Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

mtsbatalha/security-audit

Name: security-audit
Author: mtsbatalha

skills/security-audit/SKILL.md

npx skillsauth add mtsbatalha/antigravity-skills security-audit

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Security Auditing Workflow Bundle

Overview

Comprehensive security auditing workflow for web applications, APIs, and infrastructure. This bundle orchestrates skills for penetration testing, vulnerability assessment, security scanning, and remediation.

When to Use This Workflow

Use this workflow when:

Performing security audits on web applications
Testing API security
Conducting penetration tests
Scanning for vulnerabilities
Hardening application security
Compliance security assessments

Workflow Phases

Phase 1: Reconnaissance

Skills to Invoke

scanning-tools - Security scanning
shodan-reconnaissance - Shodan searches
top-web-vulnerabilities - OWASP Top 10

Actions

Identify target scope
Gather intelligence
Map attack surface
Identify technologies
Document findings

Copy-Paste Prompts

Use @scanning-tools to perform initial reconnaissance

Use @shodan-reconnaissance to find exposed services

Phase 2: Vulnerability Scanning

Skills to Invoke

vulnerability-scanner - Vulnerability analysis
security-scanning-security-sast - Static analysis
security-scanning-security-dependencies - Dependency scanning

Actions

Run automated scanners
Perform static analysis
Scan dependencies
Identify misconfigurations
Document vulnerabilities

Copy-Paste Prompts

Use @vulnerability-scanner to scan for OWASP Top 10 vulnerabilities

Use @security-scanning-security-dependencies to audit dependencies

Phase 3: Web Application Testing

Skills to Invoke

top-web-vulnerabilities - OWASP vulnerabilities
sql-injection-testing - SQL injection
xss-html-injection - XSS testing
broken-authentication - Authentication testing
idor-testing - IDOR testing
file-path-traversal - Path traversal
burp-suite-testing - Burp Suite testing

Actions

Test for injection flaws
Test authentication mechanisms
Test session management
Test access controls
Test input validation
Test security headers

Copy-Paste Prompts

Use @sql-injection-testing to test for SQL injection vulnerabilities

Use @xss-html-injection to test for cross-site scripting

Use @broken-authentication to test authentication security

Phase 4: API Security Testing

Skills to Invoke

api-fuzzing-bug-bounty - API fuzzing
api-security-best-practices - API security

Actions

Enumerate API endpoints
Test authentication/authorization
Test rate limiting
Test input validation
Test error handling
Document API vulnerabilities

Copy-Paste Prompts

Use @api-fuzzing-bug-bounty to fuzz API endpoints

Phase 5: Penetration Testing

Skills to Invoke

pentest-commands - Penetration testing commands
pentest-checklist - Pentest planning
ethical-hacking-methodology - Ethical hacking
metasploit-framework - Metasploit

Actions

Plan penetration test
Execute attack scenarios
Exploit vulnerabilities
Document proof of concept
Assess impact

Copy-Paste Prompts

Use @pentest-checklist to plan penetration test

Use @pentest-commands to execute penetration testing

Phase 6: Security Hardening

Skills to Invoke

security-scanning-security-hardening - Security hardening
auth-implementation-patterns - Authentication
api-security-best-practices - API security

Actions

Implement security controls
Configure security headers
Set up authentication
Implement authorization
Configure logging
Apply patches

Copy-Paste Prompts

Use @security-scanning-security-hardening to harden application security

Phase 7: Reporting

Skills to Invoke

reporting-standards - Security reporting

Actions

Document findings
Assess risk levels
Provide remediation steps
Create executive summary
Generate technical report

Security Testing Checklist

OWASP Top 10

[ ] Injection (SQL, NoSQL, OS, LDAP)
[ ] Broken Authentication
[ ] Sensitive Data Exposure
[ ] XML External Entities (XXE)
[ ] Broken Access Control
[ ] Security Misconfiguration
[ ] Cross-Site Scripting (XSS)
[ ] Insecure Deserialization
[ ] Using Components with Known Vulnerabilities
[ ] Insufficient Logging & Monitoring

API Security

[ ] Authentication mechanisms
[ ] Authorization checks
[ ] Rate limiting
[ ] Input validation
[ ] Error handling
[ ] Security headers

Quality Gates

[ ] All planned tests executed
[ ] Vulnerabilities documented
[ ] Proof of concepts captured
[ ] Risk assessments completed
[ ] Remediation steps provided
[ ] Report generated

Related Workflow Bundles

development - Secure development practices
wordpress - WordPress security
cloud-devops - Cloud security
testing-qa - Security testing

mtsbatalha/security-audit

skills/security-audit/SKILL.md

Comprehensive security auditing workflow covering web application testing, API security, penetration testing, vulnerability scanning, and security hardening.

development

Updated May 3, 2026

$ install --global

skillsauth

npx skillsauth add mtsbatalha/antigravity-skills security-audit

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 3, 2026, 7:18 AM1.4s1 file scanned

SKILL.md

name:: security-audit
description:: Comprehensive security auditing workflow covering web application testing, API security, penetration testing, vulnerability scanning, and security hardening.
category:: workflow-bundle
risk:: safe
source:: personal
date_added:: 2026-02-27

Security Auditing Workflow Bundle

Overview

When to Use This Workflow

Use this workflow when:

Performing security audits on web applications
Testing API security
Conducting penetration tests
Scanning for vulnerabilities
Hardening application security
Compliance security assessments

