Security Auditor Skill Automatic security vulnerability detection. When I Activate ✅ Code files modified (especially auth, API, database) ✅ User mentions security or vulnerabilities ✅ Before deployments or commits ✅ Dependency changes ✅ Configuration file changes What I Scan For OWASP Top 10 Patterns 1. SQL Injection // CRITICAL: SQL injection const query = SELECT * FROM users WHERE id = ${ userId } ; // SECURE: Parameterized query const query = 'SELECT * FROM users WHERE id = ?' ; db . query ( query , [ userId ] ) ; 2. XSS (Cross-Site Scripting) // CRITICAL: XSS vulnerability element . innerHTML = userInput ; // SECURE: Use textContent or sanitize element . textContent = userInput ; // or element . innerHTML = DOMPurify . sanitize ( userInput ) ; 3. Authentication Issues // CRITICAL: Weak JWT secret const token = jwt . sign ( payload , 'secret123' ) ; // SECURE: Strong secret from environment const token = jwt . sign ( payload , process . env . JWT_SECRET ) ; 4. Sensitive Data Exposure

CRITICAL: Exposed password

password

"admin123"

SECURE: Environment variable

password

os

.

getenv

(

"DB_PASSWORD"

)

5. Broken Access Control

// CRITICAL: No authorization check

app

.

delete

(

'/api/users/:id'

,

(

req

,

res

)

=>

{

User

.

delete

(

req

.

params

.

id

)

;

}

)

;

// SECURE: Authorization check

app

.

delete

(

'/api/users/:id'

,

auth

,

checkOwnership

,

(

req

,

res

)

=>

{

User

.

delete

(

req

.

params

.

id

)

;

}

)

;

Additional Security Checks

Insecure Deserialization

Security Misconfiguration

Insufficient Logging

CSRF Protection Missing

CORS Misconfiguration

Alert Format

🚨 CRITICAL: [Vulnerability type]

📍 Location: file.js:42

🔧 Fix: [Specific remediation]

📖 Reference: [OWASP/CWE link]

Severity Levels

🚨

CRITICAL

Must fix immediately (exploitable vulnerabilities)

⚠️

HIGH

Should fix soon (security weaknesses)

📋

MEDIUM

Consider fixing (potential issues)
💡
LOW: Best practice improvements Real-World Examples SQL Injection Detection // You write: app . get ( '/users' , ( req , res ) => { const sql = SELECT * FROM users WHERE name = ' ${ req . query . name } ' ; db . query ( sql , ( err , results ) => res . json ( results ) ) ; } ) ; // I alert: 🚨 CRITICAL : SQL injection vulnerability ( line 2 ) 📍 File : routes / users . js , Line 2 🔧 Fix : Use parameterized queries const sql = 'SELECT * FROM users WHERE name = ?' ; db . query ( sql , [ req . query . name ] , ... ) ; 📖 https : / / owasp . org / www - community / attacks / SQL_Injection Password Storage

You write:

def create_user ( username , password ) : user = User ( username = username , password = password ) user . save ( )

I alert:

🚨 CRITICAL : Storing plain text password ( line 2 ) 📍 File : models . py , Line 2 🔧 Fix : Hash passwords before storing from bcrypt import hashpw , gensalt hashed = hashpw ( password . encode ( ) , gensalt ( ) ) user = User ( username = username , password = hashed ) 📖 Use bcrypt , scrypt , or argon2 for password hashing API Key Exposure // You write: const stripe = require ( 'stripe' ) ( 'sk_live_abc123...' ) ; // I alert: 🚨 CRITICAL : Hardcoded API key detected ( line 1 ) 📍 File : payment . js , Line 1 🔧 Fix : Use environment variables const stripe = require ( 'stripe' ) ( process . env . STRIPE_SECRET_KEY ) ; 📖 Never commit API keys to version control Dependency Scanning I can run security audits on dependencies:

Node.js

npm audit

Python

pip-audit

Results flagged with severity

Relationship with @code-reviewer Sub-Agent Me (Skill): Quick vulnerability pattern detection @code-reviewer (Sub-Agent): Deep security audit with threat modeling Workflow I detect vulnerability pattern I flag: "🚨 SQL injection detected" You want full analysis → Invoke @code-reviewer sub-agent Sub-agent provides comprehensive security audit Common Vulnerability Patterns Authentication Weak password policies Missing MFA Session fixation Insecure password storage Authorization Missing access control Privilege escalation IDOR (Insecure Direct Object Reference) Data Protection Unencrypted sensitive data Weak encryption algorithms Missing HTTPS Insecure cookies Input Validation SQL injection Command injection XSS Path traversal Sandboxing Compatibility Works without sandboxing: ✅ Yes Works with sandboxing: ✅ Yes Optional: For dependency scanning { "network" : { "allowedDomains" : [ "registry.npmjs.org" , "pypi.org" , "api.github.com" ] } } Integration with Tools With secret-scanner Skill security-auditor: Checks code patterns secret-scanner: Checks for exposed secrets Together: Comprehensive security coverage With /review Command /review --scope staged --checks security

Workflow:

1. My automatic security findings

2. @code-reviewer sub-agent deep audit

3. Comprehensive security report

Customization Add company-specific security patterns: cp -r ~/.claude/skills/security/security-auditor \ ~/.claude/skills/security/company-security-auditor

security-auditor

安装

CRITICAL: Exposed password

password

SECURE: Environment variable

password

You write:

I alert:

Node.js

Python

Results flagged with severity

Workflow:

1. My automatic security findings

2. @code-reviewer sub-agent deep audit

3. Comprehensive security report

Edit SKILL.md to add:

- Internal API patterns

- Company security policies

- Custom vulnerability checks