kendreaditya/security-audit
claude/skills/security-audit/SKILL.md
Comprehensive security scanning and vulnerability detection. Includes input validation, path traversal prevention, CVE detection, and secure coding pattern enforcement. Use when: authentication implementation, authorization logic, payment processing, user data handling, API endpoint creation, file upload handling, database queries, external API integration. Skip when: read-only operations on public data, internal development tooling, static documentation, styling changes.
tools
Updated Jun 12, 2026
$ install --global
skillsauthnpx skillsauth add kendreaditya/.config security-auditInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 12, 2026, 7:47 AM48.7s3 files scanned
SKILL.md
- name:
- security-audit
- description:
- >
- Use when:
- authentication implementation, authorization logic, payment processing, user data handling, API endpoint creation, file upload handling, database queries, external API integration.
- Skip when:
- read-only operations on public data, internal development tooling, static documentation, styling changes.
Security Audit Skill
Purpose
Comprehensive security scanning and vulnerability detection. Includes input validation, path traversal prevention, CVE detection, and secure coding pattern enforcement.
When to Trigger
- authentication implementation
- authorization logic
- payment processing
- user data handling
- API endpoint creation
- file upload handling
- database queries
- external API integration
When to Skip
- read-only operations on public data
- internal development tooling
- static documentation
- styling changes
Commands
Full Security Scan
Run comprehensive security analysis on the codebase
npx @claude-flow/cli security scan --depth full
Example:
npx @claude-flow/cli security scan --depth full --output security-report.json
Input Validation Check
Check for input validation issues
npx @claude-flow/cli security scan --check input-validation
Example:
npx @claude-flow/cli security scan --check input-validation --path ./src/api
Path Traversal Check
Check for path traversal vulnerabilities
npx @claude-flow/cli security scan --check path-traversal
SQL Injection Check
Check for SQL injection vulnerabilities
npx @claude-flow/cli security scan --check sql-injection
XSS Check
Check for cross-site scripting vulnerabilities
npx @claude-flow/cli security scan --check xss
CVE Scan
Scan dependencies for known CVEs
npx @claude-flow/cli security cve --scan
Example:
npx @claude-flow/cli security cve --scan --severity high
Security Audit Report
Generate full security audit report
npx @claude-flow/cli security audit --report
Example:
npx @claude-flow/cli security audit --report --format markdown --output SECURITY.md
Threat Modeling
Run threat modeling analysis
npx @claude-flow/cli security threats --analyze
Validate Secrets
Check for hardcoded secrets
npx @claude-flow/cli security validate --check secrets
Scripts
| Script | Path | Description |
|--------|------|-------------|
| security-scan | .agents/scripts/security-scan.sh | Run full security scan pipeline |
| cve-remediate | .agents/scripts/cve-remediate.sh | Auto-remediate known CVEs |
References
| Document | Path | Description |
|----------|------|-------------|
| Security Checklist | docs/security-checklist.md | Security review checklist |
| OWASP Guide | docs/owasp-top10.md | OWASP Top 10 mitigation guide |
Best Practices
- Check memory for existing patterns before starting
- Use hierarchical topology for coordination
- Store successful patterns after completion
- Document any new learnings
Related Skills
kendreaditya/test-coverage-advisor
testing
VerifiedTrustedCommunity
Reviews test coverage and suggests missing test cases for error paths, edge cases, and business logic. Activates when users write tests or implement new features.
SKILL.mdUpdated Jun 12, 2026
kendreaditya/tech-debt
development
VerifiedTrustedCommunity
Identify, categorize, and prioritize technical debt. Trigger with "tech debt", "technical debt audit", "what should we refactor", "code health", or when the user asks about code quality, refactoring priorities, or maintenance backlog.
SKILL.mdUpdated Jun 12, 2026
kendreaditya/performance-optimization
development
VerifiedTrustedCommunity
Optimizes application performance. Use when performance requirements exist, when you suspect performance regressions, or when Core Web Vitals or load times need improvement. Use when profiling reveals bottlenecks that need fixing.
SKILL.mdUpdated Jun 12, 2026
kendreaditya/legacy-modernization
development
VerifiedTrustedCommunity
Modernize legacy systems without rewriting from scratch. Use strangler fig, facade, and strategic refactoring.
SKILL.mdUpdated Jun 12, 2026