Security Audit

关于

The Security Audit skill provides a comprehensive framework for evaluating the security posture of your software projects within Claude Code. It automates the detection of OWASP Top 10 vulnerabilities, scans for hardcoded secrets, audits dependencies for known CVEs, and reviews API security patterns. By integrating severity classification and automated task management through the pokayokay plugin, it helps developers transition from identifying risks to implementing fixes efficiently during pull requests, refactors, or pre-deployment checks.

主要功能

• Automated OWASP Top 10 vulnerability scanning for injection and XSS
• 2 GitHub stars
• Dependency auditing for Node.js (npm) and Python (pip) ecosystems
• API security evaluation including authentication and rate-limiting
• Sensitive data and secret detection in source code and configurations
• Severity-based risk classification with automated task generation

使用场景

• Hardening cloud infrastructure and API configurations before production deployment
• Reviewing new features or pull requests for security flaws before merging
• Performing periodic dependency audits to identify and patch known CVEs