security-auditlisted

Use when reviewing code security, auditing dependencies for CVEs, checking configuration or secret security, assessing authentication and authorization patterns, identifying OWASP vulnerabilities (injection, XSS, CSRF), or addressing security concerns about implementations.
NewAbra/auto-co-meta · ★ 0 · AI & Automation · score 75

Install: claude install-skill NewAbra/auto-co-meta

# Security Audit Systematic security review for application code, dependencies, and configuration. **Not a replacement for professional penetration testing.** Identifies common vulnerabilities within scope of code review. ## Audit Types | Type | Focus | When to Use | |------|-------|-------------| | Code Review | OWASP Top 10, injection, auth | New features, PRs, suspicious code | | Dependency | CVEs, outdated packages | Before deploy, periodic, CI/CD | | Configuration | Secrets, permissions, hardening | Infrastructure changes, new envs | | Architecture | Attack surface, data flow | Design phase, major refactors | | API Security | Auth, authz, rate limiting | New endpoints, public APIs | ## When NOT to Use - **Designing new auth flows** — Use `api-design` for designing OAuth2/JWT endpoints from scratch - **Performance issues** — Use `performance-optimization` even if caused by auth overhead - **CI/CD pipeline security** — Use `ci-cd` for pipeline hardening (secret management, permissions) ## Key Principles - **Scope first** — Define audit area, depth, and constraints before scanning - **Classify severity** — Critical (24-48h), High (1 week), Medium (2-4 weeks), Low (backlog) - **Remediate or track** — Fix critical issues immediately, create ohno tasks for the rest - **No secrets in code** — Scan for hardcoded credentials, API keys, connection strings ## Quick Start Checklist 1. Define audit scope and type (code, dependency, config, architecture, API) 2. Run automate