Stats
Actions
Tags
From code-audit
Reviews API and infrastructure security configuration, including endpoints, headers, transport, and deployment settings. Use when auditing API or infrastructure hardening.
How this skill is triggered — by the user, by Claude, or both
Slash command
/code-audit:api-and-infrastructure [path or scope][path or scope]This skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
**Target:** $ARGUMENTS
Target: $ARGUMENTS
If no target path is given above, review the entire codebase.
Review API-specific security configurations.
Check for:
CORS configuration
Rate Limiting
API Versioning security
Request size limits
HTTP Security Headers
API key/token management
Error handling
A structured finding report with the following for each issue:
Title, Severity (Critical/High/Medium/Low), CWE (if applicable), Evidence (file, function, line ranges), and a short Why it matters.
Exploitability notes and, where safe, a minimal PoC or reproduction steps (no real secrets).
Remediation: precise code-level fix or config change (snippets welcome), plus defense-in-depth guidance.
A summary risk score (0–10) and top 3–5 prioritized fixes that reduce risk fastest.
A checklist diff: which items from the “Check for” list are Pass/Fail/Not Applicable.
Be concrete and cite exact code locations and identifiers.
Prefer minimal, drop-in fix snippets over prose.
Do not invent files or functions that aren’t present; if context is missing, mark as Unable to verify and say what code would prove it.
Write this into a markdown file and place it in the audits/ folder.
Provides CDSS development patterns for drug interaction checking, dose validation, clinical scoring (NEWS2, qSOFA), and alert classification integrated into EMR workflows.
npx claudepluginhub jeremymorgan/code-review-skills --plugin code-audit