Workflow Phases

Phase 1: Reconnaissance

Skills to Invoke

scanning-tools - Security scanning
shodan-reconnaissance - Shodan searches
top-web-vulnerabilities - OWASP Top 10

Actions

Identify target scope
Gather intelligence
Map attack surface
Identify technologies
Document findings

Copy-Paste Prompts

Use @scanning-tools to perform initial reconnaissance

Use @shodan-reconnaissance to find exposed services

Phase 2: Vulnerability Scanning

Skills to Invoke

vulnerability-scanner - Vulnerability analysis
security-scanning-security-sast - Static analysis
security-scanning-security-dependencies - Dependency scanning

Actions

Run automated scanners
Perform static analysis
Scan dependencies
Identify misconfigurations
Document vulnerabilities

Copy-Paste Prompts

Use @vulnerability-scanner to scan for OWASP Top 10 vulnerabilities

Use @security-scanning-security-dependencies to audit dependencies

Phase 3: Web Application Testing

Skills to Invoke

top-web-vulnerabilities - OWASP vulnerabilities
sql-injection-testing - SQL injection
xss-html-injection - XSS testing
broken-authentication - Authentication testing
idor-testing - IDOR testing
file-path-traversal - Path traversal
burp-suite-testing - Burp Suite testing

Actions

Test for injection flaws
Test authentication mechanisms
Test session management
Test access controls
Test input validation
Test security headers

Copy-Paste Prompts

Use @sql-injection-testing to test for SQL injection vulnerabilities

Use @xss-html-injection to test for cross-site scripting

Use @broken-authentication to test authentication security

Phase 4: API Security Testing

Skills to Invoke

api-fuzzing-bug-bounty - API fuzzing
api-security-best-practices - API security

Actions

Enumerate API endpoints
Test authentication/authorization
Test rate limiting
Test input validation
Test error handling
Document API vulnerabilities

Copy-Paste Prompts

Use @api-fuzzing-bug-bounty to fuzz API endpoints

Phase 5: Penetration Testing

Skills to Invoke

pentest-commands - Penetration testing commands
pentest-checklist - Pentest planning
ethical-hacking-methodology - Ethical hacking
metasploit-framework - Metasploit

Actions

Plan penetration test
Execute attack scenarios
Exploit vulnerabilities
Document proof of concept
Assess impact

Copy-Paste Prompts

Use @pentest-checklist to plan penetration test

Use @pentest-commands to execute penetration testing

Phase 6: Security Hardening

Skills to Invoke

security-scanning-security-hardening - Security hardening
auth-implementation-patterns - Authentication
api-security-best-practices - API security

Actions

Implement security controls
Configure security headers
Set up authentication
Implement authorization
Configure logging
Apply patches

Copy-Paste Prompts

Use @security-scanning-security-hardening to harden application security

Phase 7: Reporting

Skills to Invoke

reporting-standards - Security reporting

Actions

Document findings
Assess risk levels
Provide remediation steps
Create executive summary
Generate technical report

Security Testing Checklist

OWASP Top 10

[ ] Injection (SQL, NoSQL, OS, LDAP)
[ ] Broken Authentication
[ ] Sensitive Data Exposure
[ ] XML External Entities (XXE)
[ ] Broken Access Control
[ ] Security Misconfiguration
[ ] Cross-Site Scripting (XSS)
[ ] Insecure Deserialization
[ ] Using Components with Known Vulnerabilities
[ ] Insufficient Logging & Monitoring

API Security

[ ] Authentication mechanisms
[ ] Authorization checks
[ ] Rate limiting
[ ] Input validation
[ ] Error handling
[ ] Security headers

Quality Gates

[ ] All planned tests executed
[ ] Vulnerabilities documented
[ ] Proof of concepts captured
[ ] Risk assessments completed
[ ] Remediation steps provided
[ ] Report generated

Related Workflow Bundles

development - Secure development practices
wordpress - WordPress security
cloud-devops - Cloud security
testing-qa - Security testing

Related Skills

mtsbatalha/zustand-store-ts

development

VerifiedTrustedCommunity

Create Zustand stores with TypeScript, subscribeWithSelector middleware, and proper state/action separation. Use when building React state management, creating global stores, or implementing reacti...

SKILL.mdUpdated May 11, 2026

mtsbatalha/zustand-store-ts

mtsbatalha/zoom-automation

tools

VerifiedTrustedCommunity

Automate Zoom meeting creation, management, recordings, webinars, and participant tracking via Rube MCP (Composio). Always search tools first for current schemas.

SKILL.mdUpdated May 11, 2026

mtsbatalha/zoom-automation

mtsbatalha/zoho-crm-automation

tools

VerifiedTrustedCommunity

Automate Zoho CRM tasks via Rube MCP (Composio): create/update records, search contacts, manage leads, and convert leads. Always search tools first for current schemas.

SKILL.mdUpdated May 11, 2026

mtsbatalha/zoho-crm-automation

mtsbatalha/zendesk-automation

tools

VerifiedTrustedCommunity

Automate Zendesk tasks via Rube MCP (Composio): tickets, users, organizations, replies. Always search tools first for current schemas.

SKILL.mdUpdated May 11, 2026

mtsbatalha/zendesk-automation

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/mtsbatalha/antigravity-skills.git

# Copy into Claude Code skills folder (global)
cp -r antigravity-skills/skills/security-audit ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

mtsbatalha/antigravity-skills

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT