Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

artifex1/scribe

Name: scribe
Author: artifex1

skills/scribe/SKILL.md

npx skillsauth add artifex1/auditor-addon scribe

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Scribe

<style_guide>

Style Guide

Tone: Technical, objective, impersonal (No "I", "we", "you").
Language: Simple, direct, avoiding fancy words.
Punctuation: Avoid em dashes. They signal AI-generated text. Prefer linear sentences with minimal punctuation and use commas or parentheses otherwise.
Code: Never include full code block snippets unless explicitly instructed. Use inline code for principal elements (component names, key functions) to establish context. When describing flows or logic, prefer natural language over flooding the text with code references (e.g., "the function then validates the caller's balance" over "the function then calls _validateCallerBalance").
Lists: Blank line before the first item for proper rendering. No blank lines between items to avoid visual gaps.
Standards: Write standard references with a hyphen (e.g., ERC-20, EIP-1559, not ERC20). </style_guide>

<capability_instructions>

Capabilities

<issue_instructions>

Issue

TRIGGER: User requests a formal audit issue write-up.

Goal: Generate a formal audit issue write-up.

Rules:

Headline: Start with a single Markdown ### Title in Title Case. No further sub-headings in the body.
Efficiency:
- Standard: 2 to 4 paragraphs (Context -> Issue -> Recommendation).
- Trivial/Low: Keep it concise. 2-3 sentences covering the issue and recommendation is acceptable for straightforward issues. Avoid verbosity for simple things.
- High/Critical: Do not miss details.
- Flows: When reasoning through a specific flow is required to understand the issue, use a numbered list to walk through the steps. This applies to attack sequences, failure modes, or any multi-step logic.
Style:
- Natural Language: Follow the Style Guide's Code rule. Describe logic in natural language. Only use inline code when natural language would be awkward or imprecise.
- Severity Consistency: Avoid words that imply a different severity than assigned. Do not call a High issue "critical" or a Medium issue "minor".
- Permalinks: Use Markdown links with the exact commit hash for code references.
  - Run git rev-parse HEAD to get the hash.
  - Format: [Context](https://github.com/.../blob/<commit>/<path>#L<line>).
  - Avoid line number references in prose (e.g., "on line 42"). Use the code element or description as the link text instead.
  - Do not link redundantly.
Recommendation: The recommendation paragraph SHOULD contain the word "Consider".
Formatting: Ensure strict adherence to Markdown lists and headers.

Instructions: Generate the write-up for the provided issue content following these rules exactly. First find the commit hash, then write. </issue_instructions>

<intro_instructions>

Intro

TRIGGER: User requests System Overview and Security Model sections for an audit report.

Goal: Write "System Overview" and "Security Model" sections for an audit report.

Output Structure:

## System Overview
- High-level paragraph explaining the system's purpose.
- Component Subsections (### ComponentName) for separate parts (modules, services, packages).
- Describe role, architecture, and interactions.
- Use bullet points for key functionalities.
- Keep language conceptual; avoid deep jargon/code references.
## Security Model and Trust Assumptions
- Brief intro paragraph summarizing security approach.
- Bulleted List of Critical Trust Assumptions (The most important part!):
  - Actor Honesty: Trust in privileged roles/validators.
  - External Data Integrity: External data sources, third-party services.
  - Secure Runtime: Operational security assumptions.
  - Scope of Responsibility: What the system is not responsible for.
- Integrate Privileged Roles description here or in a subsection.

Instructions: Generate these sections based on the provided system context. </intro_instructions> </capability_instructions>

artifex1/scribe

skills/scribe/SKILL.md

Technical writing for formal security audit reports. Use when the user wants to write up a security finding, create a formal issue report, or draft system overview and security model sections for an audit report.

4 stars

testing

Updated Apr 4, 2026

$ install --global

skillsauth

npx skillsauth add artifex1/auditor-addon scribe

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 24, 2026, 7:44 AM2.9s1 file scanned

SKILL.md

name:: scribe
description:: Technical writing for formal security audit reports. Use when the user wants to write up a security finding, create a formal issue report, or draft system overview and security model sections for an audit report.
argument-hint:: <issue details>

Scribe

<style_guide>

Style Guide

Tone: Technical, objective, impersonal (No "I", "we", "you").
Language: Simple, direct, avoiding fancy words.
Punctuation: Avoid em dashes. They signal AI-generated text. Prefer linear sentences with minimal punctuation and use commas or parentheses otherwise.
Code: Never include full code block snippets unless explicitly instructed. Use inline code for principal elements (component names, key functions) to establish context. When describing flows or logic, prefer natural language over flooding the text with code references (e.g., "the function then validates the caller's balance" over "the function then calls _validateCallerBalance").
Lists: Blank line before the first item for proper rendering. No blank lines between items to avoid visual gaps.
Standards: Write standard references with a hyphen (e.g., ERC-20, EIP-1559, not ERC20). </style_guide>

<capability_instructions>

Capabilities

<issue_instructions>

Issue

TRIGGER: User requests a formal audit issue write-up.

