Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

davila7/security-audit

Name: security-audit
Author: davila7

cli-tool/components/skills/security/security-audit/SKILL.md

npx skillsauth add davila7/claude-code-templates security-audit

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Security Auditing Workflow Bundle

Overview

Comprehensive security auditing workflow for web applications, APIs, and infrastructure. This bundle orchestrates skills for penetration testing, vulnerability assessment, security scanning, and remediation.

When to Use This Workflow

Use this workflow when:

Performing security audits on web applications
Testing API security
Conducting penetration tests
Scanning for vulnerabilities
Hardening application security
Compliance security assessments

Workflow Phases

Phase 1: Reconnaissance

Skills to Invoke

scanning-tools - Security scanning
shodan-reconnaissance - Shodan searches
top-web-vulnerabilities - OWASP Top 10

Actions

Identify target scope
Gather intelligence
Map attack surface
Identify technologies
Document findings

Copy-Paste Prompts

Use @scanning-tools to perform initial reconnaissance

Use @shodan-reconnaissance to find exposed services

Phase 2: Vulnerability Scanning

Skills to Invoke

vulnerability-scanner - Vulnerability analysis
security-scanning-security-sast - Static analysis
security-scanning-security-dependencies - Dependency scanning

Actions

Run automated scanners
Perform static analysis
Scan dependencies
Identify misconfigurations
Document vulnerabilities

Copy-Paste Prompts

Use @vulnerability-scanner to scan for OWASP Top 10 vulnerabilities

Use @security-scanning-security-dependencies to audit dependencies

Phase 3: Web Application Testing

Skills to Invoke

top-web-vulnerabilities - OWASP vulnerabilities
sql-injection-testing - SQL injection
xss-html-injection - XSS testing
broken-authentication - Authentication testing
idor-testing - IDOR testing
file-path-traversal - Path traversal
burp-suite-testing - Burp Suite testing

Actions

Test for injection flaws
Test authentication mechanisms
Test session management
Test access controls
Test input validation
Test security headers

Copy-Paste Prompts

Use @sql-injection-testing to test for SQL injection vulnerabilities

Use @xss-html-injection to test for cross-site scripting

Use @broken-authentication to test authentication security

Phase 4: API Security Testing

Skills to Invoke

api-fuzzing-bug-bounty - API fuzzing
api-security-best-practices - API security

Actions

Enumerate API endpoints
Test authentication/authorization
Test rate limiting
Test input validation
Test error handling
Document API vulnerabilities

Copy-Paste Prompts

Use @api-fuzzing-bug-bounty to fuzz API endpoints

Phase 5: Penetration Testing

Skills to Invoke

pentest-commands - Penetration testing commands
pentest-checklist - Pentest planning
ethical-hacking-methodology - Ethical hacking
metasploit-framework - Metasploit

Actions

Plan penetration test
Execute attack scenarios
Exploit vulnerabilities
Document proof of concept
Assess impact

Copy-Paste Prompts

Use @pentest-checklist to plan penetration test

Use @pentest-commands to execute penetration testing

Phase 6: Security Hardening

Skills to Invoke

security-scanning-security-hardening - Security hardening
auth-implementation-patterns - Authentication
api-security-best-practices - API security

Actions

Implement security controls
Configure security headers
Set up authentication
Implement authorization
Configure logging
Apply patches

Copy-Paste Prompts

Use @security-scanning-security-hardening to harden application security

Phase 7: Reporting

Skills to Invoke

reporting-standards - Security reporting

Actions

Document findings
Assess risk levels
Provide remediation steps
Create executive summary
Generate technical report

Security Testing Checklist

OWASP Top 10

[ ] Injection (SQL, NoSQL, OS, LDAP)
[ ] Broken Authentication
[ ] Sensitive Data Exposure
[ ] XML External Entities (XXE)
[ ] Broken Access Control
[ ] Security Misconfiguration
[ ] Cross-Site Scripting (XSS)
[ ] Insecure Deserialization
[ ] Using Components with Known Vulnerabilities
[ ] Insufficient Logging & Monitoring

API Security

[ ] Authentication mechanisms
[ ] Authorization checks
[ ] Rate limiting
[ ] Input validation
[ ] Error handling
[ ] Security headers

Quality Gates

[ ] All planned tests executed
[ ] Vulnerabilities documented
[ ] Proof of concepts captured
[ ] Risk assessments completed
[ ] Remediation steps provided
[ ] Report generated

Related Workflow Bundles

development - Secure development practices
wordpress - WordPress security
cloud-devops - Cloud security
testing-qa - Security testing

davila7/security-audit

cli-tool/components/skills/security/security-audit/SKILL.md

Comprehensive security auditing workflow covering web application testing, API security, penetration testing, vulnerability scanning, and security hardening.

24,615 stars

development

Updated Apr 15, 2026

$ install --global

skillsauth

npx skillsauth add davila7/claude-code-templates security-audit

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 25, 2026, 9:31 PM2.2s1 file scanned

SKILL.md

name:: security-audit
description:: Comprehensive security auditing workflow covering web application testing, API security, penetration testing, vulnerability scanning, and security hardening.
category:: workflow-bundle
risk:: safe
source:: personal
date_added:: 2026-02-27

Security Auditing Workflow Bundle

Overview

When to Use This Workflow

Use this workflow when:

Performing security audits on web applications
Testing API security
Conducting penetration tests
Scanning for vulnerabilities
Hardening application security
Compliance security assessments

Workflow Phases

Phase 1: Reconnaissance

Skills to Invoke

scanning-tools - Security scanning
shodan-reconnaissance - Shodan searches
top-web-vulnerabilities - OWASP Top 10

