security-audit_skill

This skill performs a thorough security audit of codebases, identifying OWASP Top 10 issues and actionable remediation guidance.

26

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill charlesjones-dev/claude-code-plugins-dev --skill security-audit

  • SKILL.md26.7 KB

Overview

This skill performs a comprehensive security audit to identify vulnerabilities, OWASP Top 10 issues, and common security anti-patterns across your codebase. It guides developers with prioritized findings, concrete remediation examples, and a clear remediation roadmap to reduce risk and improve defensive controls.

How this skill works

The skill first verifies project security configuration and denial rules to avoid exposing sensitive files, then runs an automated, agent-driven security auditor that analyzes code, dependencies, architecture, and configurations. It produces a prioritized report with exact findings, file paths, line references, before/after remediation snippets, and an actionable roadmap for fixes.

When to use it

  • Before release or major deployments to catch regressions and high-risk issues
  • When adding or modifying authentication, authorization, or session code
  • During code review cycles for features that handle sensitive data or payments
  • After dependency updates or CI/CD pipeline changes to detect supply-chain risks
  • When investigating reported vulnerabilities or suspicious behavior in production

Best practices

  • Run the audit early in the development lifecycle and after major merges
  • Ensure project denial patterns and sensitive-file protections are configured before scanning
  • Prioritize fixes by severity (Critical → High → Medium → Low) and address exploitable issues first
  • Provide concrete before/after code examples and unit/integration tests for each remediation
  • Combine automated scans with manual review for business logic and complex auth flows

Example use cases

  • Detect SQL/NoSQL injection sources and convert vulnerable queries to parameterized statements
  • Find missing authorization checks that lead to IDOR or privilege escalation
  • Identify hardcoded secrets, insecure config values, and supply-chain risks in lockfiles
  • Assess API security gaps: rate limiting, excessive data exposure, and missing security headers
  • Review cryptographic usage to replace weak algorithms and enforce proper key management

FAQ

A prioritized security report with file paths, line references, concrete findings, before/after remediation examples, and a risk-based remediation roadmap.

Can I run this without changing project settings?

The skill checks your project denial configuration and will warn if protections are missing; you can continue the audit but configuring denial rules first is recommended for safer scans.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational