Stats
Actions
Tags
From code-audit
Analyzes business logic for security flaws such as workflow bypasses, race conditions, and abuse cases. Use when reviewing application logic for exploitable behavior.
How this skill is triggered — by the user, by Claude, or both
Slash command
/code-audit:business-logic-vulnerabilities [path or scope][path or scope]This skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
**Target:** $ARGUMENTS
Target: $ARGUMENTS
If no target path is given above, review the entire codebase.
Analyze business logic for security flaws:
Check for:
Race conditions
Price manipulation
Workflow bypass
Time-based vulnerabilities
Integer overflow/underflow
In the audit report, document a business logic threat model.
A structured finding report with the following for each issue:
Title, Severity (Critical/High/Medium/Low), CWE (if applicable), Evidence (file, function, line ranges), and a short Why it matters.
Exploitability notes and, where safe, a minimal PoC or reproduction steps (no real secrets).
Remediation: precise code-level fix or config change (snippets welcome), plus defense-in-depth guidance.
A summary risk score (0–10) and top 3–5 prioritized fixes that reduce risk fastest.
A checklist diff: which items from the “Check for” list are Pass/Fail/Not Applicable.
Be concrete and cite exact code locations and identifiers.
Prefer minimal, drop-in fix snippets over prose.
Do not invent files or functions that aren’t present; if context is missing, mark as Unable to verify and say what code would prove it.
Write this into a markdown file and place it in the audits/ folder.
Provides CDSS development patterns for drug interaction checking, dose validation, clinical scoring (NEWS2, qSOFA), and alert classification integrated into EMR workflows.
npx claudepluginhub jeremymorgan/code-review-skills --plugin code-audit