Security Audit Skill

Purpose

Comprehensive security scanning and vulnerability detection. Includes input validation, path traversal prevention, CVE detection, and secure coding pattern enforcement.

When to Trigger

authentication implementation
authorization logic
payment processing
user data handling
API endpoint creation
file upload handling
database queries
external API integration

When to Skip

read-only operations on public data
internal development tooling
static documentation
styling changes

Commands

Full Security Scan

Run comprehensive security analysis on the codebase

bash

npx @claude-flow/cli security scan --depth full

Example:

bash

npx @claude-flow/cli security scan --depth full --output security-report.json

Input Validation Check

Check for input validation issues

bash

npx @claude-flow/cli security scan --check input-validation

Example:

bash

npx @claude-flow/cli security scan --check input-validation --path ./src/api

Path Traversal Check

Check for path traversal vulnerabilities

bash

npx @claude-flow/cli security scan --check path-traversal

SQL Injection Check

Check for SQL injection vulnerabilities

bash

npx @claude-flow/cli security scan --check sql-injection

XSS Check

Check for cross-site scripting vulnerabilities

bash

npx @claude-flow/cli security scan --check xss

CVE Scan

Scan dependencies for known CVEs

bash

npx @claude-flow/cli security cve --scan

Example:

bash

npx @claude-flow/cli security cve --scan --severity high

Security Audit Report

Generate full security audit report

bash

npx @claude-flow/cli security audit --report

Example:

bash

npx @claude-flow/cli security audit --report --format markdown --output SECURITY.md

Threat Modeling

Run threat modeling analysis

bash

npx @claude-flow/cli security threats --analyze

Validate Secrets

Check for hardcoded secrets

bash

npx @claude-flow/cli security validate --check secrets

Scripts

Script	Path	Description
`security-scan`	`.agents/scripts/security-scan.sh`	Run full security scan pipeline
`cve-remediate`	`.agents/scripts/cve-remediate.sh`	Auto-remediate known CVEs

References

Document	Path	Description
`Security Checklist`	`docs/security-checklist.md`	Security review checklist
`OWASP Guide`	`docs/owasp-top10.md`	OWASP Top 10 mitigation guide

Best Practices

Check memory for existing patterns before starting
Use hierarchical topology for coordination
Store successful patterns after completion
Document any new learnings