to ensure no configuration steps are skipped for a thorough audit.

What does the Security Audit skill check for?

It scans for SQL injection, XSS, authentication bypasses, insecure configurations, hardcoded secrets, and OWASP Top 10 compliance issues across your entire codebase.

Why does it check .claude/settings.json before starting?

It ensures your environment has proper file denial rules configured to prevent the AI from accidentally reading sensitive files like credentials or environment variables during the audit.

Security Audit & OWASP Compliance

Name: Security Audit & OWASP Compliance
Author: charlesjones-dev

bycharlesjones-dev

•

セキュリティとテスト

Performs deep security analysis of codebases to identify vulnerabilities, OWASP Top 10 risks, and insecure architectural patterns.

The Security Audit skill acts as a comprehensive security expert within Claude Code, automating the detection of critical vulnerabilities such as SQL injection, cross-site scripting (XSS), and authentication flaws. It proactively validates project configurations, reviews dependency security, and ensures compliance with OWASP Top 10 standards. By providing actionable remediation guidance and detailed markdown reports with line-number accuracy, it helps developers build secure-by-design applications and maintain a robust defensive posture throughout the development lifecycle.

主な機能

01Deep architectural review of authentication, authorization, and session management

02Dependency analysis to identify known vulnerabilities in third-party packages

03Prioritized remediation roadmaps with before-and-after code examples

0429 GitHub stars

05Automated OWASP Top 10 vulnerability scanning and compliance reporting

06Pre-audit security configuration verification to prevent sensitive data leaks

ユースケース

01Auditing new feature implementations for potential injection or business logic flaws

02Generating standardized security audit reports for compliance documentation

03Conducting a full security review before a major production release

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add charlesjones-dev/claude-code-plugins-dev security-audit

For use in Claude.ai and ChatGPT

Download Skill