Can I run the audit on a specific part of my project?

Yes, by providing arguments to the skill, you can focus the security reviewer agent on specific directories, files, or functional areas.

How are the security findings reported?

Findings are categorized into critical, high, medium, and low severity levels, allowing you to prioritize fixing the most dangerous vulnerabilities first.

Which package managers does the security audit support?

The skill can execute dependency audits for common ecosystems including npm, pip, and cargo, checking for known vulnerabilities in your project's third-party libraries.

Does this skill help with credential management?

Yes, one of the primary steps is scanning the codebase for hardcoded secrets, API keys, and other sensitive credentials that should not be in source control.

Does it check for common web vulnerabilities?

The skill specifically reviews the codebase for OWASP Top 10 vulnerabilities, covering risks like injection, broken access control, and security misconfigurations.

Security Audit

Name: Security Audit
Author: andrehrferreira

byandrehrferreira

0•

安全与测试

Performs comprehensive security assessments by scanning dependencies, identifying hardcoded secrets, and evaluating code against OWASP standards.

The Security Audit skill transforms Claude into a specialized security reviewer capable of conducting deep-dive inspections of your codebase. It automates the detection of vulnerabilities by running dependency audits across various package managers (npm, pip, cargo), scanning for exposed API keys or credentials, and analyzing authentication patterns. By evaluating the code against the OWASP Top 10 and providing findings categorized by severity, this skill helps developers proactively harden their applications and prevent security breaches before deployment.

主要功能

01Deep scanning for hardcoded secrets, API keys, and credentials

02Automated dependency auditing for npm, pip, cargo, and more

03Comprehensive OWASP Top 10 vulnerability assessment

040 GitHub stars

05Review of authentication and authorization implementation patterns

06Severity-categorized reporting (Critical to Low) for prioritized remediation

使用场景

01Performing a pre-deployment security health check for production code

02Auditing third-party libraries for known vulnerabilities and security patches

03Conducting targeted security reviews on authentication and data-handling modules

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add andrehrferreira/claude-net security-audit

For use in Claude.ai and ChatGPT

主要功能

01Deep scanning for hardcoded secrets, API keys, and credentials

02Automated dependency auditing for npm, pip, cargo, and more

03Comprehensive OWASP Top 10 vulnerability assessment

040 GitHub stars

05Review of authentication and authorization implementation patterns

06Severity-categorized reporting (Critical to Low) for prioritized remediation

使用场景

01Performing a pre-deployment security health check for production code

02Auditing third-party libraries for known vulnerabilities and security patches

03Conducting targeted security reviews on authentication and data-handling modules

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add andrehrferreira/claude-net security-audit

For use in Claude.ai and ChatGPT