ShaheerKhawaja/productionos-security-audit
codex-skills/productionos-security-audit/SKILL.md
7-domain security hardening audit — OWASP Top 10 2025, MITRE ATT&CK mapping, NIST CSF 2.0 alignment, secret detection, supply chain audit, container security, DevSecOps pipeline. Grounded in 734 cybersecurity skills.
$ install --global
skillsauthnpx skillsauth add ShaheerKhawaja/ProductionOS productionos-security-auditInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 23, 2026, 2:11 AM28.1s1 file scanned
SKILL.md
- name:
- productionos-security-audit
- description:
- 7-domain security hardening audit — OWASP Top 10 2025, MITRE ATT&CK mapping, NIST CSF 2.0 alignment, secret detection, supply chain audit, container security, DevSecOps pipeline. Grounded in 734 cybersecurity skills.
- argument-hint:
- [framework, scope, or repo path]
productionos-security-audit
Use this alias when you want the same workflow through a top-level Codex-safe name without the productionos: namespace.
Overview
Use this as the Codex-first security audit workflow. It is detection-first and evidence-first: find concrete security issues, map them to frameworks, and never cross into exploit behavior.
Source references:
.claude/commands/security-audit.mdagents/security-hardener.md
Inputs
framework:owasp,mitre,nist, orallscope:fullorchanged-files- repository path or current checkout
Codex Workflow
- Resolve scope and prior audit context.
- Audit the codebase across the main security domains:
- access control
- crypto and secrets handling
- injection risk
- security misconfiguration
- dependency and supply-chain risk
- auth/session weaknesses
- logging, monitoring, and SSRF-style outbound risk
- Map every real finding to a framework category where possible.
- Classify severity and explain exploitability and impact.
- End with an actionable posture summary, not just a list of grep hits.
Expected Output
- findings with severity, evidence, and framework mapping
- overall security posture summary
- concrete remediations
Guardrails
- never attempt live exploitation
- never expose secret values in output
- every finding must be backed by file and line evidence
Related Skills
ShaheerKhawaja/writing-plans
tools
VerifiedTrustedCommunity
Implementation planning workflow that turns approved ideas into dependency-aware execution plans.
7SKILL.mdUpdated Apr 23, 2026
ShaheerKhawaja/wiki-rag
development
VerifiedTrustedCommunity
Local RAG and Graph RAG over the SecondBrain wiki vault. Progressive context loading (hot cache -> index -> domain -> entity). Graph traversal via wikilink resolution. Use when agents need cross-project context, when answering questions that span multiple domains, or when building context for planning tasks. Triggers on: "wiki context", "cross-project context", "what do we know about", "check the wiki", "graph context", "/wiki-rag".
7SKILL.mdUpdated Apr 23, 2026
ShaheerKhawaja/ux-genie
devops
VerifiedTrustedCommunity
UX improvement pipeline — creates user stories from UI guidelines, maps user journeys, identifies friction, dispatches fix agents. The user-experience equivalent of /production-upgrade.
7SKILL.mdUpdated Apr 23, 2026
ShaheerKhawaja/tdd
development
VerifiedTrustedCommunity
Test-driven development workflow that writes failing tests first, implements minimally, and refactors safely.
7SKILL.mdUpdated Apr 23, 2026