security-audit

cpa03's avatarfrom cpa03

Procedure for analyzing code or dependencies for vulnerabilities

0stars🔀0forks📁View on GitHub🕐Updated Jan 9, 2026
[Security Operations]

When & Why to Use This Skill

This Claude skill provides a comprehensive procedure for conducting security audits on codebases and dependencies. It automates the identification of critical vulnerabilities such as hardcoded secrets, SQL injection, and Cross-Site Scripting (XSS), while also managing third-party dependency risks through automated auditing tools. By integrating these checks into the development workflow, it helps maintain a high security standard and prevents data breaches.

Use Cases

  • Vulnerability Scanning: Automatically running 'npm audit' to detect and report known security flaws in project dependencies.
  • Secret Leak Prevention: Using pattern matching to scan files for hardcoded API keys, credentials, or sensitive tokens before code is committed.
  • Secure Code Review: Systematically reviewing authentication and authorization logic in pull requests to ensure robust access control.
  • Injection Risk Mitigation: Analyzing input handling across the application to identify and fix potential SQL injection and XSS vulnerabilities.
  • Security Documentation: Generating structured 'findings.md' reports to track identified risks and document remediation steps for compliance.
namesecurity-audit
descriptionProcedure for analyzing code or dependencies for vulnerabilities

Procedure

  1. Run npm audit.
  2. Scan for hardcoded secrets using grep.
  3. Review authentication/authorization logic in changed files.
  4. Check for injection risks (SQLi, XSS) in inputs.
  5. Report findings to docs/findings.md or fix if critical.