askill
security-audit

security-auditSafety 90Repository

Use when reviewing code security, auditing dependencies for CVEs, checking configuration or secret security, assessing authentication and authorization patterns, identifying OWASP vulnerabilities (injection, XSS, CSRF), or addressing security concerns about implementations.

security-auditKuaaMU
1 stars
1.2k downloads
Updated 2/15/2026

Package Files

Loading files...
SKILL.md

Security Audit

Systematic security review for application code, dependencies, and configuration.

Not a replacement for professional penetration testing. Identifies common vulnerabilities within scope of code review.

Audit Types

TypeFocusWhen to Use
Code ReviewOWASP Top 10, injection, authNew features, PRs, suspicious code
DependencyCVEs, outdated packagesBefore deploy, periodic, CI/CD
ConfigurationSecrets, permissions, hardeningInfrastructure changes, new envs
ArchitectureAttack surface, data flowDesign phase, major refactors
API SecurityAuth, authz, rate limitingNew endpoints, public APIs

When NOT to Use

  • Designing new auth flows — Use api-design for designing OAuth2/JWT endpoints from scratch
  • Performance issues — Use performance-optimization even if caused by auth overhead
  • CI/CD pipeline security — Use ci-cd for pipeline hardening (secret management, permissions)

Key Principles

  • Scope first — Define audit area, depth, and constraints before scanning
  • Classify severity — Critical (24-48h), High (1 week), Medium (2-4 weeks), Low (backlog)
  • Remediate or track — Fix critical issues immediately, create ohno tasks for the rest
  • No secrets in code — Scan for hardcoded credentials, API keys, connection strings

Quick Start Checklist

  1. Define audit scope and type (code, dependency, config, architecture, API)
  2. Run automated scans (npm audit, grep patterns, secret detection)
  3. Review findings and classify severity using decision tree in references
  4. Remediate critical/high findings immediately
  5. Create ohno tasks for medium/low findings with appropriate priority
  6. Document findings in audit report

References

ReferenceDescription
owasp-top-10.mdOWASP vulnerabilities with detection and fixes
dependency-security.mdnpm audit, pip-audit, Snyk, CI/CD integration
auth-patterns.mdSecure authentication and authorization patterns
api-security.mdAPI-specific security concerns
secrets-management.mdHandling sensitive configuration

Install

Download ZIP
Requires askill CLI v1.0+

AI Quality Score

82/100Analyzed 3/27/2026

Well-structured security audit skill with clear when-to-use guidance, organized audit types table, key principles, and actionable 6-step checklist. Tags and agent specification enhance discoverability. References external docs for deeper details. Minor internal signal from agent name but content is broadly reusable.

90
85
80
75
80

Metadata

Licenseunknown
Version-
Updated2/15/2026
PublisherKuaaMU

Tags

apici-cdsecurity