Stats
Actions
Tags
From security
Runs security audits on code, files, directories, staged git changes, or PRs for OWASP Top 10, CWE vulnerabilities, and anti-patterns. Generates structured reports with severity counts, remediation, and positives.
How this skill is triggered — by the user, by Claude, or both
Slash command
/security:auditThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Run a comprehensive security audit on specified code to identify vulnerabilities.
Run a comprehensive security audit on specified code to identify vulnerabilities.
/security:audit # Audit current directory
/security:audit src/ # Audit specific directory
/security:audit --staged # Audit staged git changes
/security:audit --pr # Audit changes in current PR
/security:audit api.py utils.js # Audit specific files
Delegate to the security-auditor agent with the following prompt:
If no arguments provided: "Perform a security audit on the current working directory. Focus on OWASP Top 10 vulnerabilities, CWE weaknesses, and security anti-patterns. Generate a structured security audit report."
If --staged argument:
"Perform a security audit on staged git changes (git diff --staged). Focus on OWASP Top 10 vulnerabilities, CWE weaknesses, and security anti-patterns in the changed code. Generate a structured security audit report."
If --pr argument:
"Perform a security audit on the current PR changes (git diff main...HEAD). Focus on OWASP Top 10 vulnerabilities, CWE weaknesses, and security anti-patterns in the changed code. Generate a structured security audit report."
If files/directory specified: "Perform a security audit on $ARGUMENTS. Focus on OWASP Top 10 vulnerabilities, CWE weaknesses, and security anti-patterns. Generate a structured security audit report."
The security-auditor agent produces a structured report including:
npx claudepluginhub melodic-software/claude-code-plugins --plugin securityPerforms security reviews by starting from a random file, tracing one deep path through imports and data flows, and reporting the single most significant issue or none found.
Performs OWASP-based code security audits on any codebase. Analyzes against ASVS 5.0.0, API Security Top 10 2023, CheatSheet, and WSTG. Outputs a detailed Markdown report.
Performs formal security audit of entire codebase, producing prioritized report (H/M/L) with remediation plan covering SAST, OWASP Top 10/LLM Top 10, SCA, Zero Trust, code quality.