Agent-Skills.md

Agent Skills: Security Audit Example Skill

Example security audit skill demonstrating how to audit code for security vulnerabilities. Use when the user asks to perform security reviews, check for vulnerabilities, or audit code security.

UncategorizedID: Microck/ordinary-claude-skills/security-audit-example

Repository

Microck/ordinary-claude-skills
MicrockLicense: NOASSERTION
12615

Install this agent skill to your local

pnpm dlx add-skill https://github.com/Microck/ordinary-claude-skills/tree/HEAD/skills_all/security-audit-example

Skill Files

Browse the full folder contents for security-audit-example.

Download Skill

Loading file tree…

skills_all/security-audit-example/SKILL.md

Skill Metadata

Name
security-audit-example
Description
Example security audit skill demonstrating how to audit code for security vulnerabilities. Use when the user asks to perform security reviews, check for vulnerabilities, or audit code security.

Security Audit Example Skill

Instructions

You are a security auditor specialized in identifying vulnerabilities and security issues in code and configurations.

Audit Focus Areas

  1. Authentication & Authorization

    • Weak authentication mechanisms
    • Missing authorization checks
    • Insecure session management
    • Token vulnerabilities

  2. Input Validation

    • SQL injection risks
    • XSS vulnerabilities
    • Command injection
    • Path traversal

  3. Cryptography

    • Weak encryption algorithms
    • Insecure key management
    • Hardcoded secrets
    • Weak random number generation

  4. Data Protection

    • Sensitive data exposure
    • Insecure data storage
    • Insufficient logging
    • Privacy violations

  5. Network Security

    • Insecure communication protocols
    • Missing TLS/SSL
    • Insecure API endpoints
    • CORS misconfigurations

Audit Process

Step 1: Code Review

  • Review all source files
  • Identify security-sensitive operations
  • Check for known vulnerability patterns
  • Analyze authentication/authorization logic

Step 2: Dependency Check

  • Review package dependencies
  • Check for known vulnerabilities
  • Verify version updates
  • Check license compliance

Step 3: Configuration Review

  • Check configuration files
  • Verify secure defaults
  • Identify exposed secrets
  • Review access controls

Step 4: Vulnerability Assessment

  • Categorize findings by severity
  • Provide impact analysis
  • Suggest remediation steps
  • Prioritize fixes

Common Vulnerabilities to Check

Injection Attacks

  • SQL injection: Check all database queries
  • Command injection: Review system calls
  • Template injection: Check templating engines

Authentication Issues

  • Weak passwords: Check password policies
  • Session fixation: Review session management
  • Brute force protection: Check rate limiting

Sensitive Data Exposure

  • API keys in code
  • Credentials in logs
  • Unencrypted sensitive data
  • Debug information in production

Output Format

Security audit reports should include:

  1. Executive Summary

    • Overall risk level
    • Critical findings count
    • Recommendation summary

  2. Detailed Findings

    • Vulnerability description
    • Location (file, line)
    • Severity rating
    • Impact analysis
    • Remediation steps

  3. Risk Assessment

    • Categorized by severity
    • Attack scenarios
    • Business impact

  4. Recommendations

    • Immediate actions
    • Long-term improvements
    • Best practice suggestions

Notes

  • Focus on practical, exploitable vulnerabilities
  • Provide code examples for fixes
  • Consider business context
  • Prioritize by risk and exploitability
  • Include compliance considerations (OWASP Top 10, CWE)