Actions

Identify target scope
Gather intelligence
Map attack surface
Identify technologies
Document findings

Copy-Paste Prompts

Use @scanning-tools to perform initial reconnaissance

Use @shodan-reconnaissance to find exposed services

Phase 2: Vulnerability Scanning

Skills to Invoke

vulnerability-scanner - Vulnerability analysis
security-scanning-security-sast - Static analysis
security-scanning-security-dependencies - Dependency scanning

Actions

Run automated scanners
Perform static analysis
Scan dependencies
Identify misconfigurations
Document vulnerabilities

Copy-Paste Prompts

Use @vulnerability-scanner to scan for OWASP Top 10 vulnerabilities

Use @security-scanning-security-dependencies to audit dependencies

Phase 3: Web Application Testing

Skills to Invoke

top-web-vulnerabilities - OWASP vulnerabilities
sql-injection-testing - SQL injection
xss-html-injection - XSS testing
broken-authentication - Authentication testing
idor-testing - IDOR testing
file-path-traversal - Path traversal
burp-suite-testing - Burp Suite testing

Actions

Test for injection flaws
Test authentication mechanisms
Test session management
Test access controls
Test input validation
Test security headers

Copy-Paste Prompts

Use @sql-injection-testing to test for SQL injection vulnerabilities

Use @xss-html-injection to test for cross-site scripting

Use @broken-authentication to test authentication security

Phase 4: API Security Testing

Skills to Invoke

api-fuzzing-bug-bounty - API fuzzing
api-security-best-practices - API security

Actions

Enumerate API endpoints
Test authentication/authorization
Test rate limiting
Test input validation
Test error handling
Document API vulnerabilities

Copy-Paste Prompts

Use @api-fuzzing-bug-bounty to fuzz API endpoints

Phase 5: Penetration Testing

Skills to Invoke

pentest-commands - Penetration testing commands
pentest-checklist - Pentest planning
ethical-hacking-methodology - Ethical hacking
metasploit-framework - Metasploit

Actions

Plan penetration test
Execute attack scenarios
Exploit vulnerabilities
Document proof of concept
Assess impact

Copy-Paste Prompts

Use @pentest-checklist to plan penetration test

Use @pentest-commands to execute penetration testing

Phase 6: Security Hardening

Skills to Invoke

security-scanning-security-hardening - Security hardening
auth-implementation-patterns - Authentication
api-security-best-practices - API security

Actions

Implement security controls
Configure security headers
Set up authentication
Implement authorization
Configure logging
Apply patches

Copy-Paste Prompts

Use @security-scanning-security-hardening to harden application security

Phase 7: Reporting

Skills to Invoke

reporting-standards - Security reporting

Actions

Document findings
Assess risk levels
Provide remediation steps
Create executive summary
Generate technical report

Security Testing Checklist

OWASP Top 10

[ ] Injection (SQL, NoSQL, OS, LDAP)
[ ] Broken Authentication
[ ] Sensitive Data Exposure
[ ] XML External Entities (XXE)
[ ] Broken Access Control
[ ] Security Misconfiguration
[ ] Cross-Site Scripting (XSS)
[ ] Insecure Deserialization
[ ] Using Components with Known Vulnerabilities
[ ] Insufficient Logging & Monitoring

API Security

[ ] Authentication mechanisms
[ ] Authorization checks
[ ] Rate limiting
[ ] Input validation
[ ] Error handling
[ ] Security headers

Quality Gates

[ ] All planned tests executed
[ ] Vulnerabilities documented
[ ] Proof of concepts captured
[ ] Risk assessments completed
[ ] Remediation steps provided
[ ] Report generated

Related Workflow Bundles

development - Secure development practices
wordpress - WordPress security
cloud-devops - Cloud security
testing-qa - Security testing

Related Skills

davila7/zapier-make-patterns

tools

VerifiedTrustedCommunity

No-code automation democratizes workflow building. Zapier and Make (formerly Integromat) let non-developers automate business processes without writing code. But no-code doesn't mean no-complexity - these platforms have their own patterns, pitfalls, and breaking points. This skill covers when to use which platform, how to build reliable automations, and when to graduate to code-based solutions. Key insight: Zapier optimizes for simplicity and integrations (7000+ apps), Make optimizes for power

24,615SKILL.mdUpdated Apr 15, 2026

davila7/zapier-make-patterns

davila7/yeet

tools

VerifiedTrustedCommunity

Use only when the user explicitly asks to stage, commit, push, and open a GitHub pull request in one flow using the GitHub CLI (`gh`).

24,615SKILL.mdUpdated Apr 15, 2026

davila7/workflow-automation

tools

VerifiedTrustedCommunity

Workflow automation is the infrastructure that makes AI agents reliable. Without durable execution, a network hiccup during a 10-step payment flow means lost money and angry customers. With it, workflows resume exactly where they left off. This skill covers the platforms (n8n, Temporal, Inngest) and patterns (sequential, parallel, orchestrator-worker) that turn brittle scripts into production-grade automation. Key insight: The platforms make different tradeoffs. n8n optimizes for accessibility

24,615SKILL.mdUpdated Apr 15, 2026

davila7/workflow-automation

davila7/trigger-dev

development

VerifiedTrustedCommunity

Trigger.dev expert for background jobs, AI workflows, and reliable async execution with excellent developer experience and TypeScript-first design. Use when: trigger.dev, trigger dev, background task, ai background job, long running task.

24,615SKILL.mdUpdated Apr 15, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/davila7/claude-code-templates.git

# Copy into Claude Code skills folder (global)
cp -r claude-code-templates/cli-tool/components/skills/security/security-audit ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

davila7/claude-code-templates

24,615 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT