Security Auditor (L3) FAQs

Question 1

Does this skill automatically fix code vulnerabilities?

Accepted Answer

No, the Security Auditor is designed to identify and report issues only. It provides detailed recommendations and effort estimates so that the developer or coordinator can implement fixes safely.

Question 2

How does the scoring algorithm work?

Accepted Answer

It uses a weighted penalty system where critical issues subtract 2.0 points and high-severity issues subtract 1.0. The score starts at 10 and decreases based on the findings.

Question 3

Can I use this as a standalone security tool?

Accepted Answer

While it can run independently, it is optimized to work as an L3 worker within the ln-620 coordinator pipeline for comprehensive codebase auditing.

Question 4

What vulnerabilities does the Security Auditor detect?

Accepted Answer

The skill scans for five primary categories: hardcoded secrets, SQL injection patterns, XSS vulnerabilities, insecure dependencies with known CVEs, and missing input validation.

Question 5

Is this skill compatible with my tech stack?

Accepted Answer

Yes, it is tech-stack aware. It uses the contextStore to adapt its scanning patterns for languages like TypeScript, Python, Java, PHP, and frameworks like React or Express.

Security Auditor (L3)

关于

主要功能

使用场景

Security Auditor (L3)

关于

主要功能

使用场景