Can I target specific files or folders?

Absolutely. You can provide specific file paths or directory names as arguments to limit the scope of the security audit.

How does the skill help fix security issues?

Every identified vulnerability in the report includes remediation guidance and code examples to help you implement the correct security controls.

Can I audit only my current changes before committing?

Yes, you can use the --staged flag to perform a security audit specifically on code changes currently staged in your Git repository.

What security standards does this audit skill follow?

The skill focuses on identifying vulnerabilities listed in the OWASP Top 10 and Common Weakness Enumerations (CWE), as well as general security anti-patterns.

Does it support Pull Request reviews?

Yes, by using the --pr argument, the skill audits the diff between your current branch and the main branch to ensure no new vulnerabilities are introduced.

Security Auditor

Name: Security Auditor
Author: melodic-software

bymelodic-software

•

安全与测试

Conducts comprehensive security audits on source code to identify vulnerabilities based on OWASP Top 10 and CWE standards.

The Security Audit skill empowers developers to proactively secure their codebase by identifying critical vulnerabilities, including OWASP Top 10 risks and Common Weakness Enumerations (CWE). By analyzing current directories, specific files, staged Git changes, or pull requests, it provides a detailed, structured report featuring severity assessments and actionable remediation guidance with code examples. This tool ensures that security is integrated early in the development lifecycle, helping teams maintain robust and resilient applications through automated, AI-driven analysis.

主要功能

01Automated OWASP Top 10 and CWE vulnerability scanning

02Structured reporting with Critical, High, Medium, and Low severity counts

03Auditing for staged Git changes and active Pull Requests

04Actionable remediation guidance including code examples for fixes

05Identification of positive security controls and best practices

0638 GitHub stars

使用场景

01Pre-commit security checks to prevent vulnerabilities from reaching the repository

02Automated security reviews of Pull Requests before merging into production

03Regular compliance audits to identify legacy security anti-patterns

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add melodic-software/claude-code-plugins audit

For use in Claude.ai and ChatGPT

Download Skill