eliferjunior/security-audit
.claude/skills/security-audit/SKILL.md
Scans code for security vulnerabilities - OWASP Top 10, secrets, dependencies
development
Updated Apr 16, 2026
$ install --global
skillsauthnpx skillsauth add eliferjunior/Claude security-auditInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 17, 2026, 1:34 AM15.5s1 file scanned
SKILL.md
- name:
- security-audit
- description:
- Scans code for security vulnerabilities - OWASP Top 10, secrets, dependencies
When auditing security ($ARGUMENTS):
-
Scan for OWASP Top 10:
- Injection (SQL, NoSQL, command, LDAP)
- Broken authentication
- Sensitive data exposure
- XXE, XSS, CSRF
- Insecure deserialization
- Security misconfiguration
-
Check for secrets:
- Hardcoded API keys, tokens, passwords
- .env files committed to git
- Credentials in logs or error messages
-
Dependency audit:
- Run
npm auditor equivalent - Check for known CVEs
- Identify outdated packages
- Run
-
Code patterns:
- Input validation and sanitization
- Proper use of crypto/hashing
- Secure HTTP headers
- CORS configuration
- Rate limiting
-
Report findings with severity levels:
- CRITICAL: Immediate exploitation risk
- HIGH: Significant vulnerability
- MEDIUM: Potential risk under certain conditions
- LOW: Best practice improvement
Related Skills
eliferjunior/fireworks-ai
development
VerifiedTrustedCommunity
Expert guidance for Fireworks AI, the platform for running open-source LLMs (Llama, Mixtral, Qwen, etc.) with enterprise-grade speed and reliability. Helps developers integrate Fireworks' inference API, fine-tune models, and deploy custom model endpoints with function calling and structured output support.
SKILL.mdUpdated Apr 17, 2026
eliferjunior/firecrawl
development
VerifiedTrustedCommunity
Convert any website into clean, structured data with Firecrawl — API-first web scraping service. Use when someone asks to "turn a website into markdown", "scrape website for LLM", "Firecrawl", "extract website content as clean text", "crawl and convert to structured data", or "scrape website for RAG". Covers single-page scraping, full-site crawling, structured extraction, and LLM-ready output.
SKILL.mdUpdated Apr 16, 2026
eliferjunior/firebase
tools
VerifiedTrustedCommunity
Expert guidance for Firebase, Google's platform for building and scaling web and mobile applications. Helps developers set up authentication, Firestore/Realtime Database, Cloud Functions, hosting, storage, and analytics using Firebase's SDK and CLI.
SKILL.mdUpdated Apr 16, 2026
eliferjunior/file-upload-processor
development
VerifiedTrustedCommunity
When the user needs to build file upload functionality for a web application. Use when the user mentions "file upload," "image upload," "upload endpoint," "multipart upload," "presigned URL," "S3 upload," "file validation," "upload to cloud storage," or "accept user files." Handles upload endpoints, file validation (type, size, magic bytes), cloud storage integration, and upload status tracking. For image/video processing after upload, see media-transcoder.
SKILL.mdUpdated Apr 16, 2026