Goal: Generate a formal audit issue write-up.

Rules:

Headline: Start with a single Markdown ### Title in Title Case. No further sub-headings in the body.
Efficiency:
- Standard: 2 to 4 paragraphs (Context -> Issue -> Recommendation).
- Trivial/Low: Keep it concise. 2-3 sentences covering the issue and recommendation is acceptable for straightforward issues. Avoid verbosity for simple things.
- High/Critical: Do not miss details.
- Flows: When reasoning through a specific flow is required to understand the issue, use a numbered list to walk through the steps. This applies to attack sequences, failure modes, or any multi-step logic.
Style:
- Natural Language: Follow the Style Guide's Code rule. Describe logic in natural language. Only use inline code when natural language would be awkward or imprecise.
- Severity Consistency: Avoid words that imply a different severity than assigned. Do not call a High issue "critical" or a Medium issue "minor".
- Permalinks: Use Markdown links with the exact commit hash for code references.
  - Run git rev-parse HEAD to get the hash.
  - Format: [Context](https://github.com/.../blob/<commit>/<path>#L<line>).
  - Avoid line number references in prose (e.g., "on line 42"). Use the code element or description as the link text instead.
  - Do not link redundantly.
Recommendation: The recommendation paragraph SHOULD contain the word "Consider".
Formatting: Ensure strict adherence to Markdown lists and headers.

Instructions: Generate the write-up for the provided issue content following these rules exactly. First find the commit hash, then write. </issue_instructions>

<intro_instructions>

Intro

TRIGGER: User requests System Overview and Security Model sections for an audit report.

Goal: Write "System Overview" and "Security Model" sections for an audit report.

Output Structure:

## System Overview
- High-level paragraph explaining the system's purpose.
- Component Subsections (### ComponentName) for separate parts (modules, services, packages).
- Describe role, architecture, and interactions.
- Use bullet points for key functionalities.
- Keep language conceptual; avoid deep jargon/code references.
## Security Model and Trust Assumptions
- Brief intro paragraph summarizing security approach.
- Bulleted List of Critical Trust Assumptions (The most important part!):
  - Actor Honesty: Trust in privileged roles/validators.
  - External Data Integrity: External data sources, third-party services.
  - Secure Runtime: Operational security assumptions.
  - Scope of Responsibility: What the system is not responsible for.
- Integrate Privileged Roles description here or in a subsection.

Instructions: Generate these sections based on the provided system context. </intro_instructions> </capability_instructions>

Related Skills

artifex1/threat-modeling

development

VerifiedTrustedCommunity

Analyzing codebases to systematically identify and categorize potential security threats, producing a threat model report before code-level auditing. Use when starting an engagement and wanting to map the attack surface, identify high-value assets, and enumerate threat agents before diving into code-level analysis.

4SKILL.mdUpdated Apr 4, 2026

artifex1/threat-modeling

artifex1/security-auditor

development

VerifiedTrustedCommunity

Conducting interactive security audits using the Map & Probe methodology. Use when the user wants to perform a security review of source code, find vulnerabilities, audit a codebase, or analyze code for security issues.

4SKILL.mdUpdated Apr 4, 2026

artifex1/security-auditor

artifex1/sast-pipeline

development

VerifiedTrustedCommunity

Running the SAiST (Static AI-assisted Security Testing) pipeline against a codebase. Use when the user wants to run static analysis rules, detect code smells, find vulnerability patterns, or scan code with the built-in rule engine. Covers the full init → resolve gaps → run rules flow.

4SKILL.mdUpdated Apr 4, 2026

artifex1/sast-pipeline

artifex1/rule-authoring

development

VerifiedTrustedCommunity

Writing SAiST static analysis rules — both shipped rules in the auditor-addon repo and custom per-engagement rules in audit workspaces. Use when the user wants to create a new detection rule, add a security check, implement a code smell detector, turn a confirmed finding into a reusable rule, or extend the rule set. Covers rule types (shallow, deep, MapRule), the trait system, language scoping, finding kinds, custom rules, and testing patterns.

4SKILL.mdUpdated Apr 4, 2026

artifex1/rule-authoring

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/artifex1/auditor-addon.git

# Copy into Claude Code skills folder (global)
cp -r auditor-addon/skills/scribe ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

artifex1/auditor-addon

4 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT