Security Auditor Skill

Automatic security vulnerability detection.

When I Activate

✅ Code files modified (especially auth, API, database)
✅ User mentions security or vulnerabilities
✅ Before deployments or commits
✅ Dependency changes
✅ Configuration file changes

What I Scan For

OWASP Top 10 Patterns

1. SQL Injection

javascript

// CRITICAL: SQL injection
const query = `SELECT * FROM users WHERE id = ${userId}`;

// SECURE: Parameterized query
const query = 'SELECT * FROM users WHERE id = ?';
db.query(query, [userId]);

2. XSS (Cross-Site Scripting)

javascript

// CRITICAL: XSS vulnerability
element.innerHTML = userInput;

// SECURE: Use textContent or sanitize
element.textContent = userInput;
// or
element.innerHTML = DOMPurify.sanitize(userInput);

3. Authentication Issues

javascript

// CRITICAL: Weak JWT secret
const token = jwt.sign(payload, 'secret123');

// SECURE: Strong secret from environment
const token = jwt.sign(payload, process.env.JWT_SECRET);

4. Sensitive Data Exposure

python

# CRITICAL: Exposed password
password = "admin123"

# SECURE: Environment variable
password = os.getenv("DB_PASSWORD")

5. Broken Access Control

javascript

// CRITICAL: No authorization check
app.delete('/api/users/:id', (req, res) => {
  User.delete(req.params.id);
});

// SECURE: Authorization check
app.delete('/api/users/:id', auth, checkOwnership, (req, res) => {
  User.delete(req.params.id);
});

Additional Security Checks

Insecure Deserialization
Security Misconfiguration
Insufficient Logging
CSRF Protection Missing
CORS Misconfiguration

Alert Format

🚨 CRITICAL: [Vulnerability type]
📍 Location: file.js:42
🔧 Fix: [Specific remediation]
📖 Reference: [OWASP/CWE link]

Severity Levels

🚨 CRITICAL: Must fix immediately (exploitable vulnerabilities)
⚠️ HIGH: Should fix soon (security weaknesses)
📋 MEDIUM: Consider fixing (potential issues)
💡 LOW: Best practice improvements

Real-World Examples

SQL Injection Detection

javascript

// You write:
app.get('/users', (req, res) => {
  const sql = `SELECT * FROM users WHERE name = '${req.query.name}'`;
  db.query(sql, (err, results) => res.json(results));
});

// I alert:
🚨 CRITICAL: SQL injection vulnerability (line 2)
📍 File: routes/users.js, Line 2
🔧 Fix: Use parameterized queries
  const sql = 'SELECT * FROM users WHERE name = ?';
  db.query(sql, [req.query.name], ...);
📖 https://owasp.org/www-community/attacks/SQL_Injection

Password Storage

python

# You write:
def create_user(username, password):
    user = User(username=username, password=password)
    user.save()

# I alert:
🚨 CRITICAL: Storing plain text password (line 2)
📍 File: models.py, Line 2
🔧 Fix: Hash passwords before storing
  from bcrypt import hashpw, gensalt
  hashed = hashpw(password.encode(), gensalt())
  user = User(username=username, password=hashed)
📖 Use bcrypt, scrypt, or argon2 for password hashing

API Key Exposure

javascript

// You write:
const stripe = require('stripe')('sk_live_abc123...');

// I alert:
🚨 CRITICAL: Hardcoded API key detected (line 1)
📍 File: payment.js, Line 1
🔧 Fix: Use environment variables
  const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);
📖 Never commit API keys to version control

Dependency Scanning

I can run security audits on dependencies:

bash

# Node.js
npm audit

# Python
pip-audit

# Results flagged with severity

Relationship with @code-reviewer Sub-Agent

Me (Skill): Quick vulnerability pattern detection @code-reviewer (Sub-Agent): Deep security audit with threat modeling

Workflow

I detect vulnerability pattern
I flag: "🚨 SQL injection detected"
You want full analysis → Invoke @code-reviewer sub-agent
Sub-agent provides comprehensive security audit

Common Vulnerability Patterns

Authentication

Weak password policies
Missing MFA
Session fixation
Insecure password storage

Authorization

Missing access control
Privilege escalation
IDOR (Insecure Direct Object Reference)

Data Protection

Unencrypted sensitive data
Weak encryption algorithms
Missing HTTPS
Insecure cookies

Input Validation

SQL injection
Command injection
XSS
Path traversal

Sandboxing Compatibility

Works without sandboxing: ✅ Yes Works with sandboxing: ✅ Yes

Optional: For dependency scanning

json

{
  "network": {
    "allowedDomains": [
      "registry.npmjs.org",
      "pypi.org",
      "api.github.com"
    ]
  }
}

Integration with Tools

With secret-scanner Skill

security-auditor: Checks code patterns
secret-scanner: Checks for exposed secrets
Together: Comprehensive security coverage

With /review Command

bash

/review --scope staged --checks security

# Workflow:
# 1. My automatic security findings
# 2. @code-reviewer sub-agent deep audit
# 3. Comprehensive security report

Customization

Add company-specific security patterns:

bash

cp -r ~/.claude/skills/security/security-auditor \
      ~/.claude/skills/security/company-security-auditor

# Edit SKILL.md to add:
# - Internal API patterns
# - Company security policies
# - Custom vulnerability checks

Learn More

OWASP Top 10
CWE Top 25
Security Best Practices

security-auditor

NPX Install

Tags

SKILL.md Content

Security Auditor Skill

When I Activate

What I Scan For

OWASP Top 10 Patterns

Additional Security Checks

Alert Format

Severity Levels

Real-World Examples

SQL Injection Detection

Password Storage

API Key Exposure

Dependency Scanning

Relationship with @code-reviewer Sub-Agent

Workflow

Common Vulnerability Patterns

Authentication

Authorization

Data Protection

Input Validation

Sandboxing Compatibility

Integration with Tools

With secret-scanner Skill

With /review Command

Customization

Learn More