Agent-Skills.md

Agent Skills: Security Audit Skill

>

UncategorizedID: ruvnet/claude-flow/security-audit

Repository

ruvnet/claude-flow
ruvnetLicense: MIT
28,0463,058

Install this agent skill to your local

pnpm dlx add-skill https://github.com/ruvnet/ruflo/tree/HEAD/.agents/skills/security-audit

Skill Files

Browse the full folder contents for security-audit.

Download Skill

Loading file tree…

.agents/skills/security-audit/SKILL.md

Skill Metadata

Name
security-audit
Description
>

Security Audit Skill

Purpose

Comprehensive security scanning and vulnerability detection. Includes input validation, path traversal prevention, CVE detection, and secure coding pattern enforcement.

When to Trigger

  • authentication implementation
  • authorization logic
  • payment processing
  • user data handling
  • API endpoint creation
  • file upload handling
  • database queries
  • external API integration

When to Skip

  • read-only operations on public data
  • internal development tooling
  • static documentation
  • styling changes

Commands

Full Security Scan

Run comprehensive security analysis on the codebase

npx @claude-flow/cli security scan --depth full

Example:

npx @claude-flow/cli security scan --depth full --output security-report.json

Input Validation Check

Check for input validation issues

npx @claude-flow/cli security scan --check input-validation

Example:

npx @claude-flow/cli security scan --check input-validation --path ./src/api

Path Traversal Check

Check for path traversal vulnerabilities

npx @claude-flow/cli security scan --check path-traversal

SQL Injection Check

Check for SQL injection vulnerabilities

npx @claude-flow/cli security scan --check sql-injection

XSS Check

Check for cross-site scripting vulnerabilities

npx @claude-flow/cli security scan --check xss

CVE Scan

Scan dependencies for known CVEs

npx @claude-flow/cli security cve --scan

Example:

npx @claude-flow/cli security cve --scan --severity high

Security Audit Report

Generate full security audit report

npx @claude-flow/cli security audit --report

Example:

npx @claude-flow/cli security audit --report --format markdown --output SECURITY.md

Threat Modeling

Run threat modeling analysis

npx @claude-flow/cli security threats --analyze

Validate Secrets

Check for hardcoded secrets

npx @claude-flow/cli security validate --check secrets

Scripts

| Script | Path | Description | |--------|------|-------------| | security-scan | .agents/scripts/security-scan.sh | Run full security scan pipeline | | cve-remediate | .agents/scripts/cve-remediate.sh | Auto-remediate known CVEs |

References

| Document | Path | Description | |----------|------|-------------| | Security Checklist | docs/security-checklist.md | Security review checklist | | OWASP Guide | docs/owasp-top10.md | OWASP Top 10 mitigation guide |

Best Practices

  1. Check memory for existing patterns before starting
  2. Use hierarchical topology for coordination
  3. Store successful patterns after completion
  4. Document any new learnings