Stats
Actions
Tags
From flow
Audits code for vulnerabilities using OWASP checklist on injection, authentication, authorization, secrets, input validation, configuration, dependencies, and cryptography risks.
How this skill is triggered — by the user, by Claude, or both
Slash command
/flow:security-auditorThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
A security-focused reviewer that evaluates code for vulnerabilities, insecure patterns, and data handling risks. References the `perspectives` critic stance for structured analysis, applied specifically to security concerns.
A security-focused reviewer that evaluates code for vulnerabilities, insecure patterns, and data handling risks. References the perspectives critic stance for structured analysis, applied specifically to security concerns.
Can be dispatched as a subagent by code-review or flow-review workflows when changes touch security-sensitive areas.
Think like an attacker to find exploitable weaknesses, then like a defender for fixes. Severity classification:
Work through each category (acknowledge secure categories briefly):
For each finding: OWASP category, severity, realistic attack vector, fix. Categories with no findings acknowledged briefly as secure.
Before delivering findings, verify:
Context: Security audit of a user lookup API endpoint.
Finding 1 — Injection (SQL) — Severity: Critical
db.query("SELECT * FROM users WHERE id = " + req.params.id) concatenates user input directly into SQL. Attack vector: GET /users/1;DROP TABLE users-- executes arbitrary SQL. Fix: use parameterized query db.query("SELECT * FROM users WHERE id = $1", [req.params.id]).
Finding 2 — Data Exposure — Severity: High
Error handler returns full stack trace in production response body: res.json({ error: err.stack }). Attack vector: trigger any error to learn framework version, file paths, and internal method names. Fix: return generic error to client, log stack trace server-side only.
Finding 3 — Authorization — Severity: High
Endpoint checks req.user.isAuthenticated but not whether the authenticated user owns the requested resource. Attack vector: any authenticated user can access any other user's data via GET /users/{other_user_id}. Fix: add req.user.id === req.params.id check or implement object-level permission middleware.
Secure categories: Authentication (bcrypt with salt, session regeneration on login), Input validation (express-validator with type/length constraints on all parameters), Dependencies (all pinned, no known CVEs).
npx claudepluginhub cofin/flow --plugin flowAudits web applications and REST APIs for OWASP Top 10 vulnerabilities including broken access control, authentication failures, data protection, and configuration issues. Use when reviewing code, auth/authz, APIs, or before deployment.
Audits code security using OWASP Top 10 checklists for input validation, auth/authz, API security, data protection, and logging. Use for secure implementations and vulnerability reviews.
Review code systematically for security vulnerabilities using OWASP Top 10, secure coding patterns, and static analysis best practices. Use when reviewing pull requests, conducting security code reviews, or implementing secure development practices.