security-audit_skill

This skill performs comprehensive security audits and vulnerability scanning across dependencies, code, and secrets to harden deployments.
  • Shell

29

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill shunsukehayashi/miyabi-claude-plugins --skill security-audit

  • SKILL.md4.3 KB

Overview

This skill provides a comprehensive security audit and vulnerability scanning workflow for codebases, focusing on dependency CVEs, unsafe-code detection, and secret discovery. It combines prioritized tooling and repeatable patterns for full audits or quick CI checks to validate readiness before production deployment. The workflow emphasizes actionable remediation steps and clear severity-driven response timelines.

How this skill works

The skill runs a sequence of native security tools to inspect dependencies, enforce policy, detect unsafe code usage, and find secrets. Typical flows include a full audit (cargo audit, cargo deny, cargo geiger, gitleaks, supply-chain checks) or a shortened CI-friendly pipeline for fast feedback. Outputs are normalized into a concise result summary with pass/fail criteria and remediation recommendations.

When to use it

  • Before any production deployment or release
  • As part of CI pipelines for pull requests and merges
  • During routine security posture reviews or weekly audits
  • When responding to a reported CVE or supply-chain alert
  • Before accepting third-party dependencies or large merges

Best practices

  • Prioritize fixes by severity: immediate action for critical, 24 hours for high
  • Run a quick audit in CI (cargo audit && cargo deny check advisories) and a full audit on main branch
  • Treat any discovered secrets as compromised: rotate and purge from history
  • Keep advisory DBs and tool versions up to date before scans
  • Enforce deny.toml policies to fail builds on unacceptable licenses or vulnerabilities

Example use cases

  • Full pre-release security gate that halts deployment on critical findings
  • CI job that runs a 2–3 minute quick audit for each pull request
  • Incident response checklist when a new CVE is published against a dependency
  • Secrets leak detection across the repo with immediate token rotation steps
  • Policy enforcement for license and supply-chain constraints in a mono-repo

FAQ

Run dependency CVE checks (cargo audit) first, then policy enforcement (cargo deny), unsafe-code scanning (cargo geiger), secret detection (gitleaks), and optional supply-chain checks. This order surfaces immediate risks before deeper analysis.

What do I do if gitleaks or cargo audit finds a secret or vulnerability?

Treat secrets as compromised—rotate keys and remove them from the repo history. For vulnerabilities, follow severity timelines: stop deployment for critical, patch or mitigate high within 24 hours, and plan fixes for medium/low.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational