Name: security-audit
Author: netresearch

security-audit

Run OWASP Top 10, CWE Top 25, and CVSS v4.0 security audits across PHP/TYPO3, APIs, frontend, IaC, cloud (AWS/Azure/GCP), AI agent configs, and dependencies. Enforce commit policies with a Python guard script that blocks rejected commit messages.

Security Audit Skill

Security audit patterns (OWASP Top 10, CWE Top 25 2025, CVSS v4.0) and GitHub project security checks for any project. Deep automated PHP/TYPO3 code scanning with 80+ checkpoints, 19 reference guides, and PreToolUse warnings.

Compatibility

This is an Agent Skill following the open standard originally developed by Anthropic and released for cross-platform use.

Supported Platforms:

Claude Code (Anthropic)
Cursor
GitHub Copilot
Other skills-compatible AI agents

Skills are portable packages of procedural knowledge that work across any AI agent supporting the Agent Skills specification.

Features

Vulnerability Assessment: XXE injection, SQL injection, XSS, CSRF, command injection, path traversal, file upload vulnerabilities, insecure deserialization, SSRF, type juggling, SSTI, JWT flaws, LDAP injection, email header injection, session fixation
Risk Scoring: CVSS v3.1 and v4.0 scoring methodology, risk matrix assessment, impact and likelihood analysis, prioritization frameworks
Secure Coding: Input validation, output encoding, cryptographic best practices (sodium), session management, authentication patterns, security headers
Standards Compliance: OWASP Top 10, CWE Top 25 (2025), OWASP ASVS v4.0, Proactive Controls — applicable to any project
PHP/TYPO3 Deep Scanning: 80+ automated checkpoints, PHP 8.x security features, framework patterns (TYPO3, Symfony, Laravel)
DevSecOps: CI/CD security pipeline, SAST, dependency scanning, supply chain security, SLSA

Installation

Marketplace (Recommended)

Add the Netresearch marketplace once, then browse and install skills:

# Claude Code
/plugin marketplace add netresearch/claude-code-marketplace

npx (skills.sh)

Install with any Agent Skills-compatible agent:

npx skills add https://github.com/netresearch/security-audit-skill --skill security-audit

Download Release

Download the latest release and extract to your agent's skills directory.

Git Clone

git clone https://github.com/netresearch/security-audit-skill.git

Composer (PHP Projects)

composer require netresearch/security-audit-skill

Requires netresearch/composer-agent-skill-plugin.

npm (Node Projects)

npm install --save-dev \
  @netresearch/agent-skill-coordinator \
  github:netresearch/security-audit-skill

Requires @netresearch/agent-skill-coordinator, which discovers the skill in node_modules and registers it in AGENTS.md via a postinstall hook. For pnpm, also allowlist the coordinator's postinstall:

{
  "pnpm": {
    "onlyBuiltDependencies": ["@netresearch/agent-skill-coordinator"]
  }
}

Usage

This skill is automatically triggered when:

Conducting security assessments
Identifying vulnerabilities (XXE, SQL injection, XSS, CSRF, command injection)
Scoring security risks with CVSS v3.1 or v4.0
Implementing secure coding practices
Auditing PHP applications for security issues
Reviewing code for OWASP Top 10 vulnerabilities
Setting up CI/CD security pipelines

Example queries:

"Audit this code for XXE vulnerabilities"
"Check for SQL injection risks"
"Score this vulnerability using CVSS v4.0"
"Review authentication implementation for security flaws"
"Implement secure XML parsing"
"What security headers should this application set?"

security-audit

Popularity

What's Inside

README

Security Audit Skill

Compatibility

Features

Installation

Marketplace (Recommended)

npx (skills.sh)

Download Release

Git Clone

Composer (PHP Projects)

npm (Node Projects)

Usage

Structure

Confidence

Similar Plugins

owasp-compliance-checker

cyber-neo

fuse-security

ai-security

security-guidance

soundcheck

More by netresearch

jira

agent-rules

php-modernization

git-workflow

context7