nickcrew/workflow-security-audit
skills/workflow-security-audit/SKILL.md
Comprehensive security assessment and remediation. Use for security reviews, compliance checks, vulnerability assessments.
$ install --global
skillsauthnpx skillsauth add nickcrew/claude-ctx-plugin workflow-security-auditInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 15, 2026, 12:07 PM7.8s1 file scanned
SKILL.md
- name:
- workflow-security-audit
- description:
- Comprehensive security assessment and remediation. Use for security reviews, compliance checks, vulnerability assessments.
Security Audit Workflow
Comprehensive security assessment process.
Phase 1: Threat Assessment
Agents: security-auditor
Scope:
- Authentication & authorization
- Data protection
- API security
- Dependency vulnerabilities
- Infrastructure security
Output: Threat model, risk assessment, priority list
Phase 2: Automated Scanning
Agents: security-auditor
Tools to run:
- Dependency check (npm audit, pip-audit, cargo audit)
- Static analysis (semgrep, bandit, etc.)
- Secret scanning (trufflehog, gitleaks)
Output: Vulnerability report with severity ratings
Phase 3: Manual Code Review
Agents: security-auditor
Focus areas:
- Input validation
- Output encoding
- Authentication logic
- Authorization checks
- Cryptography usage
- Session management
Phase 4: Penetration Testing
Agents: security-auditor
Test for:
- SQL injection
- XSS attacks
- CSRF attacks
- Authentication bypass
- Privilege escalation
Phase 5: Remediation Planning
Agents: requirements-analyst
- Create fix tasks from vulnerability report
- Prioritize by severity
- Estimate timeline
- Allocate resources
Phase 6: Fix Implementation
Blocking: Validation required before proceeding
Phase 7: Security Validation
Agents: security-auditor
- Retest all identified vulnerabilities
- Regression checks
- Verify fixes don't introduce new issues
Phase 8: Documentation
Agents: technical-writer
- Security audit report
- Compliance documentation
- Security best practices guide
Phase 9: Compliance Check
Agents: security-auditor
Standards:
- OWASP Top 10
- GDPR (if applicable)
- SOC2 (if applicable)
- HIPAA (if applicable)
Success Criteria
- [ ] All critical vulnerabilities fixed
- [ ] All high vulnerabilities fixed
- [ ] Compliance requirements met
- [ ] Security tests pass
Severity Levels
| Level | Response Time | Examples | |-------|---------------|----------| | Critical | Immediate | RCE, auth bypass, data breach | | High | 24-48h | SQL injection, privilege escalation | | Medium | 1 week | XSS, CSRF, information disclosure | | Low | Next sprint | Best practice violations |
Related Skills
nickcrew/writing-skills
testing
VerifiedTrustedCommunity
Use when creating new skills, editing existing skills, or verifying skills work before deployment - applies TDD to process documentation by testing with subagents before writing, iterating until bulletproof against rationalization
15SKILL.mdUpdated Apr 15, 2026
nickcrew/workflow-performance
research
VerifiedTrustedCommunity
Systematic performance analysis and optimization. Use when things are slow, need optimization, or preparing for scale.
15SKILL.mdUpdated Apr 15, 2026
nickcrew/workflow-feature
development
VerifiedTrustedCommunity
Complete feature development workflow from design to deployment. Use when implementing new features or functionality.
15SKILL.mdUpdated Apr 15, 2026
nickcrew/workflow-feature-development
development
VerifiedTrustedCommunity
Complete workflow for developing new features from design to deployment. Use when starting a new feature, adding functionality, or building something new.
15SKILL.mdUpdated Apr 15, 2026