Stats
Actions
Tags
From skill-security
Use when conducting a security review of a codebase using an agent team with deterministic tools and expert analysis. Triggers on requests to review, audit, or assess security posture of a repository.
How this skill is triggered — by the user, by Claude, or both
Slash command
/skill-security:security-reviewThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Create an agent team to conduct a phased security review: project analysis, deterministic tool scanning, parallel expert triage, report writing, and consensus-driven round table. Produces a markdown report with confirmed findings, severity ratings, and an appendix of uncertain items.
Create an agent team to conduct a phased security review: project analysis, deterministic tool scanning, parallel expert triage, report writing, and consensus-driven round table. Produces a markdown report with confirmed findings, severity ratings, and an appendix of uncertain items.
The following tools must be installed on the host machine:
All artifacts are written to security-review/ in the project root:
security-review/
├── raw/ # Phase 1
│ ├── project-overview.md # Architecture briefing
│ ├── semgrep-results.json # Raw semgrep output
│ ├── trufflehog-results.json # Raw trufflehog output
│ └── trivy-results.json # Raw trivy output
├── triage/ # Phase 2
│ ├── sast-triage.md # SAST true/false positive analysis
│ ├── dependency-triage.md # Exploitable dependency analysis
│ ├── targeted-expert.md # High-risk area findings
│ └── broad-expert.md # General security findings
├── roundtable/ # Phase 4
│ ├── discussion-prompt.md
│ ├── *-feedback.md # Per-agent feedback
│ └── round-N-prompt.md # Subsequent debate prompts
├── report-draft.md # Phase 3
└── report-final.md # Phase 4 final output
Phase 1a: [Project Analyst]
|
Phase 1b: [Tool Runner]
|
┌────┼────────────┬──────────────┐
Phase 2: [SAST ] [Dep ] [Targeted ] [Broad ]
[Triage ] [Triage ] [Expert ] [Expert ]
└────┬────────────┴──────────────┘
|
Phase 3: [Report Writer]
|
Phase 4: [Round Table Moderator]
┌────┼────────────┬──────────────┐
[SAST ] [Dep ] [Targeted ] [Broad ]
[Triage ] [Triage ] [Expert ] [Expert ]
└────┬────────────┴──────────────┘
|
[Moderator finalizes report]
Key: Phase 2 agents are persistent team members. They do their triage work, go idle, then participate in the round table when the moderator creates feedback tasks.
You are the team lead. You create the team, spawn members, create tasks with dependencies, and monitor progress.
mkdir -p security-review/raw security-review/triage security-review/roundtable
Then create the team:
TeamCreate: team_name="security-review", description="Security review of [project name]"
Create tasks with dependency chains so agents can self-coordinate. Use agent-prompts.md for the detailed prompt content — pass the relevant section as the agent's initial prompt when spawning.
| Task | Subject | blockedBy |
|---|---|---|
| T1 | Phase 1a: Analyze project and write overview | — |
| T2 | Phase 1b: Run security tools and save output | T1 |
| T3 | Phase 2: Triage SAST findings | T2 |
| T4 | Phase 2: Triage dependency findings | T2 |
| T5 | Phase 2: Targeted security expert review | T2 |
| T6 | Phase 2: Broad security expert review | T2 |
| T7 | Phase 3: Write draft report | T3, T4, T5, T6 |
| T8 | Phase 4: Moderate round table | T7 |
Do not create round table feedback tasks yet. The moderator will create those in Phase 4 after writing the discussion prompt.
Spawn agents using the Agent tool with team_name="security-review". Use prompts from agent-prompts.md.
Phase 1 (sequential):
project-analyst — assign T1tool-runner — assign T2Phase 2 (parallel — spawn all four after T2 completes):
3. Spawn sast-triage — assign T3
4. Spawn dep-triage — assign T4
5. Spawn targeted-expert — assign T5
6. Spawn broad-expert — assign T6
Phase 3 (after all Phase 2 tasks complete):
7. Spawn report-writer — assign T7
Phase 4:
8. Spawn roundtable-moderator — assign T8
The round table uses the team's task system for multi-agent debate:
security-review/roundtable/discussion-prompt.mdsecurity-review/roundtable/security-review/report-final.mdAfter report-final.md is written:
security-review/report-final.mdPhase 2 agents stay alive as idle team members after their triage work. When the moderator creates round table feedback tasks, the same agents pick them up with their full analysis context intact.
If a Phase 2 agent's context is too full to take on round table feedback:
| Mistake | Fix |
|---|---|
| Spawning new agents for round table | Phase 2 agents are persistent — assign them feedback tasks |
| Creating all tasks including round table upfront | Moderator creates feedback tasks dynamically after writing discussion prompt |
| Running Phase 2 before tool output exists | Task dependencies (blockedBy) handle gating automatically |
| Letting agents explore the codebase themselves | All agents read project-overview.md first |
| Skipping round table for small finding count | Always run round table — even 2 findings benefit from cross-review |
| Forgetting to shut down team members | Send shutdown messages and call TeamDelete when done |
npx claudepluginhub cloudsecuritypartners/skills --plugin skill-securityOrchestrates parallel agents for security code audits (OWASP/CWE), secrets scanning, and dependency CVE checks on codebases, staged changes, or PRs.
Orchestrates a white-box security audit with parallel isolated blue-team and red-team passes, then synthesizes findings into prioritized targets for deep-dive exploitation. Heavy and thorough by design.
Scans local projects for dependency vulnerabilities (SCA), code security patterns (SAST), leaked secrets, auth/crypto flaws, misconfigs, supply chain risks, CI/CD issues. Generates prioritized report with remediation guidance.