SKILL.md

Security Audit Skill

Purpose

Comprehensive security scanning and vulnerability detection. Includes input validation, path traversal prevention, CVE detection, and secure coding pattern enforcement.

When to Trigger

authentication implementation

authorization logic

payment processing

user data handling

API endpoint creation

file upload handling

database queries

external API integration

When to Skip

read-only operations on public data

internal development tooling

static documentation

styling changes

Commands

Full Security Scan

Run comprehensive security analysis on the codebase

npx @claude-flow/cli security scan --depth full

Example:

npx @claude-flow/cli security scan --depth full --output security-report.json

Input Validation Check

Check for input validation issues

npx @claude-flow/cli security scan --check input-validation

Example:

npx @claude-flow/cli security scan --check input-validation --path ./src/api

Path Traversal Check

Check for path traversal vulnerabilities

npx @claude-flow/cli security scan --check path-traversal

SQL Injection Check

Check for SQL injection vulnerabilities

npx @claude-flow/cli security scan --check sql-injection

XSS Check

Check for cross-site scripting vulnerabilities

npx @claude-flow/cli security scan --check xss

CVE Scan

Scan dependencies for known CVEs

npx @claude-flow/cli security cve --scan

Example:

npx @claude-flow/cli security cve --scan --severity high

Security Audit Report

Generate full security audit report

npx @claude-flow/cli security audit --report

Example:

npx @claude-flow/cli security audit --report --format markdown --output SECURITY.md

Threat Modeling

Run threat modeling analysis

npx @claude-flow/cli security threats --analyze

Validate Secrets

Check for hardcoded secrets

npx @claude-flow/cli security validate --check secrets

Scripts

Script

Path

Description

security-scan

.agents/scripts/security-scan.sh

Run full security scan pipeline

cve-remediate

.agents/scripts/cve-remediate.sh

Auto-remediate known CVEs

References

Document

Path

Description

Security Checklist

docs/security-checklist.md

Security review checklist

OWASP Guide

docs/owasp-top10.md

OWASP Top 10 mitigation guide

Best Practices

Check memory for existing patterns before starting

Use hierarchical topology for coordination

Store successful patterns after completion

Document any new learnings

security-audit

SKILL.md

Security Audit Skill

Purpose

When to Trigger

When to Skip

Commands

Full Security Scan

Input Validation Check

Path Traversal Check

SQL Injection Check

XSS Check

CVE Scan

Security Audit Report

Threat Modeling

Validate Secrets

Scripts

References

Best Practices

Stop writing automation&scrapers

security-audit

SKILL.md

Security Audit Skill

Purpose

When to Trigger

When to Skip

Commands

Full Security Scan

Input Validation Check

Path Traversal Check

SQL Injection Check

XSS Check

CVE Scan

Security Audit Report

Threat Modeling

Validate Secrets

Scripts

References

Best Practices

Let your agent run on any real-world website

Related skills

Stop writing automation&scrapers